Methods and apparatus for physical layer security of a network communications link
First Claim
1. A method of operating a communications port of a network communications device, comprising:
- maintaining capability information indicating that under normal operating conditions a communications link coupled to the communications port is capable of operating in a secure mode in which communications signals of the communications link are unintelligible to an intruder having an unauthorized physical connection to the communications link;
detecting occurrence of a link event of a type that can invoke an automatic communications-mode control mechanism to change the operating of the communications link to a non-secure mode in which communications signals of the communications link are intelligible to such an intruder; and
based on the capability information, responding to the detected occurrence of the link event by preventing the automatic communications mode control mechanism from changing the operating of the communications link to the non-secure mode.
1 Assignment
0 Petitions
Accused Products
Abstract
A communications port of a network communications device maintains capability information indicating that under normal operating conditions a communications link is capable of operating in a secure mode in which communications signals of the communications link are unintelligible to an intruder having an unauthorized physical connection (e.g. tap) to the communications link. During operation, the port detects occurrence of a link event of a type that can invoke an automatic communications-mode control mechanism to change the operating of the communications link to a non-secure mode in which communications signals of the communications link are intelligible to such an intruder. An example is Ethernet auto-negotiation which can change from relatively secure 1000BaseT signaling to relatively non-secure 10/100BaseT signaling. Based on the capability information, the port responds to the link event by preventing the automatic communications mode control mechanism from changing the operating of the communications link to the non-secure mode.
-
Citations
44 Claims
-
1. A method of operating a communications port of a network communications device, comprising:
-
maintaining capability information indicating that under normal operating conditions a communications link coupled to the communications port is capable of operating in a secure mode in which communications signals of the communications link are unintelligible to an intruder having an unauthorized physical connection to the communications link;
detecting occurrence of a link event of a type that can invoke an automatic communications-mode control mechanism to change the operating of the communications link to a non-secure mode in which communications signals of the communications link are intelligible to such an intruder; and
based on the capability information, responding to the detected occurrence of the link event by preventing the automatic communications mode control mechanism from changing the operating of the communications link to the non-secure mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of operating a powered communications port of a network communications device, comprising:
-
monitoring an actual amount of power delivered to a powered device via a communications link connected to the powered communications port;
maintaining information specifying an expected amount of power expected to be provided to the powered device via the communications link;
comparing the actual and expected amounts of power to determine whether there is a discrepancy indicating that an intruder may have established a power-draining unauthorized physical connection to the communications link; and
upon determining that there is such a discrepancy between the actual and expected amounts of power, initiating a security action to protect the communications link from unauthorized use by such an intruder. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A communications port of a network communications device, comprising:
-
a memory operative to maintain capability information indicating that under normal operating conditions a communications link coupled to the communications port is capable of operating in a secure mode in which communications signals of the communications link are unintelligible to an intruder having an unauthorized physical connection to the communications link; and
control circuitry and specialized physical-layer (PHY) circuitry co-operative (1) to detect occurrence of a link event of a type that can invoke an automatic communications-mode control mechanism to change the operating of the communications link to a non-secure mode in which communications signals of the communications link are intelligible to such an intruder, and (2) based on the capability information, to respond to the detected occurrence of the link event by preventing the automatic communications mode control mechanism from changing the operating of the communications link to the non-secure mode. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A powered communications port of a network communications device, comprising:
-
control circuitry; and
specialized physical-layer (PHY) circuitry;
the control circuitry and specialized physical-layer (PHY) circuitry being co-operative to;
monitor an actual amount of power delivered to a powered device via a communications link connected to the powered communications port;
maintain information specifying an expected amount of power expected to be provided to the powered device via the communications link;
compare the actual and expected amounts of power to determine whether there is a discrepancy indicating that an intruder may have established a power-draining unauthorized physical connection to the communications link; and
upon determining that there is such a discrepancy between the actual and expected amounts of power, initiate a security action to protect the communications link from unauthorized use by such an intruder. - View Dependent Claims (40, 41, 42, 43, 44)
-
Specification