The Design, Implementation, and Performance Evaluation of Secure Spanning Tree Protocols

Description

Ethernet networks reply on Spanning Tree Protocols (STP, IEEE 802.1D, 802.1w, and 802.1s) to provide fault tolerance. These protocols are now widely used in many production networks. Recent research, however, shows that these STP are subjected to various kinds of attacks. To address these problems, this research proposes to enhance the security of STP by a novel network partitioning approach. In this approach, a network running STP is partitioned into many tiers. Each tier consists of enhanced switches which on one hand send and receive the standard STP messages (to ensure cooperation with conventional Ethernet switches), and on the other hand run a set of enhanced STP operations. With the support of a City University's research grant, these enhanced switches have been implemented and tested in an experimental network. The results show that networks running the enhanced STP can stop all known attacks as reported in the literature. In this research, it is proposed to further extend the use of the approach to all STP including Rapid Spanning Tree Protocol, Multiple Spanning Tree Protocol, and STP for Metropolitan Area Ethernet. A complete design, implementation, and performance evaluation of these STP is proposed to be carried out in this project.