Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nicholas Weaver International Computer Science Institute

Published byMatthew McFadden Modified over 11 years ago

Similar presentations

Presentation on theme: "Nicholas Weaver International Computer Science Institute"— Presentation transcript:

1 Nicholas Weaver International Computer Science Institute
Printed: March 27, 2017 Malice is a Feature or The Inner-Tubes Are Sewer Pipes, and I Like It That Way Nicholas Weaver International Computer Science Institute Internet Worms Paxson, Savage, Voelker, Weaver

2 Malice is A Feature Malice is a testament to network flexibility
Printed: March 27, 2017 Malice is A Feature Malice is a testament to network flexibility The same properties which enable botnets and worms allows Skype, Bittorrent, and BOINC All are end-host applications which can run over the network How is BOINC not a botnet, apart from intent? Locking down malicious activity may have significant collateral damage Detecting global malicious activity can be decidedly dual-use: A system to detect copyright violations or bots in the network traffic would have capabilities which would make even the Stasi hesitant Why should the network have to fix the end host? The only exception is traffic DDoS, which is an attack on the network not the host As for porn, terrorist information sharing, political dissent Do we even want the network to handle theses security issues? Internet Worms Paxson, Savage, Voelker, Weaver

3 I Don’t Want “Security” to Create A “Phone Network” Internet
Printed: March 27, 2017 I Don’t Want “Security” to Create A “Phone Network” Internet The Internet billing model: “All you can Eat” or “Bits is Bits” A billing model I cound probably live with: “Bits at a given QOS (pick your metric) are Bits at a given QOS” (Weak Network Neutrality) Some implications I don’t understand But too much network control will create a Phone Network Internet: “Bits are Priced on Intent” like cellphones are today Data: $20 for 5 GB  2000 Mb/$ Voice: $.04/min at 8 kbps  12 Mb/$ SMS: $.04 for 1 kB  0.2 Mb/$ Not only is SMS the most valuable traffic for the phone company, it also needs the least quality of service Creates huge incentives for ISPs to muck with traffic (This is why ISPs don’t want Network Neutrality) IM over IP is a huge potential loss of revenue combared with SMS Skype and Vonage hurt your telecom business Why do you think the iPhone is so incredibly locked down? Many security features enable discriminatory treatment of traffic Internet Worms Paxson, Savage, Voelker, Weaver

4 And There is Too Much “Security” Already Available
Printed: March 27, 2017 And There is Too Much “Security” Already Available The Great Firewall of China et al “The Net treats censorship as damage and routes around it.” (John Gilmore) has proven to be severely strained… ISPs are beginning to manipulate traffic Most major ISPs are also telecom & video providers: Why carry the bits of your cheaper competition? Bittorrent uploads? Verso: Eliminate Skype and P2P in your [carrier] network Time/Warner Cable: Not using standard ports is a violation of the AUP because it interferes with traffic shaping Small ISP: Inserting advertisements into all viewed web pages!? NebuAd/Fair Eagle: Profiling users and inserting adds on the wire! AT&T: We will enforce copyright violations in the network! Yes, Virginia, your ISP/Backbone wants to perform deep packet manipulation As well as build some NSA server rooms… So how are the current security tools, in the hands of the ISPs, not already a threat to the open Internet of today? Would future security built into the fabric be any better? Why can’t we simply tolerate malice as a feature? Internet Worms Paxson, Savage, Voelker, Weaver

5 (Backup) What Little Security I actually want:
Printed: March 27, 2017 (Backup) What Little Security I actually want: Authenticated and reliable naming and routing: Obvious. If I ask for foo.com, I need to get to foo.com Lightweight authenticated pushback: Traffic DDoS is a Network problem: pushback doesn’t solve this, but it puts an upper bound on the number of packets each zombie can send Unsolicited conversation is a feature, but the recipient should be able to cheaply say “Go Away and Don’t Bug Me Again” Mechanism needs to be scalable Probably also requires “no spoofing”, but ISPs should want this anyway End to end global fairness/congestion control (and a Pony)… Fix the biggest bug in the Internet: we need to enforce fairness along the network path, not at the endpoints But keep the current economics for constructing the network… I have no clue how to even start to think of how to do this: If I did, I would have submitted the FIND proposal already Internet Worms Paxson, Savage, Voelker, Weaver

Download ppt "Nicholas Weaver International Computer Science Institute"

Similar presentations

Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.

Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.
www.dynamicsoft.com VON Europe 2000 -- 06/19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –http://www.cc.gatech.edu/~feamster/mini-projects/

Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:

Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Network Operations Research Nick Feamster

Network Operations Research Nick Feamster
Saif Bin Ghelaita Director of Technologies & Standards TRA UAE

Saif Bin Ghelaita Director of Technologies & Standards TRA UAE
Internet Hardware Connected ‘Servers’ Servers provide: – Web pages – Email – File downloads.

Internet Hardware Connected ‘Servers’ Servers provide: – Web pages – – File downloads.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Information-Centric Networks02b-1 Week 2 / Paper 2 Tussle in Cyberspace: Defining Tommorow’s Internet –David D. Clark, John Wroclawski, Karen R. Sollins.

Information-Centric Networks02b-1 Week 2 / Paper 2 Tussle in Cyberspace: Defining Tommorow’s Internet –David D. Clark, John Wroclawski, Karen R. Sollins.
Copyright © 1999 Telcordia Technologies All Rights Reserved Christian Huitema An SAIC Company IPv6: Connecting 6 billion.

Copyright © 1999 Telcordia Technologies All Rights Reserved Christian Huitema An SAIC Company IPv6: Connecting 6 billion.
Review: Routing algorithms Distance Vector algorithm. –What information is maintained in each router? –How to distribute the global network information?

Review: Routing algorithms Distance Vector algorithm. –What information is maintained in each router? –How to distribute the global network information?
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
CSE534 – Fundamentals of Computer Networks Lecture 16: Traffic Shaping + Net Neutrality Created by P. Gill Spring 2014, updated Spring 2015.

CSE534 – Fundamentals of Computer Networks Lecture 16: Traffic Shaping + Net Neutrality Created by P. Gill Spring 2014, updated Spring 2015.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Resource Pooling A system exhibits complete resource pooling if it behaves as if there was a single pooled resource. The Internet has many mechanisms for.

Resource Pooling A system exhibits complete resource pooling if it behaves as if there was a single pooled resource. The Internet has many mechanisms for.
2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.

2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.
Internetworking Fundamentals (Lecture #1) Andres Rengifo Copyright 2008.

Internetworking Fundamentals (Lecture #1) Andres Rengifo Copyright 2008.
Self-Citation More than 7 papers at places of least relevance Nothing new except for the problem We stress however that our proposal is somewhat motivated.

Self-Citation More than 7 papers at places of least relevance Nothing new except for the problem We stress however that our proposal is somewhat motivated.
Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Similar presentations

Ads by Google