find_panel.Nick
Download
Report
Transcript find_panel.Nick
Malice is a Feature…
Nicholas Weaver
Malice is a Feature
or
The Inner-Tubes Are Sewer Pipes,
and I Like It That Way
Nicholas Weaver
International Computer Science Institute
Malice is A Feature
Malice is a Feature…
Malice is a testament to network flexibility
The same properties which enable botnets and worms allows
Skype, Bittorrent, and BOINC (Seti@home)
Detecting global malicious activity can be decidedly dual-use:
A system to detect copyright violations or bots in the network
traffic would have capabilities which would make even the Stasi
hesitant
Why should the network have to fix the end host?
All are end-host applications which can run over the network
How is BOINC not a botnet, apart from intent?
Locking down malicious activity may have significant
collateral damage
Nicholas Weaver
The only exception is traffic DDoS,
which is an attack on the network not the host
As for porn, terrorist information sharing, political dissent
Do we even want the network to handle theses security issues?
2
I Don’t Want “Security” to Create
A “Phone Network” Internet
Malice is a Feature…
The Internet billing model: “All you can Eat” or “Bits is Bits”
A billing model I cound probably live with:
“Bits at a given QOS (pick your metric)
are Bits at a given QOS” (Weak Network Neutrality)
Some implications I don’t understand
But too much network control will create a Phone Network Internet:
“Bits are Priced on Intent” like cellphones are today
Data: $20 for 5 GB 2000 Mb/$
Voice: $.04/min at 8 kbps 12 Mb/$
SMS: $.04 for 1 kB 0.2 Mb/$
Not only is SMS the most valuable traffic for the phone company,
it also needs the least quality of service
Creates huge incentives for ISPs to muck with traffic
(This is why ISPs don’t want Network Neutrality)
Nicholas Weaver
IM over IP is a huge potential loss of revenue combared with SMS
Skype and Vonage hurt your telecom business
Why do you think the iPhone is so incredibly locked down?
Many security features enable discriminatory treatment of traffic
3
And There is Too Much “Security”
Already Available
Malice is a Feature…
The Great Firewall of China et al
“The Net treats censorship as damage and routes around it.” (John
Gilmore) has proven to be severely strained…
ISPs are beginning to manipulate traffic
Most major ISPs are also telecom & video providers:
Why carry the bits of your cheaper competition? Bittorrent uploads?
Verso: Eliminate Skype and P2P in your [carrier] network
Time/Warner Cable: Not using standard ports is a violation of the AUP
because it interferes with traffic shaping
Small ISP: Inserting advertisements into all viewed web pages!?
NebuAd/Fair Eagle: Profiling users and inserting adds on the wire!
AT&T: We will enforce copyright violations in the network!
Nicholas Weaver
Yes, Virginia, your ISP/Backbone wants to perform deep packet manipulation
As well as build some NSA server rooms…
So how are the current security tools, in the hands of the ISPs, not
already a threat to the open Internet of today?
Would future security built into the fabric be any better?
Why can’t we simply tolerate malice as a feature?
4
(Backup) What Little Security
I actually want:
Malice is a Feature…
Authenticated and reliable naming and routing:
Obvious. If I ask for foo.com, I need to get to foo.com
Lightweight authenticated pushback:
Traffic DDoS is a Network problem:
pushback doesn’t solve this, but it puts an upper bound on the number
of packets each zombie can send
Unsolicited conversation is a feature, but the recipient should be able to
cheaply say “Go Away and Don’t Bug Me Again”
Nicholas Weaver
Mechanism needs to be scalable
Probably also requires “no spoofing”, but ISPs should want this anyway
End to end global fairness/congestion control (and a Pony)…
Fix the biggest bug in the Internet: we need to enforce fairness along the
network path, not at the endpoints
But keep the current economics for constructing the network…
I have no clue how to even start to think of how to do this:
If I did, I would have submitted the FIND proposal already
5