Integrating security services into active network

Abstract

Active network is a new approach to network architecture in which allows node do computation against active packets within the network, for instance, Active Network Transport System (ANTS) from University of UTAH. The ANTS is easily adaptable to new services that are injected into the network. However, the ANTS apply no node policy enforcement to the local node’s users and the network packets. As results, the nodes become susceptible from several network attacks such as address spoofing, Distributed Denial of Service – (DDOS), SYN-Flooding, and virus attack. To overcome these problems, a new layer that supports security modules is introduced into the ANTS’s node operating system and a minor modification to the operating system is made. The modified ANTS, “Secure JANOS ANTS� (SJANTS), has shown to be more secure than the conventional ANTS while still maintaining the flexibility of the ANTS. The advantages of the SJANTS are as the followings: It can be modified on the fly in the node policy enforcement, it can be conformed to many database vendors, it has independent platform, and it has top-down approach of enforcement to the network packets and the users. In addition, SJANTS security model that based on the Role Base Access Control (RBAC) supports authentication process by using MD5, RIPEMD320, and SHA-512 hash functions, and relies on Java Authentication and Authorization Service (JAAS). Testing was performed to investigate the response time of authentication using these hash functions. The results demonstrated that the authentication based on RIPEMD320 was faster than MD5 and SHA-512., and SHA-512 is more secure than the others.