Presentation on theme: "Nicholas Weaver International Computer Science Institute"— Presentation transcript:
1 Nicholas Weaver International Computer Science Institute Printed: March 27, 2017Malice is a Feature or The Inner-Tubes Are Sewer Pipes, and I Like It That WayNicholas WeaverInternational Computer Science InstituteInternet WormsPaxson, Savage, Voelker, Weaver
2 Malice is A Feature Malice is a testament to network flexibility Printed: March 27, 2017Malice is A FeatureMalice is a testament to network flexibilityThe same properties which enable botnets and worms allows Skype, Bittorrent, and BOINCAll are end-host applications which can run over the networkHow is BOINC not a botnet, apart from intent?Locking down malicious activity may have significant collateral damageDetecting global malicious activity can be decidedly dual-use: A system to detect copyright violations or bots in the network traffic would have capabilities which would make even the Stasi hesitantWhy should the network have to fix the end host?The only exception is traffic DDoS, which is an attack on the network not the hostAs for porn, terrorist information sharing, political dissentDo we even want the network to handle theses security issues?Internet WormsPaxson, Savage, Voelker, Weaver
3 I Don’t Want “Security” to Create A “Phone Network” Internet Printed: March 27, 2017I Don’t Want “Security” to Create A “Phone Network” InternetThe Internet billing model: “All you can Eat” or “Bits is Bits”A billing model I cound probably live with: “Bits at a given QOS (pick your metric) are Bits at a given QOS” (Weak Network Neutrality)Some implications I don’t understandBut too much network control will create a Phone Network Internet: “Bits are Priced on Intent” like cellphones are todayData: $20 for 5 GB 2000 Mb/$Voice: $.04/min at 8 kbps 12 Mb/$SMS: $.04 for 1 kB 0.2 Mb/$Not only is SMS the most valuable traffic for the phone company, it also needs the least quality of serviceCreates huge incentives for ISPs to muck with traffic (This is why ISPs don’t want Network Neutrality)IM over IP is a huge potential loss of revenue combared with SMS Skype and Vonage hurt your telecom businessWhy do you think the iPhone is so incredibly locked down?Many security features enable discriminatory treatment of trafficInternet WormsPaxson, Savage, Voelker, Weaver
4 And There is Too Much “Security” Already Available Printed: March 27, 2017And There is Too Much “Security” Already AvailableThe Great Firewall of China et al“The Net treats censorship as damage and routes around it.” (John Gilmore) has proven to be severely strained…ISPs are beginning to manipulate trafficMost major ISPs are also telecom & video providers: Why carry the bits of your cheaper competition? Bittorrent uploads?Verso: Eliminate Skype and P2P in your [carrier] networkTime/Warner Cable: Not using standard ports is a violation of the AUP because it interferes with traffic shapingSmall ISP: Inserting advertisements into all viewed web pages!?NebuAd/Fair Eagle: Profiling users and inserting adds on the wire!AT&T: We will enforce copyright violations in the network!Yes, Virginia, your ISP/Backbone wants to perform deep packet manipulationAs well as build some NSA server rooms…So how are the current security tools, in the hands of the ISPs, not already a threat to the open Internet of today? Would future security built into the fabric be any better? Why can’t we simply tolerate malice as a feature?Internet WormsPaxson, Savage, Voelker, Weaver
5 (Backup) What Little Security I actually want: Printed: March 27, 2017(Backup) What Little Security I actually want:Authenticated and reliable naming and routing:Obvious. If I ask for foo.com, I need to get to foo.comLightweight authenticated pushback:Traffic DDoS is a Network problem: pushback doesn’t solve this, but it puts an upper bound on the number of packets each zombie can sendUnsolicited conversation is a feature, but the recipient should be able to cheaply say “Go Away and Don’t Bug Me Again”Mechanism needs to be scalableProbably also requires “no spoofing”, but ISPs should want this anywayEnd to end global fairness/congestion control (and a Pony)…Fix the biggest bug in the Internet: we need to enforce fairness along the network path, not at the endpointsBut keep the current economics for constructing the network…I have no clue how to even start to think of how to do this: If I did, I would have submitted the FIND proposal alreadyInternet WormsPaxson, Savage, Voelker, Weaver
Your consent to our cookies if you continue to use this website.