Universities Tapped To Build Secure Net

Wes Felter writes "InfoWorld reports that the National Science Foundation (NSF) has enlisted five university computer science departments to develop a secure, decentralized Internet infrastructure. I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing. The article quotes Frans Kaashoek from MIT PDOS, which is working on decentralized software such as Chord."

fix the spammers

[SirSlud]

> I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.

The only thing that needs fixing is the spammers. You know, so they can't have kids who take up the family business. We could even have Bob Barker provide the PSA at the end of Price Is Right episodes. ("Remeber to have your spammers spayed or neutered.")

Agents, Security

[goombah99]

If you want a decentralized secure system you have to create a system that does not need an omnisceint trusted party. In otherwords you need an agent based system where each agent's local utility function is such that by optimizing it, it approximates the global utility function. This does not enforce security, but by clever design of the local utility function could make for a bobust system even with "evil" agents.

Re:Agents, Security

[Zeinfeld]

If you want a decentralized secure system you have to create a system that does not need an omnisceint trusted party.

So goes the dogma. The problem is that if you stick to that dogma the systems tend to be full of technology that is there just to get rid of the posibility of a single master party.

A much better approach in practice is to separate out the logical and infrastructure elements of the problem. For example the Internet currently depends on there being only one logical service set associated with a particular IP address (convoluted phraseology due to the existence of anycast). That is you do not want there to be two companies that claim to 'own' the same IP address.

Some folk want it to be possible for two people to share a DNS name. That is not a good idea either.

What is a good idea is for services like Google to be able to return multiple listings for the same query..

In other words, there is a need for unique identifiers which for the sake of convenience we call names and addresses. There is also a need for keyword identifiers that can be shared by many parties.

How so?

[YanceyAI]

But what is really exciting is that if we succeed, we could change the world.

If they do succeed, how exactly have the changed the world? Am I missing the point? Do I just not get it? Won't they just have changed the Internet...and in a way that would be seamless to most users? Isn't the general consensus that we are not all that vunerable.

The broken internet

[Kickstart70]

The internet is horribly vulnerable as it is. It's not so much a problem of pure decentralization as it is one of too many people/requests to handle through too tight a pipe if the other pipe goes down.

As an example...if one day some serious news happened that caused everyone to get on the net at once (Kyoto Earthquake, OJ Simpson on the freeway, Iraq drops a nuclear bomb), and this coincided with a failure of some large piece of hardware along the western coast (under extreme load), the remaining paths for much of this area would be so bogged down as to be useless. Effectively the internet would break under the pressure.

What needs to happen to avoid the problem here is have many more paths for the data to flow, which requires better hardware and further decentralization (would love to see everyone's cable modem be a small internet router for people's data to travel through). Barring that, with the increased worldwide participation on the net expect that some days you just won't be able to use it.

Kickstart

Re:The broken internet

[shren]

would love to see everyone's cable modem be a small internet router for people's data to travel through

Is it just me, or is that statement total technobabble? Say I put a router in my house. Where does the data go through it to?

Re:The broken internet

[jonadab]

> Is it just me, or is that statement total technobabble? Say I put
> a router in my house. Where does the data go through it to?

The OP was probably confused about what cable modems do, but he
brings up an interesting point...

With a heirarchical routing system like what TCP/IP uses, it can
pretty much only go upstream to the backbone. It is possible for
a network to be designed so that there's no backbone, and the data
can be routed wherever there are open connections -- so that if you
have ethernet connections to the people in the houses nextdoor and
a wireless connection to your relatives across town and another to
your mobile phone (which connects to your phone service provider)
and a DSL connection to an ISP, data could be routed in one of
these connections and out the other.

Such a system would have higher latency, because it would have
more hops, but the bandwidth could be okay, if _everybody_ runs
fiber to the house nextdoor. TCP/IP won't work, because it can't
do routing in that kind of environment; some kind of routing
protocol would have to be devised that understood the topology
of such a network (perhaps by using latitude and longitude as
metrics for the routing, along with other factors such as "how
busy is the network in that direction"). The really major problem
with such a system is, how much do you charge your neighbors to
route their data, and what about the people whose data your
neighbors are routing (through you), and so on? Unless everyone
suddenly becomes a fair player (haha), the network protocols
(or their implementation) would have to include some kind of
reciprocal quota system or somesuch, which would add complexity
and drive the latency up, possibly beyond usefulness.

