36 research outputs found
Multidomain Network Based on Programmable Networks: Security Architecture
This paper proposes a generic security architecture
designed for a multidomain and multiservice network
based on programmable networks. The multiservice
network allows users of an IP network to run
programmable services using programmable nodes
located in the architecture of the network. The
programmable nodes execute codes to process active
packets, which can carry user data and control
information. The multiservice network model defined
here considers the more pragmatic trends in
programmable networks. In this scenario, new security
risks that do not appear in traditional IP networks become
visible. These new risks are as a result of the execution of
code in the programmable nodes and the processing of the
active packets. The proposed security architecture is based
on symmetric cryptography in the critical process,
combined with an efficient manner of distributing the
symmetric keys. Another important contribution has been
to scale the security architecture to a multidomain
scenario in a single and efficient way.Publicad
DoS protection for a Pragmatic Multiservice Network Based on Programmable Networks
Proceedings of First International IFIP TC6 Conference, AN 2006, Paris, France, September 27-29, 2006.We propose a scenario of a multiservice network, based on pragmatic
ideas of programmable networks. Active routers are capable of processing both
active and legacy packets. This scenario is vulnerable to a Denial of Service attack,
which consists in inserting false legacy packets into active routers. We
propose a mechanism for detecting the injection of fake legacy packets into active
routers. This mechanism consists in exchanging accounting information on
the traffic between neighboring active routers. The exchange of accounting information
must be carried out in a secure way using secure active packets. The
proposed mechanism is sensitive to the loss of packets. To deal with this problem
some improvements in the mechanism has been proposed. An important issue
is the procedure for discharging packets when an attack has been detected.
We propose an easy and efficient mechanism that would be improved in future
work.Publicad
ROSA: Realistic Open Security Architecture for active networks
Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4–6, 2002.Active network technology enables fast deployment of new network
services tailored to the specific needs of end users, among other features.
Nevertheless, security is still a main concern when considering the industrial
adoption of this technology. In this article we describe an open security
architecture for active network platforms that follow the discrete approach. The
proposed solution provides all the required security features, and it also grants
proper scalability of the overall system, by using a distributed key-generation
algorithm. The performance of the proposal is validated with experimental data
obtained from a prototype implementation of the solution.Publicad
Providing Authentication & Authorization Mechanisms for Active Service Charging
Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless proper charging for these new added value services require suitable authentication and authorization mechanisms. In this article we describe a security architecture for SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm.Publicad
Performance analysis of a security architecture for active networks in Java
Internacional Association of Science and Technology for Development - IASTED, Benalmadena, Spain: 8-10 Septiembre, 2003.Active network technology supports the deployment and execution on the fly of new active services, without interrupting the network operation. Active networks are
composed of special nodes (named Active Router) that are able to execute active code to offer the active services. This technology introduces some security threats that must be solved using a security architecture. We have developed a security architecture (ROSA) for an active network platform (SARA). Java has been used as
programming language in order to provide portability, but it imposes some performance limitations. This paper analyses the penalty of using Java and proposes some mechanisms to improve the performance of cryptographic
implementations in Java.Publicad
Mecanismos de Seguridad para una red ad hoc en un entorno urbano
Las redes ad-hoc representan un paradigma de comunicación\ud
emergente cuya aplicación se ha propuesto en diversos entornos por su\ud
capacidad de autoconfiguración y rápido despliegue. Sin embargo, siguen\ud
planteados importantes desafíos relativos a problemas de seguridad. Uno\ud
de estos problemas es la gestión y distribución de claves. Se propone la\ud
aplicación del protocolo TESLA de distribución de claves a una red adhoc\ud
de servicios en un entorno urbano como la alternativa más adecuada\ud
frente a otras propuestas en el estado del arte. Finalmente, se realizan\ud
pruebas de validación de un estadio preliminar del algoritmo propuesto
Automated Purchase Negotiations in a Dynamic Electronic Marketplace
Nowadays, there is a surge of B2C and B2B e-commerce operated\ud
on the Internet. However, many of these systems are often nothing\ud
more than electronic product or service catalogues. Against this background,\ud
it is argued that new generation systems based on automatic\ud
negotiation will emerge. This paper covers a particular kind of automatic\ud
negotiation systems, where a number of participants in a mobile\ud
dynamic electronic marketplace automatically negotiate the purchase of\ud
products or services, by means of multiple automated one-to-one bargainings.\ud
In a dynamic e-marketplace, the number of buyers and sellers\ud
and their preferences may change over time. By mobile we mean that\ud
buyers in a commercial area may initiate simultaneous negotiations with\ud
several sellers using portable devices like cell phones, laptops or personal\ud
digital assistants, so these negotiations do not require participants to be\ud
colocated in space. We will show how an expressive approach to fuzzy\ud
constraint based agent purchase negotiations in competitive trading environments,\ud
is ideally suited to work on these kind of e-marketplaces. An\ud
example of mobile e-marketplace, and a comparison between an expressive\ud
and an inexpressive approach will be presented to show the efficiency\ud
of the proposed solution
Images Protection Sent to Mobile Devices
With the increasing use of multimedia technologies and mobile\ud
devices, also increases the applications which purpose is to offer information or\ud
to do advertising by means of the sending of images or videos. In this paper, we\ud
approached a digital tourist guide scene in which mobile devices with limited\ud
resources need to receive multimedia information across a wireless connection.\ud
Also we approached that this information is visible only authorized users. We\ud
centre the article on the protection of images on an format of compression\ud
adapted. Standard JPEG 2000 has been selected to offer an optimal balance between\ud
the quality of image and the occupied space. In order to protect the information,\ud
we have worked with selective encryption mechanism, that allow to\ud
obtain a relation of commitment between the computational cost, on having\ud
concealed the information and the concealment degree
Mecanismos de seguridad en redes activas sobre arquitectura SARA
Active network technology enables fast deployment of new network services tailored to
the specific needs of end users, among others features. Nevertheless security issues still are a main
concern when considering the industrial adoption of this technology. In this article we describe
SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the
context of the IST-GCAP project, and then consider security requirements detected in this
architecture, concerning confidentiality, integrity, authentication, no repudiation and
retransmission. Later, we present the security protocol proposed which intents to cover all
imposed requirements, and finally we will address implementation perspectives using available
technologies such as IPSec and SSL