Implementation of IEEE 802.1X Port-based Authentication Mechanism for Ethernet

Implementation of IEEE 802.1X Port-based Authentication Mechanism for Ethernet

  IJCTT-book-cover
 		 International Journal of Computer Trends and Technology (IJCTT)          
 
© 2018 by IJCTT Journal
Volume-64 Number-1
Year of Publication : 2018
Authors : Shaleen Kachhara, Dr.Kakelli Anil Kumar
DOI :  10.14445/22312803/IJCTT-V64P105

MLA

MLA Style: Shaleen Kachhara, Dr.Kakelli Anil Kumar "Implementation of IEEE 802.1X Port-based Authentication Mechanism for Ethernet" International Journal of Computer Trends and Technology 64.1 (2018): 17-23.

APA Style:Shaleen Kachhara, Dr.Kakelli Anil Kumar (2018). Implementation of IEEE 802.1X Port-based Authentication Mechanism for Ethernet. International Journal of Computer Trends and Technology, 64(1), 17-23.

Abstract
We exploredsome mechanisms for securing corporate wired Ethernet, which are often more or less neglected. After a careful analysis of all possible solutions, we opted for IEEE 802.1X port based authentication mechanism. It uses radius server as an authentication server (on Windows Server 2012 r2) and Cisco switch as an authenticator. The main purpose of implementation of IEEE 802.1X is to restrict guest access to the LAN/wired network and authenticate only genuine users. Only the authenticated users have access to the network. The proposed mechanism monitors active users through centralized user access management using Microsoft Active Directory Servicesin Microsoft Server 2012 R2. The individual configurations of all the entities involved in the mechanism are discussed in detail to successfully deliver a pilot implementation of the protocol wherein one could debug all the errors and later deploy the same on a live network. By configuring the accounting tab on the Server Manager we will be able to keep track of all the users/employees activities on the organization`s network.

Reference
[1] Cisco, “Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25)EW - Understanding and Configuring VLANs [Cisco Catalyst 4500 Series Switches] - Cisco,” February 15, 2018, 2018.
[2] J. Loos and R. Caudle, “Implementing IEEE 802.1x for Wired Networks,” SANS Reading Room, 2014.
[3] G. López, O. Cánovas, A. F. Gómez, J. D. Jiménez, and R. Marín, “A network access control approach based on the AAA architecture and authorization attributes,” Journal of Network and Computer Applications, 2007.
[4] C. Rigney, A. Rubens,W. Simpson and S.Willens. RFC 2865: Remote Authentication Dial In User Service (RADIUS).
[5] I. Studnia, V. Nicomette, E. Alata, Y. Deswarte, M. Kaaniche, and Y. Laarouchi, “Survey on security threats and protection mechanisms in embedded automotive networks,” in Proceedings ofI. Conf. on Dependable Systems and Networks, 2013.
[6] K. Y. Park, Y. S. Kim, and J. Kim, “Security enhanced IEEE 802.1x authentication method for WLAN mobile router,” Advanced Communication Technology (ICACT), 2012 14th International Conference on, 2012.
[7] K. W. Kim, Y. H. Han, and S. G. Min, “An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks,” Sensors (Switzerland), 2017.
[8] A. E. Maslov, S. L. Katuntsev, and A. A. Maliavko, “Study and implementation of authentication mechanism by RADIUS-server in switches and routers using NETCONF protocol,” in International Conference of Young Specialists on Micro/Nanotechnologies and Electron Devices, EDM, 2017.
[9] Y. Y. Lu, Y. Yang, Z. H. Yin, and B. C. Yu, The research and design of campus network security development on Cisco AAA certification. 2013.
[10] Cisco, “OpenFlow,” in Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(5)E (Catalyst 2960-X Switches), 2017.
[11] D. Hannifin, N. J. Alpern, and J. Alpern, Microsoft Windows Server 2008 R2 Administrator?s Reference. 2010.
[12] E. Vyncke and C. Paggen, LAN switch security: what hackers know about your switches. 2008.
[13] Y. Zou, J. Zhu, X. Wang, and V. C. M. Leung, “Improving physical-layer security in wireless communications using diversity techniques,” IEEE Network, 2015.
[14] C. Rigney, “RFC 2866 - RADIUS Accounting,” Network Working Group, 2000.
[15] K. Y. Park, Y. S. Kim, and J. Kim, “Security enhanced IEEE 802.1x authentication method for WLAN mobile router,” Advanced Communication Technology (ICACT), 2012 14th International Conference, 2012.
[16] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz, “Rfc 3748,” Extensible Authentication Protocol (EAP), 2004.
[17] J. C. Chen and Y. P. Wang, “Extensible Authentication Protocol (EAP) and IEEE 802.1x: Tutorial and Empirical Experience,” IEEE Communications Magazine, 2005.
[18] X. Huang, S. Wijesekera, and D. Sharma, “Secure communication in 802.11 networks with a novel protocol using quantum cryptography,” in Proceedings 2010 4th International Conference on Network and System Security, NSS 2010, 2010.
[19] Md. Hashmathur Rehman, Dr.A. Govardhan T. Venkat Narayana Rao, “Design and Implementation of RADIUS, An Network Security Protocol”, Global Journal of Computer Science and Technology,Page 48, vol. 10, issue 7, 2010. [20] B. Shojaie, I. Saberi, and M. Salleh, “Enhancing EAP-TLS authentication protocol for IEEE 802.11i,” Wireless Networks, 2017.

Keywords
Authentication, IEEE-802.1X, Radius server, switch, Network security.