DNS and IP allocation not decentralized

[Bookwyrm]

Neither the DNS system (root servers), or the allocation/control of IP address(ing) is decentralized -- they may be heirarchial, but both still have a root.

It will be interesting to see if IPv6 will use geographic hierarchies for routing, or even relaxes the hierarchial assignment-scheme at all. If your IPv6 suffix is static/fixed (based on your MAC address, say), and your IPv6 prefix is from the current network/area you are in, that will be an interesting tool to let people track devices as they move around/between networks.

Current Internet not *that* decentralized

[Duderstadt]

Quoth the poster:

I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.

Not quite. The primary vulnerability lies within the Root DNS servers, which contain all DNS information for the entire Internet*. IIRC, there are only eleven or twelve of them. And because each replicates its data set to all other Root servers, catastrophic failure of one would bring down all of the others.

If that ever happens, you can pretty much say goodbye to the Net, at least temporarily.

*Actually, I think they hold the addresses of all Local DNS servers, which is basically the same thing.

Re:Current Internet not *that* decentralized

[glwtta]

And because each replicates its data set to all other Root servers, catastrophic failure of one would bring down all of the others.

Um, very untrue - the primary root server replicates the data to the rest. If a non-primary root server goes down, you don't notice it. If the primary one goes down, the function is moved to any one of the rest (and you still don't notice it). Basically something like 3 or 4 of them have to go out before Joe InternetUser will notice any effect, and even then it would be somewhat inconvinient, not "catastrohpic". (This is what I rember from some article on the topic awhile back - it's not like I know anything about these things.)

Re:Current Internet not *that* decentralized

[Alien+Being]

This is informative?

The "root servers" contain the locations of the "top level domain (TLD) servers". They can answer queries such as "where is the DNS for .com?"

The TLD servers contain locations of the "next-to-top level domain servers. They can answer queries such as "where is the DNS for IBM.com?"

IBM's own DNS can answer the question "where is www.ibm.com?".

The system is already decentralized to the point that an attacker would have to hit numerous targets to have any significant effect. The only "central point" is the "source files" that feed the upper-level DN servers. Decentralizing those sources would turn the Net into anarchy. "I'm the DNS for .com", "no, I'm the DNS for .com".

I suppose you *could* decentralize the sources, but you would need to implement a system of trust which would have its own center.

Re:Current Internet not *that* decentralized

[gclef]

13 actually. And the replication doesn't quite work the way you claim: the 13 are all actually secondaries to a "hidden" primary.

The main problem with that system, though, is that one mistake on the hidden primary (which has happened) screws up the entire system. And, yes, many many zones were hosed for a while as Network Solutions tried to figure out what the hell they did. And, of course, there's only 13 machines to DoS before all DNS becomes totally useless.

Clarification

[I_am_Rambi]

DHT is like having a file cabinet distributed over numerous servers

Is this DHT going to be decentralized so different servers are throughout the country? If so, would yahoo hold files for google? If it is this way, it sounds like my credit card data would be insecure. (Say a p0rn site is holding data for ebay)

Or is it more like a backup of the server that is in the same room? If it is this way, don't most organizations that host their own site have more than one server with the same data?

Or am I just totally confused?

NIIIP

[Gaggme]

The infrastructure of the internet has evolved out of the past few decades yet many key parts are still integral to the existance of the Internet.

After 9/11 several security consultants met in a Senate hearing and demonstrated in a simulation, how the removal of a few key segments could cripple internet traffic (granted some of the plan involved small amount of urban sabatoge).

The internet if scaled down could be compareable to the P2P networks. 90% of content on the internet is provided by less than 10% of computers connected.

The people at http://www.niiip.org/ have amazing documents with regard to security and how the infrastructure of the internet works. Well worth a read.

Another good spot for information, though slightly tainted, is http://www.iisweb.com/. They offer a skewed view of security, as well as some examples of "Worse Case Senarios"

No longer decentralized.

[Ashurbanipal]

> I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing.

Since every release of BIND ties us more thoroughly to ICANN-dominated centralised name control, I'd guess that DNS would be what they are fixing.

It used to be easy to use alternative roots in conjunction with the "authoritative" (authoritarian?) roots... but now it's one or the other. Caveat - I haven't tried the BIND alternatives yet, there are only so many hours in the day.

The namespace of the Internet is hosed, even USENET's namespace.namespace.namespace is more useful. And the geographic separation of the root nameservers doesn't matter much when all change authority is vested in a single entity.

Replication has its own dangers

[fleabag]

The idea that just because storage is distributed, then it is secure, is only partially true.

