Protecting Integrity and Confidentiality of Network Traffic with Media Access Control Security (MACsec)




Abdin, Zain

Journal Title

Journal ISSN

Volume Title



Networks have increasingly become subject to sophisticated attacks to either interrupt network services in the form of Denial of Service (DoS) attacks or to steal information in the form of Man-in-the-Middle (MITM) attacks. According to the IBM X-Force Threat Intelligence 2018 index, 35% of exploitation activities involved MITM attacks [4]. To prevent networks from attacks such as MITM and to protect data integrity and confidentiality, a security solution is required to provide seamless layer 2 encryption in Local Area Networks (LANs) and Wide Area Networks (WANs). Media Access Control Security (MACsec) secures an Ethernet link for traffic including Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), and other protocols that are not typically secured by other security solutions such as Internet Protocol Security (IPsec) which operates at layer 3 or Secure Socket Layer (SSL) which protects layer 7 of the Open System Interconnection (OSI) model. In this work, MACsec is implemented to secure LANs and WANs. Network performance analysis is performed to evaluate the impact of MACsec on network performance. MACsec is also used to protect networks against MITM attacks. Results are presented which show that MACsec successfully protects networks from MITM attacks and provides end-to-end encryption to protect network traffic.



MACsec, Integrity and confidentiality of network traffic, Protecting network traffic, Layer 2 encryption, Layer 2 security, Securing Ethernet links, Denial of service and man-in-the-middle attack, MAC spoofing, Network performance, Local Area Networks, Wide Area Networks, VLAN tag, Data integrity and authenticity