The wired local area network is generally a broadcast-type network, in which data sent by one node can be received by all the other nodes. Individual nodes on the network share the channel, which causes great potential safety hazard to the network. An attacker can capture all the data packets on the network as long as he/she accesses the network to monitor, and thus stealing important information.
The Local Area Network (LAN) defined according to the existing national standard does not provide the method for security access and data secrecy. The user can access the equipment and the resource in the LAN as long as he/she can access the LAN control equipment, such as the switch equipment in the LAN. This did not cause significant potential safety hazard in the application environment of the early-stage wired enterprise LAN; however, with the development of the network on a large scale, the requirement on the privacy of the information by the user is becoming higher and higher, and then it is necessary to realize data security in the data link layer.
In a wired LAN, IEEE realizes the security of the data link layer by performing security enhancement on IEEE 802.3. IEEE 802.1AE provides a data encryption protocol for protection of the Ethernet data, and realizes the safe transmission of information between network entities by employing a safety measure of hop-by-hop encryption. However, this safety measure, such as hop-by-hop encryption, requires that the switch device performs the processes of decryption, encryption and then transmission on each data packet to be transmitted, which undoubtedly brings heavy calculation load to the switch equipment in the LAN, and is prone to inducing attack on the switch equipment by an attacker; and the delay of transmitting a data packet from a sender to a receiver will be increased and the efficiency of network transmission is reduced.
In the wired LAN, there are always large amount of communication data between stations (STA) connected directly to the same switch device (SW), and the secrecy transmission of these communication data will always pass through the switch device. If the data packet passing through the switch device needs to be decrypted, encrypted and then transmitted, then not only the calculation load of the switch device and the delay of the network will be increased, but also the transmission efficiency of the network will be greatly induced.