- 期刊
乙太網路第二層安全(MACsec)技術之設計與實作
Design and Realization Issues of Ethernet Layer-2 Security
摘要
IEEE於2006年發佈了屬於Ethernet MAC Layer的安全加解密規範-IEEE STD802.1AE (MACsec),這是一種用於提高有線乙太網路連接安全性的第二層安全協議。MACsec可以用來確保網路分層架構第二層裡面端點之間資料的機密性與完整性,它所保護的是以節點間(hop-by-hop)所傳輸的資料,而目前針對IEEE STD802.1AE所需要的加密金鑰,有另一個制定中的金鑰管理標準IEEE P802.1X-Rev來給予。本篇論文將闡述關於這兩個標準在軟體以及硬體上的實作分工,以及溝通上的安全性與可能的難處和可行的解決辦法。
並列摘要
IEEE organization distributed a standard in 2006, known as IEEE STD 802.1AE (MACsec), which addresses security issues about how to encrypt and decrypt frames in Ethernet MAC Layer. This standard proposes a layer-2 security agreement to enhance the security of Ethernet using nowadays. MACsec is used to ensure the confidentiality and integrity of frames transmitted between peers, known as hop-by-hop architecture. There is another draft standard, IEEE P802.1 X-Rev, distributed recently, whose purpose is to do key agreement, and provides the keys for IEEE STD 802.1AE. This article will explain not only how to implement the two standards mentioned above in software and hardware, but also the problems and concerns we met during implementation.
延伸閱讀
- Chen, W. Z. (2008). 通訊協定與網路應用程式安全性驗證方法之研究 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2008.00991
- 陳志誠(2005)。在電子化公文環境中加強資訊安全之策略初探。檔案與微縮,(77),1-17。https://www.airitilibrary.com/Article/Detail?DocID=a0000489-200506-x-77-1-17-a
- Tung, T. Y. (2014). 行動資料安全管理之設計原則與實作 [doctoral dissertation, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2014.02268
- Xi, W., Wu, W., & Yang, C. Y. (2022). A Technical Review on Network Security Situation Awareness. International Journal of Network Security, 24(4), 671-680. https://doi.org/10.6633/IJNS.202207_24(4).09
- Tsai, S. T. (2022). Functional Analysis and Verification of Ethernet System Design [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU202201495