13 research outputs found
Performance of active multicast congestion control
This paper aims to provide insight into the behavior of congestion control mechanisms for reliable multicast protocols. A multicast congestion control based on active networks has been proposed and simulated using ns-2 over a network topology obtained using the Tiers tool. The congestion control mechanism has been simulated under different network conditions and with different settings of its configuration parameters. The objective is to analyze its performance and the impact of the different configuration parameters on its behavior. The simulation results show that the performance of the protocol is good in terms of delay and bandwidth utilization. The compatibility of the protocol with TCP flows has not been demonstrated, but the simulations performed show that by altering the parameter settings, the proportion of total bandwidth taken up by the two types of flow, multicast and TCP, may be modified.Publicad
Multidomain Network Based on Programmable Networks: Security Architecture
This paper proposes a generic security architecture
designed for a multidomain and multiservice network
based on programmable networks. The multiservice
network allows users of an IP network to run
programmable services using programmable nodes
located in the architecture of the network. The
programmable nodes execute codes to process active
packets, which can carry user data and control
information. The multiservice network model defined
here considers the more pragmatic trends in
programmable networks. In this scenario, new security
risks that do not appear in traditional IP networks become
visible. These new risks are as a result of the execution of
code in the programmable nodes and the processing of the
active packets. The proposed security architecture is based
on symmetric cryptography in the critical process,
combined with an efficient manner of distributing the
symmetric keys. Another important contribution has been
to scale the security architecture to a multidomain
scenario in a single and efficient way.Publicad
Performance analysis of a security architecture for active networks in Java
Internacional Association of Science and Technology for Development - IASTED, Benalmadena, Spain: 8-10 Septiembre, 2003.Active network technology supports the deployment and execution on the fly of new active services, without interrupting the network operation. Active networks are
composed of special nodes (named Active Router) that are able to execute active code to offer the active services. This technology introduces some security threats that must be solved using a security architecture. We have developed a security architecture (ROSA) for an active network platform (SARA). Java has been used as
programming language in order to provide portability, but it imposes some performance limitations. This paper analyses the penalty of using Java and proposes some mechanisms to improve the performance of cryptographic
implementations in Java.Publicad
ROSA: Realistic Open Security Architecture for active networks
Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4–6, 2002.Active network technology enables fast deployment of new network
services tailored to the specific needs of end users, among other features.
Nevertheless, security is still a main concern when considering the industrial
adoption of this technology. In this article we describe an open security
architecture for active network platforms that follow the discrete approach. The
proposed solution provides all the required security features, and it also grants
proper scalability of the overall system, by using a distributed key-generation
algorithm. The performance of the proposal is validated with experimental data
obtained from a prototype implementation of the solution.Publicad
DoS protection for a Pragmatic Multiservice Network Based on Programmable Networks
Proceedings of First International IFIP TC6 Conference, AN 2006, Paris, France, September 27-29, 2006.We propose a scenario of a multiservice network, based on pragmatic
ideas of programmable networks. Active routers are capable of processing both
active and legacy packets. This scenario is vulnerable to a Denial of Service attack,
which consists in inserting false legacy packets into active routers. We
propose a mechanism for detecting the injection of fake legacy packets into active
routers. This mechanism consists in exchanging accounting information on
the traffic between neighboring active routers. The exchange of accounting information
must be carried out in a secure way using secure active packets. The
proposed mechanism is sensitive to the loss of packets. To deal with this problem
some improvements in the mechanism has been proposed. An important issue
is the procedure for discharging packets when an attack has been detected.
We propose an easy and efficient mechanism that would be improved in future
work.Publicad
Providing Authentication & Authorization Mechanisms for Active Service Charging
Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless proper charging for these new added value services require suitable authentication and authorization mechanisms. In this article we describe a security architecture for SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm.Publicad
Principios y Aplicaciones de las Redes Activas
This paper presents an overview of a new network technology: active networks. The active networks goal is to
produce a new networking platform, flexible and extensible at runtime to accommodate the rapid evolution and
deployment of networking technologies and also to provide the increasingly sophisticated services demanded by
users. A snapshot of the architecture being developed in DARPA active networks program is presented. Finally,
potential applications of active networks are highlighted, along with some of the challenges that must be overcome
to make them a reality
Caracterización de los enlaces de Internet utilizando tecnología de redes activas
This paper presents the design, implementation and trials of a-clink, which is a hop-by-hop
performance estimation tool based on active networks. The paper begins by analyzing different alternatives
of hop-by-hop performance estimation tools: pathchar, clink, pchar and nettimer. Based on this analysis,
several deficiencies are identified on the different tools. In order to improve the efficiency and accuracy of
the estimations, one of the tools is selected, clink, to design an extension based active network technology.
This extension, a-clink, has been implemented over the public domain active network platform SARA. The
implementation of a-clink has been trialed on a simple active network prototype spanning two universities
connected through public Internet, and its results compared with those obtained by the original clink. The
paper concludes describing the advantages of the active version of clink over the conventional passive
performance estimation tool.Publicad
ROSA: Realistic Open Security Architecture for active networks
Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4–6, 2002.Active network technology enables fast deployment of new network
services tailored to the specific needs of end users, among other features.
Nevertheless, security is still a main concern when considering the industrial
adoption of this technology. In this article we describe an open security
architecture for active network platforms that follow the discrete approach. The
proposed solution provides all the required security features, and it also grants
proper scalability of the overall system, by using a distributed key-generation
algorithm. The performance of the proposal is validated with experimental data
obtained from a prototype implementation of the solution.Publicad