Title :
A prototype framework for providing hop-by-hop security in an experimentally deployed active network
Author :
Krishnaswamy, Suresh ; Evans, Joseph B. ; Minden, Gary J.
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Kansas Univ., Lawrence, KS, USA
fDate :
6/24/1905 12:00:00 AM
Abstract :
Realizing large-scale active networks is heavily contingent upon addressing security concerns at the outset. Various approaches have been taken toward integrating security within an active node, each defining the mechanisms required to be in place within the node OS or the execution environment in order to provide security guarantees within the system. An acceptable short-term solution to security while deploying an active network in practical testbeds such as the Abone is to divide security concerns into two classes: hop-by-hop and end-to-end. This paper describes an architecture for setting up hop-by-hop packet authentication and integrity using non-active, "off-the-shelf" security components. The intent is for the framework to be generic enough to serve as an aid in securely deploying any new technology requiring mediated node-node security associations including, but not limited to active networks
Keywords :
computer network management; message authentication; packet switching; security of data; active node; execution environment; hop-by-hop security; large-scale active networks; network security; packet authentication; Authentication; Computer science; Computer security; Cryptography; Information security; Intelligent networks; Protection; Prototypes; Testing; Topology;
Conference_Titel :
DARPA Active NEtworks Conference and Exposition, 2002. Proceedings
Conference_Location :
San Francisco, CA
Print_ISBN :
0-7695-1564-9
DOI :
10.1109/DANCE.2002.1003495
