Multidomain Network Based on Programmable Networks: Security Architecture

  • Alarco, Bernardo (Department of Automatica, Universidad de Alcala) ;
  • Sedano, Marifeli (Department of Ingenieria de Sistemas Telematicos, Universidad Politecnica de Madrid) ;
  • Calderon, Maria (Department of Ingenieria Telematica, Universidad Carlos III de Madrid)
  • Received : 2005.04.08
  • Published : 2005.12.31

Abstract

This paper proposes a generic security architecture designed for a multidomain and multiservice network based on programmable networks. The multiservice network allows users of an IP network to run programmable services using programmable nodes located in the architecture of the network. The programmable nodes execute codes to process active packets, which can carry user data and control information. The multiservice network model defined here considers the more pragmatic trends in programmable networks. In this scenario, new security risks that do not appear in traditional IP networks become visible. These new risks are as a result of the execution of code in the programmable nodes and the processing of the active packets. The proposed security architecture is based on symmetric cryptography in the critical process, combined with an efficient manner of distributing the symmetric keys. Another important contribution has been to scale the security architecture to a multidomain scenario in a single and efficient way.

Keywords

References

  1. IEEE Network Special Issue on Active and Programmable Networks v.12 no.3 Introducing New Internet Services: Why and How Wetherall, D.;Legedza, U.;Guttag, J.
  2. IEEE Commun. Magazine no.Jan A Survey of Active Network Research Tennenhouse, D.L.;Smith, J.M.;Sincoskie, W.D.;Wetherall, D.J.;Minden, G.J.
  3. Towards Practical Programmable Packets, Technical Report MS-CIS-00-12 Moore, Jonathan T.;Nettles, Scott M.
  4. IEEE Commun. Magazine, Special Issue on Programmable Networks The IEEE P1520 Standards Initiative for Programmable Network Interfaces Biswas, J.;Lazar, A.;Mahjoub, S.;Pau, L.F.;Suzuki, M.;Torstensson, S.;Wang, W.;Weinstein, S.
  5. QoS Extensions to GSMP, OPENSIG draft, COMET Group Adam, Constantin M.;Lazar, Aurel A.;Nandikesan, Mahesan
  6. Int’l Software Eng. (ISE) Conf. Quality of Service Resource Management Using Enhanced General Switch Management Protocol Hariri, S.(et al.)
  7. draft-ietf-forces-requirements-08.txt IETF ForCES Working Group
  8. Architectural Framework for Active Networks AN Working Group
  9. OPENSIG 2000 Workshop A Gentle Introduction to the ABone Berson, Steve
  10. IST 1999-10504-GCAP project, Global Communication Architecture and Protocols for New QoS Services over IPv6
  11. D14?Overview FAIN Programmable Network and Management Architecture?Draft, Fain Project Deliverable Denazis, Spyros;Galis, Alex(eds.)
  12. Proc. QofIS/ICQT’02 Providing Authentication & Authorization Mechanisms for Active Service Charging Bagnulo, Marcelo;Alarcos, Bernardo;Calderon, Maria;Sedano, Marifeli
  13. IEEE Network, Special Issue on Active and Programmable Networks v.12 no.3 Secure Active Network Architecture: Realization in the SwitchWare Alexander, D.Scott ;Arbaugh, W.;Keromytis, A.;Smith, J.
  14. Security Architecture for Active Nets AN Security Working Group
  15. Active Network Security for the ABone;Document of the IST ARP Project Faber, T.;Braden, B.;Lindell, B.;Berson, S.;Bhaskar, K.
  16. Proc. OPENARCH’01 Strong Security for Active Networks Murphy, S.;Lewis, E.;Puga, R.;Watson, R.;Yee, R.
  17. Proc. OPENARCH’98 ANTS: A Toolkit for Building and Dynamically Deploying Networks Protocols Wetheral, David J.;Guttag, John;Tennenhouse, David
  18. Informatica Int’l J. of Computing and Informatics v.26 no.2 An Active Networks Security Architecture Savanovic, Arso;Gabrijelcic, Dusan;Blazic, Borka Jerman;Karnouskos, Stamatis
  19. Special Issue on Programmable Networks v.38 no.3 Securing Distributed Adaptation, Computer Networks Li, Jun ;Yarvis, Mark;Reiher, Peter
  20. Proc. IWAN’02 ROSA: Realistic Open Security Architecture for Active Networks Bagnulo, Marcelo;Alarcos, Bernardo;Calderon, Maria;Sedano, Marifeli
  21. Active Networks Protocol Specification for Hop-By-Hop Message Authentication and Integrity, ABone Draft: draftnodeos-security-00.txt Lindell, Bob
  22. The TLS Protocol Specification, version 1.0, IETF Std. RFC2246 Dierks, T.;Allen, C.
  23. IEEE 4th Int’l Workshop on Active Middleware Services A Practical Approach to Network-Based Processing Larrabeiti, D.;Calderon, M.;Azcorra, A.;Uruena, M.
  24. Proc. CSN’03 Performance Analysis of a Security Architecture for Active Networks in Java Alarcos, B.;de la Hoz, E.;Sedano, M.;Calderon, M.