Slashdot Mirror
Universities Tapped To Build Secure Net
Wes Felter writes "InfoWorld reports that the National Science Foundation (NSF) has enlisted five university computer science departments to develop a secure, decentralized Internet infrastructure. I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing. The article quotes Frans Kaashoek from MIT PDOS, which is working on decentralized software such as Chord."
hmm, i wonder what the commercial applicatoins of this are? 3 of 3.
> I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.
The only thing that needs fixing is the spammers. You know, so they can't have kids who take up the family business. We could even have Bob Barker provide the PSA at the end of Price Is Right episodes. ("Remeber to have your spammers spayed or neutered.")
"Old man yells at systemd"
If you want a decentralized secure system you have to create a system that does not need an omnisceint trusted party. In otherwords you need an agent based system where each agent's local utility function is such that by optimizing it, it approximates the global utility function. This does not enforce security, but by clever design of the local utility function could make for a bobust system even with "evil" agents.
Some drink at the fountain of knowledge. Others just gargle.
If they do succeed, how exactly have the changed the world? Am I missing the point? Do I just not get it? Won't they just have changed the Internet...and in a way that would be seamless to most users? Isn't the general consensus that we are not all that vunerable.
Can I bum a sig?
Perhaps there fixing the anonymity (did you know that terrorists are able to browse the internet?), the ability to share programs, and all the other conveniences that have made the internet the world's medium of free speech.
The internet is horribly vulnerable as it is. It's not so much a problem of pure decentralization as it is one of too many people/requests to handle through too tight a pipe if the other pipe goes down.
As an example...if one day some serious news happened that caused everyone to get on the net at once (Kyoto Earthquake, OJ Simpson on the freeway, Iraq drops a nuclear bomb), and this coincided with a failure of some large piece of hardware along the western coast (under extreme load), the remaining paths for much of this area would be so bogged down as to be useless. Effectively the internet would break under the pressure.
What needs to happen to avoid the problem here is have many more paths for the data to flow, which requires better hardware and further decentralization (would love to see everyone's cable modem be a small internet router for people's data to travel through). Barring that, with the increased worldwide participation on the net expect that some days you just won't be able to use it.
Kickstart
Security here relates to BGP... it's a completely decentralized protocols, and the heart of our vulnerable network. It's only a matter of time before it's exploited with v.disastrous results.
Sounds exactly like freenet to me, except with larger university servers and less peers, which could mean either a more stable or less stable system, depending on how you look at it.
"I may be quite wrong." - Socrates
Neither the DNS system (root servers), or the allocation/control of IP address(ing) is decentralized -- they may be heirarchial, but both still have a root.
It will be interesting to see if IPv6 will use geographic hierarchies for routing, or even relaxes the hierarchial assignment-scheme at all. If your IPv6 suffix is static/fixed (based on your MAC address, say), and your IPv6 prefix is from the current network/area you are in, that will be an interesting tool to let people track devices as they move around/between networks.
If you think about it, the DNS servers are a "centralized" systems. With the Root Servers, if I query my DNS server at home, and cannot find www.fubar.com, I query one of the DNS root servers to find which DNS server has the records I need.
/.ed. Or, in a less extreme case, it could take quite a while for my query for www.fubar.com to pass through.
Now imagine, what if one of those root servers went down. The other servers have to take the load of the failed server. Now imagine two went down, however unlikely, but that puts loads of extra traffic on the remaing servers. After a while, this will add up. Now, I admit, it is probibly very unlikely, but with enough traffic, even a root server could be
Is this thing on?
... use Microsoft Passport!?
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.
The Internet is designed to be decentralized but it is built to maximize profit.
Wouldn't the DNS system count as a point of failure. That they would like fix. That would also be a good argument for developing a decentralized system.
The might be referring to IP address assignments, DNS, and related protocols, which are all somewhat centralized right now. The secure part is obvious, but more important when specifically applied to the preceding list. Example: You want a secure system so the decentralized DNS information can be trusted.
:)
Then again, I could be WAY off.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
Once microsoft had products running on it. It'll go from Secure to Broken in... how long does it take to start up IIS?
I know more than you drink.
Definitely decentralized.
A Good Troll is better than a Bad Human.
One of the cool things in the future we'll be seeing is decentralised networking through quanta, i.e. quantum particles. Right now, for the most part, the Internet is point-to-point. Your modem connects to an internet provider, which connects to the backplane. If your link to the host provider is severed, you can't read any other machines, because you only have one link to the Interweb. A pair of quantum particles can be used to exchange information between to computing machines. So, if you had a nicely sized set of pairs of quantum particles, you could reach any machine on the Internet directly (point-to-point) as long as you and it had a matching set of quanta. This means you don't go through 19-30 hops.
Interesting pick of universities that are getting the cash. Compare that list to Usnews' 2003 ranking of CS grad schools: 1. Carnegie Mellon University (PA) Massachusetts Institute of Technology Stanford University (CA) University of California-Berkeley 5. University of Illinois-Urbana-Champaign See for yourself @ http://www.usnews.com/usnews/edu/grad/rankings/phd sci/brief/com_brief.php
I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.
Not quite. The primary vulnerability lies within the Root DNS servers, which contain all DNS information for the entire Internet*. IIRC, there are only eleven or twelve of them. And because each replicates its data set to all other Root servers, catastrophic failure of one would bring down all of the others.
If that ever happens, you can pretty much say goodbye to the Net, at least temporarily.
*Actually, I think they hold the addresses of all Local DNS servers, which is basically the same thing.
DHT is like having a file cabinet distributed over numerous servers
Is this DHT going to be decentralized so different servers are throughout the country? If so, would yahoo hold files for google? If it is this way, it sounds like my credit card data would be insecure. (Say a p0rn site is holding data for ebay)
Or is it more like a backup of the server that is in the same room? If it is this way, don't most organizations that host their own site have more than one server with the same data?
Or am I just totally confused?
The infrastructure of the internet has evolved out of the past few decades yet many key parts are still integral to the existance of the Internet.
After 9/11 several security consultants met in a Senate hearing and demonstrated in a simulation, how the removal of a few key segments could cripple internet traffic (granted some of the plan involved small amount of urban sabatoge).
The internet if scaled down could be compareable to the P2P networks. 90% of content on the internet is provided by less than 10% of computers connected.
The people at http://www.niiip.org/ have amazing documents with regard to security and how the infrastructure of the internet works. Well worth a read.
Another good spot for information, though slightly tainted, is http://www.iisweb.com/. They offer a skewed view of security, as well as some examples of "Worse Case Senarios"
My ignorance is a perfect shield against your logic.
The InfoWorld article describes a secure distributed storage system, not just plain old messaging connectivity. There aren't too many such beasts around; usually it's more of a "distributed, secure, usable - pick two" kind of thing. Some of the projects that approach the goal of combining all three actually seem to sharing the IRIS award - i.e. OceanStore at Berkeley and various projects at NYU. I don't know off the top of the head how ICSI and Rice fit in, but I'm about to go check their sites because I'll bet it's interesting.
Slashdot - News for Herds. Stuff that Splatters.
The design is meant to be decentralized (except for some databases like DNS) but in practice it isn't nearly as decentralized as it should be.
I remember an anecdote about some company that installed multiple data feeds from multiple vendors to ensure reliability--redundancy is always good, right? Some construction worker was fixing a pipe and cut a fiber cable and sure enough, the company was offline. The different vendors all shared the same fiber so the redundancy wasn't real.
Tons of traffic gets jammed through a few key distribution routes. I'll bet the typical internet user sends traffic through many routers with no backups--you could probably shut down my home cable modem service by pulling the plug on any of at least half-a-dozen routers before it gets out of the provider's internal network. Redundancy in the backbone is nice, but useless if the endpoints are vulnerable.
- Russ
forgot to preview. here it is more legibly:
d sci/brief/com_brief.php
Interesting pick of universities that are getting the cash. Compare that list to Usnews' 2003 ranking of CS grad schools:
1. Carnegie Mellon University (PA)
Massachusetts Institute of Technology
Stanford University (CA)
University of California-Berkeley
5. University of Illinois-Urbana-Champaign
See for yourself @
http://www.usnews.com/usnews/edu/grad/rankings/ph
Since every release of BIND ties us more thoroughly to ICANN-dominated centralised name control, I'd guess that DNS would be what they are fixing.
It used to be easy to use alternative roots in conjunction with the "authoritative" (authoritarian?) roots... but now it's one or the other. Caveat - I haven't tried the BIND alternatives yet, there are only so many hours in the day.
The namespace of the Internet is hosed, even USENET's namespace.namespace.namespace is more useful. And the geographic separation of the root nameservers doesn't matter much when all change authority is vested in a single entity.
The idea that just because storage is distributed, then it is secure, is only partially true.
If your data is distributed, and one server gets taken out, then fine, you still have service, and the downed server can be re-synched.
If your data is distributed, and someone updates it, then the update is faithfully replicated - even if it is wrong. I work for a company that has its Lotus Notes address database distributed across > 50 locations. One of these would probably survive World War III. Unfortunately, a few years ago, none of them survived a deletion, followed by automatic replication. Took us down for a day, becuase the tapes were only in 1 location.
Of course, you could skip the replication. The you have the non-trivial problem of finding the latest version.
Some sort of utility to change a file's ordination?
The same institutions who are fighting that which will rely strongly on a decentralized infrastructure (P2P networks of today and tomorrow) are also researching ways to improve it.
Ok, I know universities generally aren't against P2P technology, just what it is being used for.
You dumb troll, the arpanet was designed exactly to be a self healing system to survive nuclear attack. Time after time, earthquakes and power failures have not killed the internet. And if everyone got on at the same time it might suck in thoughput and packet loss but it would function because it has done so.
Some drink at the fountain of knowledge. Others just gargle.
This seems it would reduce an individual entity's loss to an attack with the idea of, everyone loses a little rather than one losing alot. But it also seems, even though the details in this article are lacking, that physical security of boxes would become more important.
Should the british goverment, a university, and whoever else, trust a small buisness in san diego to house its part data.
the only way this would work from a security stand point would be to make the information that is spread out over 50 or so computers not accessible from the machine its hosted in on. and it seems this would be pretty much impossible(er.. hackerd00ds) from a purely software approach....
do you trust me with your data? um... i dont
--
What is the sound of this sentence?
if these universities are being tapped how can they be secure??? :)
That's what it sounds like to me, redundant storage of DNS info and content
Back in the days of bang paths. That was a while back. The system was peer-to-peer and designed to withstand the nuking of many but not all nodes.
Now everything is centralized, with backbone pipes, etc.
Sounds like they mean they want to store related information in a redundant way so that if one part of the network goes down you can still access the info. Like a RAID array.
~ now you know
It was decentralized until it became commercial, then it became hierarchical. The net as it is now is screwed if a few points get wacked.
C'mon guys did you even read the article. NSF is not proposing changing the structure of the web, rather they are hoping to utilize the structure to make data more secure by storing it in decentralized fashion. No one server will contain enough data to reconstruct the file, any server can crash and the file will still be available.
Memory fades, but -- reportedly -- someone at Network Solutions in Herndon loaded the wrong, or bad, DNS tape a few years ago. So, for the better part of a day, lots of helpless little packets went to the wrong place.
Anyone know if there's some truth in this, or is it another myth of the Internet?
-- Slashdot: When Public Access TV Says "No"
It sounds similar to Freenet, but with no mention of concerns like anonymity and censorship.
The article is relatively sparse on details. Does anyone have a link to more information about the project?
The current internet was designed to be decentralized, with no specific backbone required; routers would figure out what paths to send what packets over. Scaling-wise, it's been pretty successful. Redundancy-wise, it is less than so. A bad route typically doesn't result in a smooth transfer to another link unless a lot of work has been done to assure it would happen; instead, packets are dropped and communications are badly disrupted.
I had a perfect example of that happen to my current ISP; after getting terrible communications errors, I called them. Turns out one of three of their routes was out; they reset a router, and everything was copacetic. But the other two routes should have been able to handle the traffic. They didn't.
With the advent of IP6, the structure of the net becomes even more convoluted, and errors may become even more difficult to handle. In order to have a nice, stable internet, a system of handling broken routes needs to be integrated into the new spec.
Thanks; the article was a little unclear about what this project is actually about. Part of it talked about the Internet in general, part of it was about DHTs, and buried in there was a mention of storage.
The Internet is decentralized. The services required to operate it are not. Central administration is required for domain name resolution and routing tables... I'm sure there are other things, but I'm not an Inet expert.
