Research And Improvement On Security Of Active Node Transfer System

In the traditional network architecture, new technologies need a standardization process to be applied. However, the period of protocol standardization is too long. Once a new technology are been researched successfully, we need wait a long time to bring it to practical application. This seriously restricts the development of the new technologies. Therefore, the concept of active network has been put forward. The active network is one kind of programmable network architecture. It can realize the high-speed transmission of data, dynamic customization services, rapid deploying of protocols through using active technology and mobile technology. Active network can solve the problems well which exist in the traditional network architecture. The most feature of active network is programmability. It allows users to inject code to the network to obtain the appropriate services. The programmability of active network makes the network more flexible. However, it also brings some security problems.In the paper, active network architecture and related concepts have been introduced. The security of the entities in the active network architecture has been analyzed. Some Technologies, which are used to enhance network security, have been researched. Active node transfer system is a typical active network research project. However, there is little corresponding security mechanism to ensure the security of the network in the design. The only mechanism used to ensure security is JAVA language.In the paper, the operation mechanism of the active node transfer system has been researched. Security problems of active node transfer system have been analyzed. Secure active node transfer system has been put forward. In the secure active node transfer system, security of active node transfer system has been improved by adding the authentication mechanism and the node resource access control policy. The code mechanism has been modified. Which uses a combination of two kinds of implementations:separate and integrated. And the threshold value judgment has been used to decide that which kind to use. If using the separate implementation, an active code server has been used to manage users'codes in a centralized approach. The active code server provides the necessary code for active node. As the whole transfer process changes, the format of capsule in active node transfer system is unable to satisfy for secure active node transfer system. So we redefine the capsule format by increasing the authentication, signature field in ANTS capsule header.Finally, a LAN environment used to test the SANTS has been set up. Four PCs respectively simulate user, active node, CA center, active code server. The operating system is ubuntu linux 10.04. Execution environment is ANTS2.0.3 which h needs to be modified accordingly. Janos is used as the node operating system. A functional test has been run on the improved system by a simple application.