Browse Prior Art Database

Security Implementation for Carrier-Sense Multiple Access/Collision Detection Communication Protocol

IP.com Disclosure Number: IPCOM000105935D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2005-Mar-20
Document File: 6 page(s) / 196K

Publishing Venue

IBM

Related People

Udupa, DKR: AUTHOR

Abstract

CSMA/CD stands for Carrier-Sense Multiple Access with Collision Detection. Here, changes are proposed to CSMA/CD protocol for adding security features. With these changes, selective use of security for CSMA/CD protocol is possible. This implementation is applicable wherever CSMA/CD is used.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 23% of the total text.

Security Implementation for Carrier-Sense Multiple Access/Collision Detection Communication Protocol

      CSMA/CD stands for Carrier-Sense Multiple Access with Collision
Detection.  Here, changes are proposed to CSMA/CD protocol for adding
security features.  With these changes, selective use of security for
CSMA/CD protocol is possible.  This implementation is applicable
wherever CSMA/CD is used.

      For this implementation to work, all stations in a network will
have to follow a general set of rules on security while transmitting
data.

      Security levels were assigned to each station in a network.
Here, only frames which have security levels matching or below a
security level will be processed.  As an example, if a station has a
security level of B (Fig. 1), it will process all the frames which
have security levels of B and below B.  Every station has to include
the security level in the frame, while it transmits.

      One station in a network will be designated as a system
administrator.  This station will control the whole range of security
operations in the network.  However, there should be a backup station
to take-up the role of system administrator if that station fails.

      To add flexibility to the security scheme, these securities
should be configurable.  As an example, it must be possible for a
system administrator to change the order of securities or add new
security levels to those given in Fig. 1.  There should also be a
default security table.

      While connecting different LAN networks and segments, there
should be an option to bypass this security implementation, as some
networks may not use this security implementation at all.  This
option has to be included in routers and bridges.  If there is no
security implementation, we will ignore the security related data and
adjust the length.  In those segments and LAN networks which do not
implement this security scheme, security level data has to be
suitably encrypted in routers and bridges to reduce the exposure of
security scheme.  However, if the next segment or LAN network has
security implementations, the length is adjusted again to take the
security implementation into consideration.

      The security implementation will be slightly different for
three types of frames (refer Fig. 2, Fig. 3, and Fig. 4) as shown.
Also, this will take care of the large base of existing applications.

      This security scheme is in addition to the password and
encryption of data to make data transmission secure.

      These securities levels are accommodated in one byte carved out
of data field.  One byte is sufficient for most applications.  The
Type field is available in both IEEE 802.2 Logical Link Control (LLC)
with Sub Network Address Protocol (SNAP) extension and Ethernet frame
format.

      In case of 802.2 LLC frame, two bytes for Type field values and
one byte for security level can be carved out of DATA fie...