������������������ ���������������������� � � �������������������������������� ����������������������������������������� �������������������������������������������� Module: Future of the Internet Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1
Current Internet • Commissioned in the 1960s • Global system of interconnected networks • Communicate over common protocols - TCP/UDP/IP • Foundation for World Wide Web (1990s) • As of 2014, nearly 38% of the world’s population has used Internet services in the last year • By 2002, 92% of US classrooms had Internet access • One of the top innovations of the 20th Century Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2
Satisfied? • Are you satisfied with the current internet? ‣ What kinds of problems are you having? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3
Satisfied? • Are you satisfied with the current internet? ‣ What kinds of problems are you having? SCION: Scalability,*Control*and*Isola2on*On* Next7Genera2on*Networks * Xin$Zhang,$Hsu-Chun$Hsiao,$Geoff$Hasker,$$ Haowen$Chan,$Adrian$Perrig,$David$Andersen$ 1 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4
Satisfied? A7er*years*of*patching,*the*Internet*is*s'll* neither*Reliable*nor*Secure! * Feb*2008:*Pakistani*ISP*hijacks*YouTube*prefix* Applica'on* Apr*2010:*A*Chinese*ISP*inserts*fake*routes* affec'ng*thousands*of*US*networks.* * SUBGP*origin SUBGP*route* Transport* Nov*2010:*10%*of*Internet*traffic*'hijacked'*to* aXesta'on * aXesta'on * Chinese*servers*due*to*DNS*Tampering.* Network* Mul'Upath* DNSSec * Data*link* rou'ng * ! Fixes*to*date*–*ad*hoc,*patches* ! Inconvenient*truths* Physical* " SUBGP:*delayed*convergence** " Global*PKI:*single*root*of*trust* 3 " Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5
Internet Lessons Learned • We cannot depend on the discipline or sophistication of users • We cannot depend on correct user configuration of controls such as ACLs or firewalls • We cannot depend on security models based on managed trust assumptions • We cannot depend on IDS • We cannot depend on application designers to pay attention to security • We cannot depend on ISPs to perform security checks • We cannot depend on legal deterrence Systems and Internet Infrastructure Security Laboratory (SIIS) Page 6
End-to-end principle • We cannot depend on the discipline or sophistication of users • We cannot depend on correct user configuration of controls such as ACLs or firewalls • We cannot depend on security models based on managed trust assumptions • We cannot depend on IDS • We cannot depend on application designers to pay attention to security • We cannot depend on ISPs to perform security checks • We cannot depend on legal deterrence • What do these say about the end-to-end principle? Systems and Internet Infrastructure Security Laboratory (SIIS) Page 7
Fix the Internet’s Problems • Extend/add new layers to address limitations ‣ Pros : minimize disruption ‣ Cons : Can still exploit vulnerabilities in other layers • E.g., Secure channel between BGP hosts does insure info sent on that channel is secure in the first place • Clean slate design ‣ Cons : Expensive and perhaps difficult to adopt ‣ Pros : Free to solve problems in a compatible way Systems and Internet Infrastructure Security Laboratory (SIIS) Page 8
Clean Slate Goals • Availability ‣ Systems are both well-behaved and allowed to communicate by the policies of the interconnecting networks • Security ‣ Defensible position on the role of the network in supporting the end-host security • Flexibility and Extensibility ‣ Lots of capabilities can be added Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9
End Node Security • Critical technology: Firewalls • Protect communications to end nodes - block some attack vectors comprehensively • But, such protection is “imperfect” • Do not deal with insiders • Lots of things act as a form of a firewall • Different layers - e.g., application layer firewalls • Different locations - e.g., gateways and end nodes • Impact of encrypted traffic - make network privy • Impact of end-to-end principle - more smarts in net Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10
