Slashdot Mirror
Universities Tapped To Build Secure Net
Wes Felter writes "InfoWorld reports that the National Science Foundation (NSF) has enlisted five university computer science departments to develop a secure, decentralized Internet infrastructure. I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing. The article quotes Frans Kaashoek from MIT PDOS, which is working on decentralized software such as Chord."
> I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.
The only thing that needs fixing is the spammers. You know, so they can't have kids who take up the family business. We could even have Bob Barker provide the PSA at the end of Price Is Right episodes. ("Remeber to have your spammers spayed or neutered.")
"Old man yells at systemd"
If you want a decentralized secure system you have to create a system that does not need an omnisceint trusted party. In otherwords you need an agent based system where each agent's local utility function is such that by optimizing it, it approximates the global utility function. This does not enforce security, but by clever design of the local utility function could make for a bobust system even with "evil" agents.
Some drink at the fountain of knowledge. Others just gargle.
If they do succeed, how exactly have the changed the world? Am I missing the point? Do I just not get it? Won't they just have changed the Internet...and in a way that would be seamless to most users? Isn't the general consensus that we are not all that vunerable.
Can I bum a sig?
The internet is horribly vulnerable as it is. It's not so much a problem of pure decentralization as it is one of too many people/requests to handle through too tight a pipe if the other pipe goes down.
As an example...if one day some serious news happened that caused everyone to get on the net at once (Kyoto Earthquake, OJ Simpson on the freeway, Iraq drops a nuclear bomb), and this coincided with a failure of some large piece of hardware along the western coast (under extreme load), the remaining paths for much of this area would be so bogged down as to be useless. Effectively the internet would break under the pressure.
What needs to happen to avoid the problem here is have many more paths for the data to flow, which requires better hardware and further decentralization (would love to see everyone's cable modem be a small internet router for people's data to travel through). Barring that, with the increased worldwide participation on the net expect that some days you just won't be able to use it.
Kickstart
Neither the DNS system (root servers), or the allocation/control of IP address(ing) is decentralized -- they may be heirarchial, but both still have a root.
It will be interesting to see if IPv6 will use geographic hierarchies for routing, or even relaxes the hierarchial assignment-scheme at all. If your IPv6 suffix is static/fixed (based on your MAC address, say), and your IPv6 prefix is from the current network/area you are in, that will be an interesting tool to let people track devices as they move around/between networks.
If you think about it, the DNS servers are a "centralized" systems. With the Root Servers, if I query my DNS server at home, and cannot find www.fubar.com, I query one of the DNS root servers to find which DNS server has the records I need.
/.ed. Or, in a less extreme case, it could take quite a while for my query for www.fubar.com to pass through.
Now imagine, what if one of those root servers went down. The other servers have to take the load of the failed server. Now imagine two went down, however unlikely, but that puts loads of extra traffic on the remaing servers. After a while, this will add up. Now, I admit, it is probibly very unlikely, but with enough traffic, even a root server could be
Is this thing on?
I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.
The Internet is designed to be decentralized but it is built to maximize profit.
I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.
Not quite. The primary vulnerability lies within the Root DNS servers, which contain all DNS information for the entire Internet*. IIRC, there are only eleven or twelve of them. And because each replicates its data set to all other Root servers, catastrophic failure of one would bring down all of the others.
If that ever happens, you can pretty much say goodbye to the Net, at least temporarily.
*Actually, I think they hold the addresses of all Local DNS servers, which is basically the same thing.
DHT is like having a file cabinet distributed over numerous servers
Is this DHT going to be decentralized so different servers are throughout the country? If so, would yahoo hold files for google? If it is this way, it sounds like my credit card data would be insecure. (Say a p0rn site is holding data for ebay)
Or is it more like a backup of the server that is in the same room? If it is this way, don't most organizations that host their own site have more than one server with the same data?
Or am I just totally confused?
The infrastructure of the internet has evolved out of the past few decades yet many key parts are still integral to the existance of the Internet.
