Date of Award

6-13-2013

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Kenneth M. Hopkinson, PhD.

Abstract

Demand for effective network defense capabilities continues to increase as cyber attacks occur more and more frequently and gain more and more prominence in the media. Current security practices stop after data encryption and network address filtering. Security at the lowest level of network infrastructure allows for greater control of how the network traffic flows around the network. This research details two methods for extending security practices to the physical layer of a network by modifying the network infrastructure. The first method adapts the Advanced Encryption Standard while the second method uses a Steiner tree. After the network connections are updated, the traffic is re-routed using an approximation algorithm to solve the resulting multicommodity flow problem. The results show that modifying the network connections provides additional security to the information. Additionally, this research extends on previous research by addressing enterprise-size networks; networks between 5 and 1000 nodes with 1 through 5 interfaces are tested. While the final configuration depends greatly on the starting network infrastructure, the speed of the execution time enables administrators to make infrastructure adjustments in response to active cyber attacks.

AFIT Designator

AFIT-ENG-13-J-04

DTIC Accession Number

ADA591600

Share

COinS