APE: fast and secure active networking architecture for active packet editing

This paper proposes an architecture for active network nodes, called Active Packet Editing (APE). The design of APE focuses on accelerating the functions that are essential to active network operation, such as packet classification and NAT. The twofold architecture of APE combines a software active packet processor with an efficient packet editor based on flexible hardware. Based on preset rules (pattern, action), the packet editor classifies and modifies, to a limited extent, packets that pass through the node. Upon the receipt of active packets, the software active packet processor dynamically configures the packet editor. To prevent interference among active applications, and thus ensure security, cryptographic techniques are used to distribute a flow specific key string, which is used to authenticate succeeding packets in the same flow. We are developing a prototype APE node.

[1]  Angelos D. Keromytis,et al.  Active network encapsulation protocol (anep) , 1997 .

[2]  Itaru Mimura,et al.  Terabit Node for Next-generation IP Networks , 2000 .

[3]  William A. Arbaugh,et al.  The SwitchWare active network architecture , 1998, IEEE Netw..

[4]  Sushil da Silva,et al.  TOWARDS PROGRAMMABLE NETWORKS , 1996 .

[5]  Bernhard Plattner,et al.  A scalable high-performance active network node , 1999 .

[6]  Paul Francis,et al.  Fast routing table lookup using CAMs , 1993, IEEE INFOCOM '93 The Conference on Computer Communications, Proceedings.

[7]  Working Group Architectural Framework for Active Networks , 1998 .

[8]  Toshiaki Miyazaki,et al.  ANT-on-YARDS: FPGA/MPU hybrid architecture for telecommunication data processing , 1998, IEEE Trans. Very Large Scale Integr. Syst..

[9]  Toshiaki Miyazaki,et al.  Adaptive Stream Multicast Based on IP Unicast and Dynamic Commercial Attachment Mechanism: An Active Network Implementation , 2001, IWAN.

[10]  Jun Li,et al.  Securing distributed adaptation , 2001, 2001 IEEE Open Architectures and Network Programming Proceedings. OPENARCH 2001 (Cat. No.01EX484).

[11]  Bernhard Plattner,et al.  DAN: distributed code caching for active networks , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[12]  Stephen J. Garland,et al.  Active reliable multicast , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[13]  David Wetherall,et al.  Improving the performance of distributed applications using active networks , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[14]  Antonio Cantoni,et al.  Implementation of dynamic look-up tables , 1994 .

[15]  EDDIE KOHLER,et al.  The click modular router , 2000, TOCS.

[16]  Carl A. Gunter,et al.  PLAN: a packet language for active networks , 1998, ICFP '98.

[17]  Jonathan M. Smith,et al.  P4: A platform for FPGA implementation of protocol boosters , 1997, FPL.

[18]  Jun Li,et al.  Securing distributed adaptation , 2002, Comput. Networks.

[19]  Carl A. Gunter,et al.  PLANet: an active internetwork , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[20]  David L. Tennenhouse,et al.  The ACTIVE IP option , 1996, EW 7.

[21]  Robert N. M. Watson,et al.  Strong security for active networks , 2001, 2001 IEEE Open Architectures and Network Programming Proceedings. OPENARCH 2001 (Cat. No.01EX484).

[22]  David Wetherall,et al.  Towards an active network architecture , 1996, CCRV.

[23]  Ellen W. Zegura,et al.  An architecture for active networking , 1997, HPN.

[24]  William A. Arbaugh,et al.  Safety and security of programmable network infrastructures , 1998, IEEE Commun. Mag..

[25]  R. D. Rockwell,et al.  Smart Packets for active networks , 1999, 1999 IEEE Second Conference on Open Architectures and Network Programming. Proceedings. OPENARCH '99 (Cat. No.99EX252).

[26]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[27]  Roy H. Campbell,et al.  Seraphim: dynamic interoperable security architecture for active networks , 2000, 2000 IEEE Third Conference on Open Architectures and Network Programming. Proceedings (Cat. No.00EX401).

[28]  Scott Nettles,et al.  Practical programmable packets , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[29]  Toshiaki Miyazaki,et al.  Transmutable telecom system and its application , 1999, Seventh Annual IEEE Symposium on Field-Programmable Custom Computing Machines (Cat. No.PR00375).

[30]  John V. Guttag,et al.  ANTS: a toolkit for building and dynamically deploying network protocols , 1998, 1998 IEEE Open Architectures and Network Programming.

[31]  G.J. Minden,et al.  A survey of active network research , 1997, IEEE Communications Magazine.