The IP protocol is the preferred data communication mechanism used nowadays. Data encapsulated using IP can be compromised if it is sent in clear text or without integrity protection, and even using known protocols to protect the confidentiality, integrity and authenticity of this data, the EtherType field of the Ethernet frames and the header of the IP packets in a wired Ethernet network still remain exposed opening possibilities for an attacker to gain knowledge of the network, cause a denial of service attack or steal information.
In this thesis, we propose a new protocol that protects the confidentiality, integrity and authenticity of the IP communication in a wired Ethernet network. This new protocol operates in the layer 2 of the OSI model, and for each Ethernet frame, it encapsulates the EtherType field and the entire IP packet into a new PDU structure that is partially encrypted. Integrity and authenticity are assured by an HMAC value or a digital signature calculated over the entire frame. We ran several tests to analyze the security characteristics and performance impact of our proposed solution; the results of these tests demonstrate that all traffic is effectively protected and that an attacker or eavesdropper wouldn't know the type of protocols, IP addresses or any other data travelling across the network. It is also demonstrated that under certain conditions, performance is not highly impacted and is feasible to protect the network communication with our new protocol.
Library of Congress Subject Headings
Ethernet (Local area network systems)--Security measures; Data transmission systems--Security measures
Networking and System Administration (MS)
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
Campillo Terrero, Reiner Augusto, "A Layer 2 Protocol to Protect the IP Communication in a Wired Ethernet Network" (2014). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus