802.1X, MACsec, and IPsec are widespread network security mechanisms that control network access and add encryption and authentication to L2 and L3 networking. They are standardized by IEEE and IETF, and are part of most open-source and commercial network hardware and software appliances. However, lots of manual configuration is needed for their application in traditional networks. In this work, we present P4sec, a three-tier control architecture for automated configuration of these security protocols in networks with multiple sites. P4sec leverages P4-programmable switches and operates them through distributed controllers. We briefly introduce data plane programming with P4 and give an overview of 802.1X, MACsec, and IPsec. We explain the three-tier control architecture P4sec and validate it by a prototype which is published under the Apache v2 license on GitHub. Finally, we discuss opportunities and challenges.
Full Text Finder