Packet Size Reduction using Both Distributed CMDB and Kerberos System in Active Networks

S.-S. Lee, J.-C. Na, and S.-W. Sohn (Korea)


active networks, authorization, authentication, credentials,Kerberos


Active networks are an innovative network paradigm in which the infrastructure provides flexible and customized EE(Execution Environment) for packets. Differently to the recent network, nodes in active networks not only forward an active packet but also execute program codes contained in the packet at every active node which the packet reached. In this sense, it is true that the packet will encounter many different security domains and the security attributes relevant to each domain will vary. Because the packet will be subjected to authorization everywhere it executes, one credential could not serve to represent all the needed attributes. Thus, the active packet must be able to carry a list of credentials representing security attributes at different points in the network. In this paper, we proposed the method to reduce the packet size consumed by the credential lists. For this purpose, we used the distributed infrastructure consisting of CMDB’s (Credential Management Data Bases), which manage a set of security attributes of each object, and Kerberos, which supports the safe communication between active nodes and CMDB’s.

Important Links:

Go Back