Presentation on theme: "Malice is a Feature… Nicholas Weaver Malice is a Feature or The Inner-Tubes Are Sewer Pipes, and I Like It That Way Nicholas Weaver International Computer."— Presentation transcript:
Malice is a Feature… Nicholas Weaver Malice is a Feature or The Inner-Tubes Are Sewer Pipes, and I Like It That Way Nicholas Weaver International Computer Science Institute
Malice is a Feature… Nicholas Weaver 2 Malice is A Feature Malice is a testament to network flexibility The same properties which enable botnets and worms allows Skype, Bittorrent, and BOINC (Seti@home) All are end-host applications which can run over the network How is BOINC not a botnet, apart from intent? Locking down malicious activity may have significant collateral damage Detecting global malicious activity can be decidedly dual-use: A system to detect copyright violations or bots in the network traffic would have capabilities which would make even the Stasi hesitant Why should the network have to fix the end host? The only exception is traffic DDoS, which is an attack on the network not the host As for porn, terrorist information sharing, political dissent Do we even want the network to handle theses security issues?
Malice is a Feature… Nicholas Weaver 3 I Dont Want Security to Create A Phone Network Internet The Internet billing model: All you can Eat or Bits is Bits A billing model I cound probably live with: Bits at a given QOS (pick your metric) are Bits at a given QOS (Weak Network Neutrality) Some implications I dont understand But too much network control will create a Phone Network Internet: Bits are Priced on Intent like cellphones are today Data: $20 for 5 GB 2000 Mb/$ Voice: $.04/min at 8 kbps 12 Mb/$ SMS: $.04 for 1 kB 0.2 Mb/$ Not only is SMS the most valuable traffic for the phone company, it also needs the least quality of service Creates huge incentives for ISPs to muck with traffic (This is why ISPs dont want Network Neutrality) IM over IP is a huge potential loss of revenue combared with SMS Skype and Vonage hurt your telecom business Why do you think the iPhone is so incredibly locked down? Many security features enable discriminatory treatment of traffic
Malice is a Feature… Nicholas Weaver 4 And There is Too Much Security Already Available The Great Firewall of China et al The Net treats censorship as damage and routes around it. (John Gilmore) has proven to be severely strained… ISPs are beginning to manipulate traffic Most major ISPs are also telecom & video providers: Why carry the bits of your cheaper competition? Bittorrent uploads? Verso: Eliminate Skype and P2P in your [carrier] network Time/Warner Cable: Not using standard ports is a violation of the AUP because it interferes with traffic shaping Small ISP: Inserting advertisements into all viewed web pages!? NebuAd/Fair Eagle: Profiling users and inserting adds on the wire! AT&T: We will enforce copyright violations in the network! Yes, Virginia, your ISP/Backbone wants to perform deep packet manipulation As well as build some NSA server rooms… So how are the current security tools, in the hands of the ISPs, not already a threat to the open Internet of today? Would future security built into the fabric be any better? Why cant we simply tolerate malice as a feature?
Malice is a Feature… Nicholas Weaver 5 (Backup) What Little Security I actually want: Authenticated and reliable naming and routing: Obvious. If I ask for foo.com, I need to get to foo.com Lightweight authenticated pushback: Traffic DDoS is a Network problem: pushback doesnt solve this, but it puts an upper bound on the number of packets each zombie can send Unsolicited conversation is a feature, but the recipient should be able to cheaply say Go Away and Dont Bug Me Again Mechanism needs to be scalable Probably also requires no spoofing, but ISPs should want this anyway End to end global fairness/congestion control (and a Pony)… Fix the biggest bug in the Internet: we need to enforce fairness along the network path, not at the endpoints But keep the current economics for constructing the network… I have no clue how to even start to think of how to do this: If I did, I would have submitted the FIND proposal already