:-)
Perhaps they are trying to make a self organizing network... automatic rerouting, dynamic topology creation, decentralized name resolution. Similar ideas have been discussed with P2P networks.
Perhaps they are designing a network using P2P concepts.
And perhaps I should just read the article.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
as many U networks are run by students that may not have the knowledge/experience that you would find in the private sector? NOT A TROLL, this is an observation of mine...
any other network filesystem. I think that especially GFS would be exactly what they're looking for.
> I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.
The DNS is what they are decentralizing, among other things. If someone takes out the root domain server, the internet would be pretty screwed right now. If we had an easy system for routing information that wasn't based on DNS, it would change a lot of systems. Web Sites, Email accounts, Instant Messaging, are all dependent on DNS. If this project works, we may be able to say goodbye to AOL's monopoly on IM.
Who needs a tag line anyways!
This sounds more like some politicos trying to 'make a diffrence' over something that doesn't need to be dealt with.
NO ONE relies on the Internet for matters of 'life and death', which is the only reason you would go to the expense/aggrivation to make something that fault tolerant (can you hear the drums beating out the old 'we must be safe from everything' rythm?).
When people couldn't get all the pretty pictures on the last few disasters we have had online, what did they do. They went to a medium better suited for broad and instantaneous information distribution. Television and Radio! What a concept! An amazing technology that is capable of reaching millions of people within range of any one of hundreds of 'broadcast stations' located all over the planet!
Of course, because the Internet doesn't work that way, there must be something wrong with it, right?
This reminds me of the telcos demanding QoS for IP, so they could start using a more familiar revenue model for IP and IP services...
Until the cache expires - 3 days maximum.
Anyone who's dealt with memory or disk allocation knows that performance suffers when a resource (file, data string, etc.) is fragmented over several locations on the same physical unit. This is why smart Oracle DBAs define storage parameters when they create objects, why smart Windows users run "Defrag" on their FAT volumes periodically, etc.
If I understand the (altogether too brief) article correctly, the "secure net" will work by fragmenting a file across multiple servers, in multiple locations. To get the most recent copy of a file, any given node will have to go out onto the network and retrieve all the pieces that aren't stored locally. This is sure to yield much poorer performance than a purely-local retrieval (not to mention the inherent security risk of transferring data over the network...)
What am I missing here
some kind of routing protocol would have to be devised that understood the topology of such a network (perhaps by using latitude and longitude as metrics for the routing,
That smacks of geolocation to me. People don't want others to know their incoming IP addresses, let alone their real coordinates!
Distributed routing could work, but I can see a lot of ways for such a decentralized approach to break down.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Other people have mentioned that the internet isn't as decentralized as would first appear (DNS being a particular problem). But the article seems to focus specifically on breaking a single server into a decentralized (and potentially redundant) data cluster. The idea seems to be to eliminate subnet access from being a single point of falue for access to data stored on a single "server." I imagine a lot of what they want could be done now with mirroring and a bit of client-side coding, but it sounds like they want to make the server-side more than just a collection of redundant data sources.
Security of data relates to secure hosts and secure encrypted traffic and security of web services relates to secure hosts and authentication of users. Security of the network itself relates to the physical security of the hardware and transmission lines, the redundancy of the hardware, the adaptability of the software for routing and other network services, etc.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Please explain how this is decentralized, not to mention secure:
/domain/named.root
This file is made available by InterNIC registration services
under anonymous FTP as
file
on server FTP.RS.INTERNIC.NET -OR- under Gopher at RS.INTERNIC.NET
under menu InterNIC Registration Services (NSI)
submenu InterNIC Registration Archives
file named.root
last update: Aug 22, 1997
related version of root zone: 1997082200
formerly NS.INTERNIC.NET
. 3600000 IN NS A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
formerly NS1.ISI.EDU
. 3600000 NS B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
formerly C.PSI.NET
. 3600000 NS C.ROOT-SERVERS.NET.C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
formerly TERP.UMD.EDU
. 3600000 NS D.ROOT-SERVERS.NET.D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
formerly NS.NASA.GOV
. 3600000 NS E.ROOT-SERVERS.NET.E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
formerly NS.ISC.ORG. 3600000 NS F.ROOT-SERVERS.NET.F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
formerly NS.NIC.DDN.MIL. 3600000 NS G.ROOT-SERVERS.NET.G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
formerly AOS.ARL.ARMY.MIL
. 3600000 NS H.ROOT-SERVERS.NET.H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
formerly NIC.NORDU.NET
. 3600000 NS I.ROOT-SERVERS.NET.I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
temporarily housed at NSI (InterNIC)
. 3600000 NS J.ROOT-SERVERS.NET.J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
housed in LINX, operated by RIPE NCC
. 3600000 NS K.ROOT-SERVERS.NET.K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
temporarily housed at ISI (IANA)
. 3600000 NS L.ROOT-SERVERS.NET.L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
housed in Japan, operated by WIDE
. 3600000 NS M.ROOT-SERVERS.NET.M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 End of File
What are we going to do tonight Brain?
