A prototype of security for active networks

As a new programmable network architecture, the active network supports the development, verification and deployment of new network protocols and services. It is not used widely as we expected. The main reason is that its security has not been resolved. We introduce an active network security prototype designed by a pluggable module. It implements three aspects of security, including cryptography and digital signatures; authentication and authorization; revocation; etc. Especially, cryptography solves the integrity and confidentiality of active codes, and the decode mode implements cryptography´s replacement and extensibility. Our system is dual nonrepudiation on both. Nonrepudiation on both is that the sender cannot deny that he sends the message; dual nonrepudiation means that nonrepudiation has been done in digital signature authentication and authorization authentication. The section of revocation designed according to the active network guarantees the validity of active code´s execution. We measured latency and throughput of the experimental active network on two services: a prototype for active networks, a prototype of security for active networks. In fact, the security techniques applied in our system have little influence on the latency and throughput of active networks.