Article thumbnail
Location of Repository

End-to-end security in active networks

By I Brown


Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Publisher: University of London
Year: 2001
OAI identifier:
Provided by: UCL Discovery

Suggested articles


  1. (1998). A Bibliography of Quantum Cryptography. Available from,
  2. (1997). A Comparison of Mechanisms for Improving TCP Performance over Wireless Links.
  3. (1997). Active Networking and the End-to-End Argument.
  4. (1998). An Active Service Framework and its Application to Real-time Multimedia Transcoding.
  5. (1998). An Agent-based Approach to Real-time Multimedia Transmission over Heterogeneous Environments.
  6. (1995). An application level video gateway.
  7. (1997). An Architecture for Active Networking. Proc. High Performance Networking,W h i t eP l a i n s ,N Y ,
  8. (1998). An Architecture for Differentiated Services.
  9. (1997). Atomic Proxy Cryptography.
  10. (2000). Certificated and Overlapping Warrants, S.15.3 "safeguards" and domestic mass-surveillance. FIPR briefing note, available at,
  11. (1997). Chameleon – A New Kind of Stream Cipher.
  12. (2000). Cryptography and Liberty 2000: An International Survey of Encryption Policy.
  13. (1997). Distributed Mailing Lists. Work-in-progress, available from,
  14. (2000). Electronic commerce: who carries the risk of fraud?
  15. (2001). File-trading pressure mounts on ISPs.
  16. (1994). I-TCP: Indirect TCP for mobile hosts.
  17. (2000). ICMP Traceback Messages. IETF draft,
  18. (1995). Improving Reliable Transport and Handoff Performance in Cellular Wireless Networks.
  19. (2001). Intelligence Agencies debate.
  20. (2000). Judge Allows Delivery by E-Mail. Associated Press, available from, 24
  21. (1994). Liability and Computer Security: Nine Principles.
  22. (1995). Multicast-Specific Security Threats and CounterMeasures. The Internet Society
  23. (1999). Nark: Receiver-based Multicast Non-repudiation and Key Management.
  24. (2001). National Affairs. French Human Rights Group Sues ISPs Over Failure to Censor US-Based Hate Site. E-Commerce Law Daily,
  25. (2000). Of packets and people: a user-centered approach to quality of service.
  26. (1999). Permissive Action Links. Available at,
  27. (2001). Police go after Belgian Napster users. Available from,
  28. (1980). Preventing Software Piracy with Crypto-Microprocessors.
  29. (2000). Real Time Cryptanalysis of A5/1 on a PC.
  30. (1998). Reducing vulnerability to private key compromise. Available from,
  31. (1989). Requirements for Internet Hosts – Communication Layers.
  32. (1949). Scalable Multicast Key Distribution. RFC
  33. (2001). Security Engineering. Chicester:
  34. (1995). Session-Layer Encryption.
  35. (2000). Single Photons “on Demand”.
  36. (1999). TCP congestion control. RFC 2581,A p r i l
  37. (1999). The Bluetooth Special Interest Group. Specification of the Bluetooth System 0.9. Available from,
  38. (1997). The Case for FEC-Based Error Control for Packet A u d i oi nt h eI n t e r n e t .ACM Multimedia Systems,
  39. The dynamic digital disk.
  40. (1994). The economy of ideas.
  41. (1997). The Electronic Privacy Papers.
  42. (1983). The Puzzle Palace.
  43. (1997). The risks of key recovery, key escrow, and trusted third party encryption. Written testimony to US Senate Judiciary Committee, available at,
  44. (2001). The Secure Real Time Transport Protocol. IETF draft,
  45. (1999). Transport-Friendly ESP. Available at,
  46. Watercasting: Distributed Watermarking of Multicast Media.

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.