MAC security entity for link security entity and transmitting and receiving method therefor
First Claim
1. An apparatus of media access control (MAC) security transmission comprising:
- a frame classifier distinguishing the type of a frame, and based on a logical link identifier (LLID) of the distinguished frame, determining whether or not the frame is a security link to which a security function is to be applied;
a bypass unit delaying a no-security-function frame so that a processing time for converting the security-function-applied frame classified in the frame classifier into an encrypted frame is the same as a processing time for the no-security-function frame; and
a parameter generation unit transmitting in relation to each of the LLIDs, a parameter set value, including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method for providing a security function of frames transmitted between optical network terminals (OLTs) and optical network units (ONUs) in an Ethernet passive optical network (EPON) providing media access control (MAC) services are provided. The apparatus includes: a frame classifier distinguishing the type of a frame, and based on the logical link identifier (LLID) of the distinguished frame, determining whether or not the frame is a security link to which a security function is to be applied; a bypass unit delaying a no-security-function frame so that a processing time for converting the security-function-applied frame classified in the frame classifier into an encrypted frame is the same as a time for processing the no-security-function frame; and a parameter generation unit transmitting in relation to each of the LLIDs, a parameter set value including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal.
91 Citations
20 Claims
-
1. An apparatus of media access control (MAC) security transmission comprising:
-
a frame classifier distinguishing the type of a frame, and based on a logical link identifier (LLID) of the distinguished frame, determining whether or not the frame is a security link to which a security function is to be applied;
a bypass unit delaying a no-security-function frame so that a processing time for converting the security-function-applied frame classified in the frame classifier into an encrypted frame is the same as a processing time for the no-security-function frame; and
a parameter generation unit transmitting in relation to each of the LLIDs, a parameter set value, including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal. - View Dependent Claims (2, 3)
-
-
4. An apparatus of a MAC security reception unit comprising:
-
a frame classifier determining based on the LLID value of a frame whether or not a security function is applied to the frame, determining based on the type value of the frame whether the frame is an encrypted frame or a non-encrypted plaintext frame, and processing a denial of service (DoS) attack frame based on a user-defined parameter value in relation to each frame;
a parameter verification unit transmitting a parameter set value used in the decryption and authentication of the frame;
a retransmission attack processing unit, if the frame corresponds to a retransmission attack frame, removing the frame based on the association number (AN) flag value of the frame; and
a bypass unit delaying the plaintext frame so that a processing time taken for decrypting the encrypted frame is the same as a time of processing the plaintext frame. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A MAC security apparatus comprising:
-
a MAC security transmission unit classifying a frame based on the LLID value and the type of the frame, generating a first parameter set for setting or canceling information indicating whether or not a security function is to be applied, in relation to the type of the frame based on the LLID, determining whether or not the security function is to be applied to the frame, and delaying a no-security-function frame so that a processing time for converting a security-function-applied frame into an encrypted frame is the same as a processing time for the no-security-function frame; and
a MAC security reception unit checking based on the LLID value whether or not an encryption mode of a frame is set, determining based on the type value of the frame whether the frame is an encrypted frame or a non-encrypted plaintext frame, processing a DoS attack frame in relation to each frame based on the frame type value, generating a second parameter set value used in the authentication and decryption of the frame, and delaying the plaintext frame so that a processing time taken for decrypting the encrypted frame is the same as a time for processing the plaintext frame. - View Dependent Claims (10, 11)
-
-
12. A frame transmission method in a MAC security transmission apparatus comprising:
-
determining based on the LLID value of a frame whether or not a security function is to be applied;
delaying a no-security-function frame so that a processing time for converting a security-function-applied frame into an encrypted frame is the same as a processing time for the no-security-function frame; and
in relation to each of the LLIDs, transmitting a parameter set value, including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal. - View Dependent Claims (13, 14)
-
-
15. A frame reception method in a MAC security reception apparatus comprising:
-
based on the LLID value of a frame, determining whether or not a security function is applied to the frame;
determining based on the type value of the frame whether the frame is an encrypted frame or non-encrypted plaintext frame, and processing a DoS attack frame based on a user-defined parameter value in relation to each frame;
transmitting a parameter set value used in the decryption and authentication of the frame;
based on the AN flag value of the frame, if the frame corresponds to a retransmission attack frame, removing the frame; and
delaying the plaintext frame so that a processing time taken for decrypting the encrypted frame is the same as a time for processing the plaintext frame. - View Dependent Claims (16)
-
-
17. A frame transmission and reception method in a MAC security apparatus comprising:
-
classifying a frame and determining whether or not a security function is applied, based on the LLID value and the type of the frame;
in relation to each of the LLIDs, transmitting a parameter set value, comprising a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal;
delaying the no-security-function frame so that a processing time for converting the security-function-applied frame into an encrypted frame is the same as a time for processing the no-security-function frame;
authentication decrypting or authenticating the frame;
based on the LLID value, determining whether or not an encryption mode is set in the frame;
determining based on the type value of the frame whether the frame is an encrypted frame or a non-encrypted plaintext frame, and processing a DoS attack frame in relation to each frame based on the frame type value;
delaying the plaintext frame so that a processing time taken for decrypting the encrypted frame is the same as a time for processing the plaintext frame; and
transmitting a second parameter set value used in the authentication and decryption of the frame. - View Dependent Claims (18, 19, 20)
-
Specification