Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.

A module for managing communication among instrumentation and control devices associated with a system, and a method for using the module, enable interconnection of various devices across multiple network buses, and filtering of messages travelling between devices on disparate buses. Buses may be established wirelessly in addition to via wired connections. Additional devices may connect to a pluggable terminal interface integrated with the module. The terminal interface may connect to a configurable variety of interconnecting circuits appropriate for various types of terminal devices. An associated user interface may enable a user to configure various parameters pertaining to connected devices, including alerts to be issued when certain parameters exceed thresholds, and actions to be taken upon issuance of such alerts.

An inspection control unit (210) checks a communication status of a communication network (101, 102) to which one or more nodes are connected and determines, based on the communication status, whether inspection of the communication network is possible. When it is determined that inspection of the communication network is possible, the inspection control unit outputs a basic signal, which is a pulse signal for inspecting the communication network, to the communication network. An inspecting unit (220) accepts an inspection signal, which is a basic signal with a waveform changed by flowing through the communication network, and determines, based on the waveform of the inspection signal, whether a new node connected to the communication network is present.

Systems and methods for enabling Media Access Control Security (MACsec) at a MAC layer, according to IEEE 802.1AE, and extending MACsec are provided. An edge device, according to one implementation, includes one or more User-to-Network Interface (UNI) ports and a plurality of Network-to-Network Interface (NNI) ports. The edge device also includes a processing device and a memory device configured to store a computer program having instructions. The instructions, when executed, allow the processing device to provide network security on a Media Access Control (MAC) layer, the network security defined by the MAC Security (MACsec) protocol. The instructions also allow the processing device to provide network path protection by enabling packet routing over multiple paths via the plurality of NNI ports on a network layer.

A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.

A controller for an electric power distribution system includes processing circuitry and a memory that includes instructions. The instructions, when executed by the processing circuitry, are configured to cause the processing circuitry to determine that a first switch of the electric power distribution system is a primary switch communicatively coupled to an intelligent electronic device (IED) of the electric power distribution system, determine that a second switch of the electric power distribution system is a backup switch communicatively coupled to the IED, and distribute a first copy of a security association key (SAK) to the first switch and a second copy of the SAK to the second switch in response to determining that the first switch is the primary switch and the second switch is the backup switch to enable the first switch and the second switch to establish respective media access control security (MACsec) communication links with the IED.

A method of protecting WLAN Control Protocol (WLCP) message exchange between a Trusted WLAN Access Gateway (TWAG)(112) of a Trusted WLAN Access Network (TWAN)(110) and a User Equipment (UE)(101) are provided. The method comprises deriving, by an Authentication, Authorization, and Accounting, (AAA) Server(103) of an Evolved Packet Core (EPC) network which is interfaced with the TWAN, and by the UE, a Master Session Key (MSK) and an Extended MSK (EMSK), sending, from the AAA Server to a Trusted WLAN AAA Proxy (TWAP)(113) of the TWAN and an Access Point (AP)(111) of the TWAN, the MSK or a key derived from at least the MSK, and deriving, by the TWAN or by the AAA Server, and by the UE, from the MSK, the EMSK, or the key derived from at least the MSK or the EMSK, a key for protecting the WLCP message exchange.—Corresponding devices, computer programs, and computer program products are further provided.

A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

A method for physical layer secure transmission against an arbitrary number of eavesdropping antennas includes: S1: communication between legitimate transmitter Alice and legitimate receiver Bob is confirmed; S2: Alice randomly generates a key bit b.sub.k with M.sub.S bits, maps the key bit b.sub.k into a key symbol K, and performs an XOR on the key bit b.sub.k and to-be-transmitted confidential information b to obtain an encrypted bits b.sub.s; S3: Bob transmits a pilot sequence to Alice, and Alice calculates a candidate precoding space W and transmits modulated symbol streams s=(s.sub.1, . . , s.sub.N) by using precoding W(e); S4: Bob measures received signal strength of each antenna, estimates the corresponding antenna vector e, inversely maps the vector e to obtain key symbols and key bits, and demodulates the received symbol streams in sequence at each activated antenna to obtain demodulated ciphertext bits; S5: Bob performs an XOR on observed key bits and the demodulated ciphertext bits to obtain the confidential information.