After 9/11 several security consultants met in a Senate hearing and demonstrated in a simulation, how the removal of a few key segments could cripple internet traffic (granted some of the plan involved small amount of urban sabatoge).
The internet if scaled down could be compareable to the P2P networks. 90% of content on the internet is provided by less than 10% of computers connected.
The people at http://www.niiip.org/ have amazing documents with regard to security and how the infrastructure of the internet works. Well worth a read.
Another good spot for information, though slightly tainted, is http://www.iisweb.com/. They offer a skewed view of security, as well as some examples of "Worse Case Senarios"
My ignorance is a perfect shield against your logic.
The InfoWorld article describes a secure distributed storage system, not just plain old messaging connectivity. There aren't too many such beasts around; usually it's more of a "distributed, secure, usable - pick two" kind of thing. Some of the projects that approach the goal of combining all three actually seem to sharing the IRIS award - i.e. OceanStore at Berkeley and various projects at NYU. I don't know off the top of the head how ICSI and Rice fit in, but I'm about to go check their sites because I'll bet it's interesting.
Slashdot - News for Herds. Stuff that Splatters.
The design is meant to be decentralized (except for some databases like DNS) but in practice it isn't nearly as decentralized as it should be.
I remember an anecdote about some company that installed multiple data feeds from multiple vendors to ensure reliability--redundancy is always good, right? Some construction worker was fixing a pipe and cut a fiber cable and sure enough, the company was offline. The different vendors all shared the same fiber so the redundancy wasn't real.
Tons of traffic gets jammed through a few key distribution routes. I'll bet the typical internet user sends traffic through many routers with no backups--you could probably shut down my home cable modem service by pulling the plug on any of at least half-a-dozen routers before it gets out of the provider's internal network. Redundancy in the backbone is nice, but useless if the endpoints are vulnerable.
- Russ
Since every release of BIND ties us more thoroughly to ICANN-dominated centralised name control, I'd guess that DNS would be what they are fixing.
It used to be easy to use alternative roots in conjunction with the "authoritative" (authoritarian?) roots... but now it's one or the other. Caveat - I haven't tried the BIND alternatives yet, there are only so many hours in the day.
The namespace of the Internet is hosed, even USENET's namespace.namespace.namespace is more useful. And the geographic separation of the root nameservers doesn't matter much when all change authority is vested in a single entity.
The idea that just because storage is distributed, then it is secure, is only partially true.
If your data is distributed, and one server gets taken out, then fine, you still have service, and the downed server can be re-synched.
If your data is distributed, and someone updates it, then the update is faithfully replicated - even if it is wrong. I work for a company that has its Lotus Notes address database distributed across > 50 locations. One of these would probably survive World War III. Unfortunately, a few years ago, none of them survived a deletion, followed by automatic replication. Took us down for a day, becuase the tapes were only in 1 location.
Of course, you could skip the replication. The you have the non-trivial problem of finding the latest version.
You dumb troll, the arpanet was designed exactly to be a self healing system to survive nuclear attack. Time after time, earthquakes and power failures have not killed the internet. And if everyone got on at the same time it might suck in thoughput and packet loss but it would function because it has done so.
Some drink at the fountain of knowledge. Others just gargle.
This seems it would reduce an individual entity's loss to an attack with the idea of, everyone loses a little rather than one losing alot. But it also seems, even though the details in this article are lacking, that physical security of boxes would become more important.
Should the british goverment, a university, and whoever else, trust a small buisness in san diego to house its part data.
the only way this would work from a security stand point would be to make the information that is spread out over 50 or so computers not accessible from the machine its hosted in on. and it seems this would be pretty much impossible(er.. hackerd00ds) from a purely software approach....
do you trust me with your data? um... i dont
--
What is the sound of this sentence?
Sounds like they mean they want to store related information in a redundant way so that if one part of the network goes down you can still access the info. Like a RAID array.
