Security Challenges for Future Internet Design Cybertrust PI Meeting Breakout

Breakout Goal and Outcome Bridge the gap between security research in FIND and networking research in CT Spark collaborations on security-related future Internet design issues Outcome: 5-minute report (??)

FIND Summary

Architecture: Placement of Function Intrusion detection, detection of unwanted traffic, etc. actually require cooperation from both host and network Should we be thinking across boundaries? Where should appropriate function be placed/developed? –New address formats –Packet tagging –Should network incorporate help from end hosts? If so, how?

Some Questions How can information observed at end hosts (end systems, etc.) be shared and ultimately incorporated into the protocols that monitor the network "core"? Could routers or other network devices be instrumented to mark traffic in ways that make tasks at the network edge (e.g., host intrusion detection, spam filtering, malware tracking) easier? Could hosts be instrumented to mark traffic in ways that makes conventional network monitoring tasks (e.g., high-speed monitoring in the network core) easier? Could architectural changes make it possible to consider host and network security each solvable without the help of the other, or are the two tasks fundamentally dependent on one another? Could the trust that users build with each other (e.g., through social networks) be used to bootstrap host or network security?

Does free == broken? –(tragedy of the commons) –e.g., Do we need accounting/charging to eliminate unwanted traffic? Need for fine-grained accountability –Can we do this with a future Internet if end hosts are secure? –Is a default-off infrastructure feasible? Would it make a difference? How to avoid centralized, TTP situation? Privacy implications… Does virtualization really provide security? How does this translate to communication (e.g., actually communicating with trusted parties vs. miscreants) How to reconcile privacy with accountability? –At what layer should privacy be incorporated? Network layer? Application layer? –Note: Not necessarily a conflict between accountability and privacy What information about trust, identity, etc. should be cooked into the network layer vs. just taken care of at the application layer? Use of dynamic addresses…tradeoffs worth it? What services are needed? At what layer do we need them? –Need for cross-layer design? Reinvention of functions… Shouldnt location, time, and context be brought into the architecture? The network should be configurable in terms of the accountability it provides (and that configuration should also be accountable). We need mechanisms for resolving disputes between users/operators, … What can we do about covert channels? (probably nothing) What if we dont trust the hardware and software on the end hosts? Can we even hope to build a reliable network? –Complete record of data provenance Compressive sensing What can we learn from the past? (e.g., DiffServ) –Will better QoS lead to better security? –Study successes, failures. Need some parables. Different virtual networks for different security postures? If we could fix the end host, how much in the network would we need to fix? –If we could put some accountability at the edge, what functions would we need in the network?