End Node Security • Firewalls only part of the solution • “Defense in depth” - what does that mean? • What other defenses can work with firewall? • Application defenses • E.g., email servers outsourcing spam detection • How can this be integrated into a general architecture? • Detection and recovery • When and how to cut off a machine (no false positives)? • When and how to restore that machine? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11
Next-Gen Improvements • What would you propose? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12
Routing Paths Limita&ons*of*the*Current*Internet * ! Des&na&on*or*ISP*have*no*control*over*inbound*paths* A* Prefer*the** red*path*…* B* M* C* D’s*prefix*here!* D* ! Route*inconsistencies* " Forwarding*state*may*be*different*from*announced*state* 5 " Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13
Border Gateway Protocol • Protocol to exchange routing and reachability information between autonomous systems (AS) on the Internet. • What happens if malicious BGP messages are sent? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14
Wishes Wish%List%(1):%Isola0on % ! %Isola0on%of%a;acks% ! %Scalable%and%reliable%rou0ng%updates% ! %Operate%with%mutually%distrus0ng%en00es%without%a%global%single% root%of%trust:%enforceable%accountability% …%…% …%…% …%…% %…% …%…% L3% I2% A% B% C% PSC% M% D% CMU% A;acks % (e.g.,%bad%routes) % 7 " Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15
Wishes Wish%List%(2):%Balanced%Control % ! Transit%ISPs,%source%and%desHnaHon%all%need%path%control% …%…% …%…% …%…% I2% L3% Hide%the%peering%% link%from%CMU% A% B% C% PSC% D% CMU% 8 8 " " Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16
Wishes Wish%List%(3):%Explicit%Trust % ! Know%who%needs%to%be%trusted% …%…% …%…% …%…% ! Absence%of%consistency%in%BGP% X% Y% Z% prevents%knowing%exactly%who%needs% Internet% to%be%trusted% Level%3% I2% PSC% Who%will%forward% packets%on%my%path?% CMU% 9 " Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17
Goals SCION Architectural Goals • High availability, even for networks with malicious parties • Explicit trust for network operations • Minimal TCB: limit number of entities that need to be trusted for any operation – Strong isolation from untrusted parties • Operate with mutually distrusting entities – No single root of trust • Enable route control for ISPs, receivers, senders • Simplicity, efficiency, flexibility, and scalability 10 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18
Paths Path Construction Goal: each endpoint learns multiple verifiable paths to its core • Discovering paths via Path Construction Beacons (PCBs) ! TD Core periodically initiates PCBs ! Providers advertise upstream topology to peering and customer ADs • ADs perform the following operations ! Collect PCBs ! For each neighbor AD, select which k PCBs to forward ! Update cryptographic information in PCBs • Endpoint AD will receive up to k PCBs from each upstream AD, and select k down-paths and up-paths 13 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 19
Isolation Trust Domain Decomposition • Global set of TD (Trust Domains) ! Map to geographic, political, legal boundaries • TD Core: set of top-tier ISPs that manage TD ! Route to other TDs ! Initiate path construction beacons ! Manage Address and Path Translation Servers ! Handle TD membership ! Root of trust for TD: manage root key and certificates • AD is atomic failure unit, contiguous/autonomous domain ! Transit AD or endpoint AD 12 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 20
Isolation Cross%TD(Forwarding ( TD:(isola2on(of(route( TD(cores:(interconnected( computa2on ( large(ISPs ( core ( core ( Down%paths ( Up%paths ( AD:(atomic( failure(unit ( Des2na2on( Source( 20 # Systems and Internet Infrastructure Security (SIIS) Laboratory Page 21
Next-Gen Proposals • Not the only such project • 3 NSF-funded efforts • XIA (CMU and partners) • One goal: directly access content where it is most easily accessible (e.g., for vehicular network) • Named Data Networking (UCLA and partners) • Foci: Naming, trust management, congestion management, evaluation metrics • MobilityFirst • Mobile devices drive changes in service, trust, etc. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22
Recommend
More recommend