~ now you know
This is interesting why? The "chosen" contains (1) MIT PDOS and two schools (NYU and UCB) where MIT PDOS alumni have recently been hired, (2) a network shop (ICSI/ACIRI) and (3) a security shop (Rice). Like many such "picks," it reflects human connections and a fit with someone's agenda more than some abstract notion of organizational merit.
C'mon guys did you even read the article. NSF is not proposing changing the structure of the web, rather they are hoping to utilize the structure to make data more secure by storing it in decentralized fashion. No one server will contain enough data to reconstruct the file, any server can crash and the file will still be available.
Memory fades, but -- reportedly -- someone at Network Solutions in Herndon loaded the wrong, or bad, DNS tape a few years ago. So, for the better part of a day, lots of helpless little packets went to the wrong place.
Anyone know if there's some truth in this, or is it another myth of the Internet?
-- Slashdot: When Public Access TV Says "No"
The current internet was designed to be decentralized, with no specific backbone required; routers would figure out what paths to send what packets over. Scaling-wise, it's been pretty successful. Redundancy-wise, it is less than so. A bad route typically doesn't result in a smooth transfer to another link unless a lot of work has been done to assure it would happen; instead, packets are dropped and communications are badly disrupted.
I had a perfect example of that happen to my current ISP; after getting terrible communications errors, I called them. Turns out one of three of their routes was out; they reset a router, and everything was copacetic. But the other two routes should have been able to handle the traffic. They didn't.
With the advent of IP6, the structure of the net becomes even more convoluted, and errors may become even more difficult to handle. In order to have a nice, stable internet, a system of handling broken routes needs to be integrated into the new spec.
Thanks; the article was a little unclear about what this project is actually about. Part of it talked about the Internet in general, part of it was about DHTs, and buried in there was a mention of storage.
That is why it is interesting. I suspect it is not the best arrangement, and therefore exploring why it happened as it did can lead to a better understanding of what is right/wrong in the scientific community. Always room for improvement.
The Internet is decentralized. The services required to operate it are not. Central administration is required for domain name resolution and routing tables... I'm sure there are other things, but I'm not an Inet expert.
:-)
Perhaps they are trying to make a self organizing network... automatic rerouting, dynamic topology creation, decentralized name resolution. Similar ideas have been discussed with P2P networks.
Perhaps they are designing a network using P2P concepts.
And perhaps I should just read the article.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
This sounds more like some politicos trying to 'make a diffrence' over something that doesn't need to be dealt with.
NO ONE relies on the Internet for matters of 'life and death', which is the only reason you would go to the expense/aggrivation to make something that fault tolerant (can you hear the drums beating out the old 'we must be safe from everything' rythm?).
When people couldn't get all the pretty pictures on the last few disasters we have had online, what did they do. They went to a medium better suited for broad and instantaneous information distribution. Television and Radio! What a concept! An amazing technology that is capable of reaching millions of people within range of any one of hundreds of 'broadcast stations' located all over the planet!
Of course, because the Internet doesn't work that way, there must be something wrong with it, right?
This reminds me of the telcos demanding QoS for IP, so they could start using a more familiar revenue model for IP and IP services...
Anyone who's dealt with memory or disk allocation knows that performance suffers when a resource (file, data string, etc.) is fragmented over several locations on the same physical unit. This is why smart Oracle DBAs define storage parameters when they create objects, why smart Windows users run "Defrag" on their FAT volumes periodically, etc.
If I understand the (altogether too brief) article correctly, the "secure net" will work by fragmenting a file across multiple servers, in multiple locations. To get the most recent copy of a file, any given node will have to go out onto the network and retrieve all the pieces that aren't stored locally. This is sure to yield much poorer performance than a purely-local retrieval (not to mention the inherent security risk of transferring data over the network...)
What am I missing here
some kind of routing protocol would have to be devised that understood the topology of such a network (perhaps by using latitude and longitude as metrics for the routing,
That smacks of geolocation to me. People don't want others to know their incoming IP addresses, let alone their real coordinates!
