Advertisement

Design of Security Enforcement Engine for Active Nodes in Active Networks

  • Ji-Young Lim
  • Ok-kyeung Kim
  • Yeo-Jin Kim
  • Ga-Jin Na
  • Hyun-Jung Na
  • Kijoon Chae
  • Young-Soo Kim
  • Jung-Chan Na
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2662)

Abstract

Active networks are a new generation of networks based on a software-intensive network architecture in which applications are able to inject new strategies or code the infrastructure to their immediate needs. Therefore, the secure and safe active node architecture is needed to give the capability defending an active node against threats that may be more dynamic and powerful than those in traditional networks. To secure active networks, the security enforcement engine is proposed in this paper. We implemented our engine with security, authentication and authorization modules. Using this engine, it is possible that active networks are protected from threats of the malicious active node.

Keywords

Active Network Active Node Receive Packet Security Architecture Traditional Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Tennenhouse, D.L., et al.: A Survey of Active Network Research. IEEE Communications Magazine, 80–86 (January 1997)Google Scholar
  2. 2.
    Psounis, K.: Active Network: Applications, Security, Safety, and Architecture. IEEE Communications Serveys (1999)Google Scholar
  3. 3.
    Security Architecture for Active Nets by AN Security Working Group (1998); Modified by Seraphim Group (2000)Google Scholar
  4. 4.
    Campbell, R.H., et al.: Seraphim: Dynamic Interoperable Security Architecture for Active Networks. In: IEEE OPENARCH 2000, Tel-Aviv, Israel (March 2000)Google Scholar
  5. 5.
    Dang, L.: CANSA (Certificate Active Network Security Architecture). Basser Department of Computer Science, University of Sydney (1998)Google Scholar
  6. 6.
    Wood, M., et al.: Intrusion Detection Message Exchange Requirements:draftietf- idwg-requirements-10.txt, October 22 (2002)Google Scholar
  7. 7.
    Defense Advanced Research Projects Agency, http://www.darpa.mil/ato/programs/activenetworks/actnet.htm
  8. 8.
    Scot, A.D., et al.: Active Network Encapsulation Protocol (ANEP). Active Network Group Draft (July 1997)Google Scholar
  9. 9.
    Ellison, C., et al.: SPKI Certificate Theory: rfc2693.txt (September 1999)Google Scholar
  10. 10.
    Clifford Neuman, B., et al.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine 32(9), 33–38 (1994)CrossRefGoogle Scholar
  11. 11.
    Housley, R., et al.: Internet X.509 Public Key Infrastructure: X.509 Certificate and CRL Profile. RFC 2459 (January 1999)Google Scholar
  12. 12.
    Berson, S., et al.: Evolution of an Active Networks Testbed. Presentation at DARPA Active Networks Conference and Exposition 2002, San Francisco, CA, May 29-30 (2002)Google Scholar
  13. 13.
    Rivest, R.: The MD5 Message-Digest Algorithm. RFC 1321, MIT Laboratory for Computer Science and RSA Data Security, Inc. (April 1999)Google Scholar
  14. 14.
    ANSI X3.106-1983, American National Standard for Information Systems - Data Encryption Algorithm - Modes of Operation, American National Standards Institute (Approved May 16, 1983)Google Scholar
  15. 15.
    Mitchell, C.J., et al.: Digital signature. In: Contemporary Cryptology, The Science of Information Integrity, pp. 325–378. IEEE Press, Los Alamitos (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ji-Young Lim
    • 1
  • Ok-kyeung Kim
    • 1
  • Yeo-Jin Kim
    • 1
  • Ga-Jin Na
    • 1
  • Hyun-Jung Na
    • 1
  • Kijoon Chae
    • 1
  • Young-Soo Kim
    • 2
  • Jung-Chan Na
    • 2
  1. 1.Dept. of CSEEwha Womans UniversitySeoulKorea
  2. 2.Information Security Technology DivisionElectronics and Telecommunications Research InstituteDaejeonKorea

Personalised recommendations