Multidomain Network Based on Programmable Networks: Security Architecture

This paper proposes a generic security architecture designed for a multidomain and multiservice network based on programmable networks. The multiservice network allows users of an IP network to run programmable services using programmable nodes located in the architecture of the network. The programmable nodes execute codes to process active packets, which can carry user data and control information. The multiservice network model defined here considers the more pragmatic trends in programmable networks. In this scenario, new security risks that do not appear in traditional IP networks become visible. These new risks are as a result of the execution of code in the programmable nodes and the processing of the active packets. The proposed security architecture is based on symmetric cryptography in the critical process, combined with an efficient manner of distributing the symmetric keys. Another important contribution has been to scale the security architecture to a multidomain scenario in a single and efficient way.Publicad

DoS protection for a Pragmatic Multiservice Network Based on Programmable Networks

Proceedings of First International IFIP TC6 Conference, AN 2006, Paris, France, September 27-29, 2006.We propose a scenario of a multiservice network, based on pragmatic ideas of programmable networks. Active routers are capable of processing both active and legacy packets. This scenario is vulnerable to a Denial of Service attack, which consists in inserting false legacy packets into active routers. We propose a mechanism for detecting the injection of fake legacy packets into active routers. This mechanism consists in exchanging accounting information on the traffic between neighboring active routers. The exchange of accounting information must be carried out in a secure way using secure active packets. The proposed mechanism is sensitive to the loss of packets. To deal with this problem some improvements in the mechanism has been proposed. An important issue is the procedure for discharging packets when an attack has been detected. We propose an easy and efficient mechanism that would be improved in future work.Publicad

ROSA: Realistic Open Security Architecture for active networks

Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4–6, 2002.Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among other features. Nevertheless, security is still a main concern when considering the industrial adoption of this technology. In this article we describe an open security architecture for active network platforms that follow the discrete approach. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm. The performance of the proposal is validated with experimental data obtained from a prototype implementation of the solution.Publicad

Providing Authentication & Authorization Mechanisms for Active Service Charging

Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless proper charging for these new added value services require suitable authentication and authorization mechanisms. In this article we describe a security architecture for SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm.Publicad

Performance analysis of a security architecture for active networks in Java

Internacional Association of Science and Technology for Development - IASTED, Benalmadena, Spain: 8-10 Septiembre, 2003.Active network technology supports the deployment and execution on the fly of new active services, without interrupting the network operation. Active networks are composed of special nodes (named Active Router) that are able to execute active code to offer the active services. This technology introduces some security threats that must be solved using a security architecture. We have developed a security architecture (ROSA) for an active network platform (SARA). Java has been used as programming language in order to provide portability, but it imposes some performance limitations. This paper analyses the penalty of using Java and proposes some mechanisms to improve the performance of cryptographic implementations in Java.Publicad

Simuladores interacticvos de fenómenos ondulatorios como herramienta docente para la enseñanza/aprendizaje de Física en 2º de Bachillerato

Educació

Mecanismos de Seguridad para una red ad hoc en un entorno urbano

Las redes ad-hoc representan un paradigma de comunicación\ud emergente cuya aplicación se ha propuesto en diversos entornos por su\ud capacidad de autoconfiguración y rápido despliegue. Sin embargo, siguen\ud planteados importantes desafíos relativos a problemas de seguridad. Uno\ud de estos problemas es la gestión y distribución de claves. Se propone la\ud aplicación del protocolo TESLA de distribución de claves a una red adhoc\ud de servicios en un entorno urbano como la alternativa más adecuada\ud frente a otras propuestas en el estado del arte. Finalmente, se realizan\ud pruebas de validación de un estadio preliminar del algoritmo propuesto

Automated Purchase Negotiations in a Dynamic Electronic Marketplace

Nowadays, there is a surge of B2C and B2B e-commerce operated\ud on the Internet. However, many of these systems are often nothing\ud more than electronic product or service catalogues. Against this background,\ud it is argued that new generation systems based on automatic\ud negotiation will emerge. This paper covers a particular kind of automatic\ud negotiation systems, where a number of participants in a mobile\ud dynamic electronic marketplace automatically negotiate the purchase of\ud products or services, by means of multiple automated one-to-one bargainings.\ud In a dynamic e-marketplace, the number of buyers and sellers\ud and their preferences may change over time. By mobile we mean that\ud buyers in a commercial area may initiate simultaneous negotiations with\ud several sellers using portable devices like cell phones, laptops or personal\ud digital assistants, so these negotiations do not require participants to be\ud colocated in space. We will show how an expressive approach to fuzzy\ud constraint based agent purchase negotiations in competitive trading environments,\ud is ideally suited to work on these kind of e-marketplaces. An\ud example of mobile e-marketplace, and a comparison between an expressive\ud and an inexpressive approach will be presented to show the efficiency\ud of the proposed solution

Images Protection Sent to Mobile Devices

With the increasing use of multimedia technologies and mobile\ud devices, also increases the applications which purpose is to offer information or\ud to do advertising by means of the sending of images or videos. In this paper, we\ud approached a digital tourist guide scene in which mobile devices with limited\ud resources need to receive multimedia information across a wireless connection.\ud Also we approached that this information is visible only authorized users. We\ud centre the article on the protection of images on an format of compression\ud adapted. Standard JPEG 2000 has been selected to offer an optimal balance between\ud the quality of image and the occupied space. In order to protect the information,\ud we have worked with selective encryption mechanism, that allow to\ud obtain a relation of commitment between the computational cost, on having\ud concealed the information and the concealment degree

Mecanismos de seguridad en redes activas sobre arquitectura SARA

Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless security issues still are a main concern when considering the industrial adoption of this technology. In this article we describe SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project, and then consider security requirements detected in this architecture, concerning confidentiality, integrity, authentication, no repudiation and retransmission. Later, we present the security protocol proposed which intents to cover all imposed requirements, and finally we will address implementation perspectives using available technologies such as IPSec and SSL