Efficient security management for active networks.

Due to the dynamic nature and dynamic routing capability of active packets, security in active networks should be hop-by-hop based. This thesis discusses the identified drawbacks of existing approaches. These drawbacks are: the high performance overhead generated by per-hop Security Association (SA) negotiation prior to secured active packet transmission the high complexity in SA negotiation handshake process active packet can only be securely transmitted after SA negotiations the shared key set generated for protecting active packets may not have Perfect Forward Secrecy (PFS) lack of confidentiality protection on exchanged symmetric keys and active packets lack of SA negotiation power and scalability issues. This thesis presents a novel hop-by-hop active network security management approach known as Security Protocol for Active Networks (SPAN). SPAN is designed to enable secure active packet transmission during a series of hop-by-hop SPAN SA negotiation along a new execution path, instead of after. The design of SPAN has taken into consideration the factors of security, efficiency, flexibility, scalability, and applicability. SPAN is resistant to replay, man-in-the-middle, impersonate attacks. SPAN is designed to detect DoS attacks much more efficiently. Furthermore, SPAN is uniquely designed to enhance the robustness and efficiency of underlying active networking systems