A Prototype Implementation for Dynamically Configuring Node-Node Security Associations using a Keying Server and the Internet Key Exchange

Realizing large-scale active networks is heavily contingent upon addressing security concerns at the outset. Various approaches have been taken toward integrating security within an active node, each defining the mechanisms required to be in place within the NodeOS or the EE in order to provide security guarantees within the system. An acceptable short-term solution to security in deploying a practical testbed such as the ABONE is to divide security concerns into two classes viz. hop-by-hop and end-to-end. This paper describes one approach toward setting up hop-by-hop packet authentication and integrity, similar to the ABone Hop-by-Hop message authentication and integrity framework, but usable in a more general context. It answers most of these requirements using existing protocols in network security and is flexible enough to be used in any scenario requiring mediated node-node security associations.