Secure spanning tree protocol using network partitioning

Fan Yan; Kai Hau Yeung

Secure spanning tree protocol using network partitioning

Fan Yan, Kai Hau Yeung

Research output: Contribution to journal › Article › peer-review

Abstract

Ethernet networks rely on the spanning tree protocol (STP or IEEE 802.1D) to break loops. Recent research, however, shows that networks using STP are subjected to various kinds of attacks. This paper presents a modified STP to solve the security problems of conventional spanning tree protocol. A network using the modified STP is partitioned into many tiers. This prevents attadcs launched at a lower tier from affecting the high tiers of network. Implementations on the modified protocol are made on Linux-based computers and broadband routers. When tested on an experimental network, the implementations demonstrate the feasibility and compatibility of the modified protocol. The security performance of the modified protocol is studied and compared with that of the conventional STP under all known STP attacks. The results show significant reduction in number of affected switches under the Non-DoS STP attack when the modified STP is used. For DoS STP attacks, the CPU utilization of switches in handling STP topology changes can be reduced by many orders of magnitude when the modified STP is used.

Original language	English
Pages (from-to)	3457-3470
Number of pages	14
Journal	Information (Japan)
Volume	16
Issue number	6 A
Publication status	Published - 2013
Externally published	Yes

Keywords

Computer network security
Ethernet switching
Spanning tree protocols

Cite this

@article{9c6bcec8bd7749aa83116b253794cc25,

title = "Secure spanning tree protocol using network partitioning",

abstract = "Ethernet networks rely on the spanning tree protocol (STP or IEEE 802.1D) to break loops. Recent research, however, shows that networks using STP are subjected to various kinds of attacks. This paper presents a modified STP to solve the security problems of conventional spanning tree protocol. A network using the modified STP is partitioned into many tiers. This prevents attadcs launched at a lower tier from affecting the high tiers of network. Implementations on the modified protocol are made on Linux-based computers and broadband routers. When tested on an experimental network, the implementations demonstrate the feasibility and compatibility of the modified protocol. The security performance of the modified protocol is studied and compared with that of the conventional STP under all known STP attacks. The results show significant reduction in number of affected switches under the Non-DoS STP attack when the modified STP is used. For DoS STP attacks, the CPU utilization of switches in handling STP topology changes can be reduced by many orders of magnitude when the modified STP is used.",

keywords = "Computer network security, Ethernet switching, Spanning tree protocols",

author = "Fan Yan and Yeung, {Kai Hau}",

year = "2013",

language = "English",

volume = "16",

pages = "3457--3470",

number = "6 A",

}

TY - JOUR

T1 - Secure spanning tree protocol using network partitioning

AU - Yan, Fan

AU - Yeung, Kai Hau

PY - 2013

Y1 - 2013

N2 - Ethernet networks rely on the spanning tree protocol (STP or IEEE 802.1D) to break loops. Recent research, however, shows that networks using STP are subjected to various kinds of attacks. This paper presents a modified STP to solve the security problems of conventional spanning tree protocol. A network using the modified STP is partitioned into many tiers. This prevents attadcs launched at a lower tier from affecting the high tiers of network. Implementations on the modified protocol are made on Linux-based computers and broadband routers. When tested on an experimental network, the implementations demonstrate the feasibility and compatibility of the modified protocol. The security performance of the modified protocol is studied and compared with that of the conventional STP under all known STP attacks. The results show significant reduction in number of affected switches under the Non-DoS STP attack when the modified STP is used. For DoS STP attacks, the CPU utilization of switches in handling STP topology changes can be reduced by many orders of magnitude when the modified STP is used.

AB - Ethernet networks rely on the spanning tree protocol (STP or IEEE 802.1D) to break loops. Recent research, however, shows that networks using STP are subjected to various kinds of attacks. This paper presents a modified STP to solve the security problems of conventional spanning tree protocol. A network using the modified STP is partitioned into many tiers. This prevents attadcs launched at a lower tier from affecting the high tiers of network. Implementations on the modified protocol are made on Linux-based computers and broadband routers. When tested on an experimental network, the implementations demonstrate the feasibility and compatibility of the modified protocol. The security performance of the modified protocol is studied and compared with that of the conventional STP under all known STP attacks. The results show significant reduction in number of affected switches under the Non-DoS STP attack when the modified STP is used. For DoS STP attacks, the CPU utilization of switches in handling STP topology changes can be reduced by many orders of magnitude when the modified STP is used.

KW - Computer network security

KW - Ethernet switching

KW - Spanning tree protocols

UR - http://www.scopus.com/inward/record.url?scp=84880203459&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84880203459

SN - 1343-4500

VL - 16

SP - 3457

EP - 3470

JO - Information (Japan)

JF - Information (Japan)

IS - 6 A

ER -

Secure spanning tree protocol using network partitioning

Abstract

Keywords

Other files and links

Fingerprint

Cite this