APE: fast and secure active networking architecture for active packet editing

Abstract

This paper proposes an architecture for active network nodes, called Active Packet Editing (APE). The design of APE focuses on accelerating the functions that are essential to active network operation, such as packet classification and NAT. The twofold architecture of APE combines a software active packet processor with an efficient packet editor based on flexible hardware. Based on preset rules (pattern, action), the packet editor classifies and modifies, to a limited extent, packets that pass through the node. Upon the receipt of active packets, the software active packet processor dynamically configures the packet editor. To prevent interference among active applications, and thus ensure security, cryptographic techniques are used to distribute a flow specific key string, which is used to authenticate succeeding packets in the same flow. We are developing a prototype APE node.