The internet as it stands has highly robust routing -- if you drop a bomb on Cleveland it won't prevent routing to Akron. But (as someone already pointed out) the hierarchical DNS name protocol has it's problems, because there is effectively a small number of "masters" and those masters become a point of vulnerability.
The internet itself (IP4) doesn't provide some other useful things, though, like:
They mention one other point in the article, which is that they hope to build a reliable distributed storage scheme. So once you put a file or object into the distributed store, it isn't local to one place -- kind of like an internet RAID system.
The RIAA is gonna plotz, though: this makes it just that much harder to track down and eliminate all the copies ....
Every university I have ever been to had the worse security of any network I had ever seen. They are going to Build it? From What? Off the shelf gear? Wow, no one else could do that....
Actually one aspect of the 'Net -- network access points -- is remarkably centralised. I've read that anywhere from 40% to 80% of traffic in North America passes through UUNet's network. If UUNet goes down, anywhere from 2/5 to 4/5 of traffic in North America would, if not grind to a halt, be slowed down tremendously. And that's a scary thought.
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
The only portion of the Internet that depends on a central authority, IIRC, is DNS.
But DNS isn't the Internet.
DNS is just an extension to the 'Net, added on later to make URLs easier to understand. Besides, who says we OSS'ers can't come up with, and implement, a better system?
The problem with the Internet that I see, now, is the fact that you need manual effort to fix things like routing issues. Anyone remember about three or four years back when two routers in Florida each thought the other one was the destination for all their incoming connections?
It wouldn't have been so bad if they hadn't told all the other routers in the world that they were where all connections needed to go.
Then there's also the fact that most of Michigan looses its internet connection whenever Chicago has problems. The very nature of hubs make them weak points in the Internet infrastructure.
What's this Submit thingy do?
Secure networks are simple. Just don't plug anyone you don't know into it. Universities have lax security because it is not a priority. Nothing they have would matter if someone else saw it. No one is going to DIE if thier grades get 'stolen'.
:)
however, just because it isn't a priority doesn't mean they couldn't if they wanted to. Don't confuse lack of need with lack of knowledge.
Where things go wrong is when some secretary wants to check her AOL mail, and manages to convince the network admin she is sleeping with to hook 'AOL' into the secure network...
Think it can't happen? LOL
The BIND daemon itself doesn't support /etc/hosts, but you're right that most systems (which generally use the NSS and the BIND resolver library code, these days) still do.
So, sure, your corporate network isn't tied to the root nameservers by anything other than convenience.
But the point of the Internet is *global* connectivity. That means support for millions of clueless AOhell users and their ilk too... and they are utterly dependent on a single naming authority - Verisign.
Fookin' 'ell!
that was damn-near brilliant!
LADIES and GENTLEMEN, Alan Thicke has left the building!
In the future, I would want to not be isolated from my friends in the Space Station.
You are right, it is not a priority, and the politics at a university will not allow any security, and really not the tight secutity they are talking about. They do have a lack of knowlage, but I don't blame the engineers, it has never been a task they are required to do.
Vint talking about the myth
Note he does mention that being Defense-funded, it did have to display some potential for some military usage. So I would agree that it wasn't developed "to survive a nuclear war" but it was likely funded because it could serve a military purpose (command and control capability enhancement).
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
When you have 200 programmers trying to write code for one
product, like Win95 or NT, what you get is a multipule personality
program. By definition, the real problem is that these programs are
psychotic by nature and make people crazy when they use them.
-- Joan Brewer on alt.destroy.microsoft
- this post brought to you by the Automated Last Post Generator...