If your data is distributed, and one server gets taken out, then fine, you still have service, and the downed server can be re-synched.

If your data is distributed, and someone updates it, then the update is faithfully replicated - even if it is wrong. I work for a company that has its Lotus Notes address database distributed across > 50 locations. One of these would probably survive World War III. Unfortunately, a few years ago, none of them survived a deletion, followed by automatic replication. Took us down for a day, becuase the tapes were only in 1 location.

Of course, you could skip the replication. The you have the non-trivial problem of finding the latest version.

insert RIAA joke here

[Merik]

"The researchers hope that they can create a robust, distributed network that could essentially act as a secure storage system for the Internet. Governments, institutions and businesses worldwide could theoretically choose to place their data in the secure system, which would minimize the effects of outage or attack."

This seems it would reduce an individual entity's loss to an attack with the idea of, everyone loses a little rather than one losing alot. But it also seems, even though the details in this article are lacking, that physical security of boxes would become more important.

Should the british goverment, a university, and whoever else, trust a small buisness in san diego to house its part data.

the only way this would work from a security stand point would be to make the information that is spread out over 50 or so computers not accessible from the machine its hosted in on. and it seems this would be pretty much impossible(er.. hackerd00ds) from a purely software approach....

do you trust me with your data? um... i dont

Re:What's new about it

[Salamander]

The Rice connection almost certainly has to do with Peter Druschel and Pastry (for which the other PI seems to be Antony Rowstron of Microsoft Research, interestingly enough). I'm not totally sure of the ICSI connection, but they seem to be closely affiliated with UCB and I know that Ion Stoica works in these areas. OceanStore, CFS/SFS, Pastry, Kademlia - it's definitely a pretty good collection. A lot of the top people in DHT/DOLR (Distributed Hash Table, Distributed Object Location and Routing) research are involved, and I'd love to know how they plan to converge their various efforts toward a common solution.

Its the storage stupid!

[DaoudaW]

C'mon guys did you even read the article. NSF is not proposing changing the structure of the web, rather they are hoping to utilize the structure to make data more secure by storing it in decentralized fashion. No one server will contain enough data to reconstruct the file, any server can crash and the file will still be available.

real decentralization is needed

[TheSHAD0W]

The current internet was designed to be decentralized, with no specific backbone required; routers would figure out what paths to send what packets over. Scaling-wise, it's been pretty successful. Redundancy-wise, it is less than so. A bad route typically doesn't result in a smooth transfer to another link unless a lot of work has been done to assure it would happen; instead, packets are dropped and communications are badly disrupted.

I had a perfect example of that happen to my current ISP; after getting terrible communications errors, I called them. Turns out one of three of their routes was out; they reset a router, and everything was copacetic. But the other two routes should have been able to handle the traffic. They didn't.

With the advent of IP6, the structure of the net becomes even more convoluted, and errors may become even more difficult to handle. In order to have a nice, stable internet, a system of handling broken routes needs to be integrated into the new spec.

Re:Obviously then...

[pe1rxq]

Or something really decentralized...
Most of the internet indeed is decentralized, but take out the root servers and the internet is gone...

Jeroen

Re:You dont know what you are talking about

[Zeinfeld]

You dumb troll, the arpanet was designed exactly to be a self healing system to survive nuclear attack

No, it was not, Vint Cerf has dispelled that myth a number of times.

The Internet does not emply flood fill routing or any of the technologies that one would want to have available if you wanted to survive a nuclear attack.

TCP/IP was actually designed with the idea that networks could be quickly assembled with minimal configuration issues and without the need for every node to have access to a central co-ordination point.

The Internet does actually have one central coordination point, the A root of the DNS service. However that is decoupled from the minute by minute actions of the Internet hosts so that the A root could in theory go down and come back up without a calamity (but nobody wants to try to find out!).

Re:You dont know what you are talking about

[kaladorn]

You suggest Vint Cerf dispelled the myth a number of times that the Internet was designed to withstand (in this case, gracefully degrade) under a nuclear attack. I'd be most interested to see a link to somewhere where this is quoted. Most textbooks relating to TCP/IP propagate this alleged myth and I'd be interested to see what exactly Vint said.

I was always under the impression that the decentralized nature of the original network was a design criteria which arose from the desire to withstand (or degrade gracefully more correctly stated) in the event of significant damage to the overall infrastructure. Are you suggesting this is not the case? If so, I'd _really_ like to see the sources you have used to arrive at this conclusion.