Distributed routing could work, but I can see a lot of ways for such a decentralized approach to break down.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Security of data relates to secure hosts and secure encrypted traffic and security of web services relates to secure hosts and authentication of users. Security of the network itself relates to the physical security of the hardware and transmission lines, the redundancy of the hardware, the adaptability of the software for routing and other network services, etc.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Please explain how this is decentralized, not to mention secure:
/domain/named.root
This file is made available by InterNIC registration services
under anonymous FTP as
file
on server FTP.RS.INTERNIC.NET -OR- under Gopher at RS.INTERNIC.NET
under menu InterNIC Registration Services (NSI)
submenu InterNIC Registration Archives
file named.root
last update: Aug 22, 1997
related version of root zone: 1997082200
formerly NS.INTERNIC.NET
. 3600000 IN NS A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
formerly NS1.ISI.EDU
. 3600000 NS B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
formerly C.PSI.NET
. 3600000 NS C.ROOT-SERVERS.NET.C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
formerly TERP.UMD.EDU
. 3600000 NS D.ROOT-SERVERS.NET.D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
formerly NS.NASA.GOV
. 3600000 NS E.ROOT-SERVERS.NET.E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
formerly NS.ISC.ORG. 3600000 NS F.ROOT-SERVERS.NET.F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
formerly NS.NIC.DDN.MIL. 3600000 NS G.ROOT-SERVERS.NET.G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
formerly AOS.ARL.ARMY.MIL
. 3600000 NS H.ROOT-SERVERS.NET.H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
formerly NIC.NORDU.NET
. 3600000 NS I.ROOT-SERVERS.NET.I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
temporarily housed at NSI (InterNIC)
. 3600000 NS J.ROOT-SERVERS.NET.J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
housed in LINX, operated by RIPE NCC
. 3600000 NS K.ROOT-SERVERS.NET.K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
temporarily housed at ISI (IANA)
. 3600000 NS L.ROOT-SERVERS.NET.L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
housed in Japan, operated by WIDE
. 3600000 NS M.ROOT-SERVERS.NET.M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 End of File
What are we going to do tonight Brain?
Maybe I'm totally missing this, but _how_ was that offtopic? These universities want to create a system that stores redundant data on several servers, thus decentralizing that data and ensuring that if one server dies, the data is still available. Freenet (http://freenetproject.org/) is the exact same thing, on a larger scale.
From the webpage: "Freenet is a large-scale peer-to-peer network which pools the power of member computers around the world to create a massive virtual information store open to anyone to freely publish or view information of all kinds."
"I may be quite wrong." - Socrates
Actually one aspect of the 'Net -- network access points -- is remarkably centralised. I've read that anywhere from 40% to 80% of traffic in North America passes through UUNet's network. If UUNet goes down, anywhere from 2/5 to 4/5 of traffic in North America would, if not grind to a halt, be slowed down tremendously. And that's a scary thought.
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
The only portion of the Internet that depends on a central authority, IIRC, is DNS.
But DNS isn't the Internet.
DNS is just an extension to the 'Net, added on later to make URLs easier to understand. Besides, who says we OSS'ers can't come up with, and implement, a better system?
The problem with the Internet that I see, now, is the fact that you need manual effort to fix things like routing issues. Anyone remember about three or four years back when two routers in Florida each thought the other one was the destination for all their incoming connections?
It wouldn't have been so bad if they hadn't told all the other routers in the world that they were where all connections needed to go.
Then there's also the fact that most of Michigan looses its internet connection whenever Chicago has problems. The very nature of hubs make them weak points in the Internet infrastructure.
What's this Submit thingy do?
Fookin' 'ell!
that was damn-near brilliant!
LADIES and GENTLEMEN, Alan Thicke has left the building!
In the future, I would want to not be isolated from my friends in the Space Station.
Vint talking about the myth
Note he does mention that being Defense-funded, it did have to display some potential for some military usage. So I would agree that it wasn't developed "to survive a nuclear war" but it was likely funded because it could serve a military purpose (command and control capability enhancement).
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."