web analytics

Cryptography is the new thing, and CCN

October 1, 2013

Study Cryptography kiddies, this is only the beginning of the arms race.

I saw the above comment in a Slashdot post. I only read Slashdot for the comments, and this one is golden. I couldn’t agree more with it. When I was your age (assuming your age is around 20 – 23) the thing was Web services with a capital W, and Ajax. Web services this, web services that, web services stores, even a new programming paradigm: service oriented programming. It was all the rage. I remember being sold the service oriented stuff, it was billed something like: “you’ll just go to a service store, get the service you need, and voila”. Yeah right, the same was said about object oriented, just change “service store” for “object store”.

With the recent revelations of the wide scale spying carried over by the NSA, sponsored by the US Government, the whole game changed. Once upon a time there was a silent agreement that no one should mess with the Internet infrastructure for the greater good of mankind. There were attempted attacks before, but they were very public. And by being public and sticking to strictly legal ground they could be fought and ultimately rejected.

But the NSA spying is different. Is not a direct threat of the Internet fabric, they are not proposing fundamental changes to the way DNS works, or making deep packet inspection a necessity. Precisely because they are operating within the current architecture, the architecture needs to change to make it impossible. We can no longer trust the Internet fabric, that all netizens will behave. The days of the Internet as we know it are limited.

So what’s next?

We need to build a stronger, safer, more intelligent network. And while we’re at it, why not better suited to accommodate current use cases? Our venerable Internet was built as a dumb network, and all intelligence is as the periphery. It has superb scalability as we all witness but it has a range of problems that are very difficult – if not impossible – to solve given its architecture. One of such problems is trust.

Exactly how bad it is? very. Van Jacobson being the elite TCP/IP guy he is explains it better [pdf]: A user believes they are reading the news from the New York Times when they access it via a user-friendly name for the authoritative source of that news – www.nytimes.com; whether guessed, known, or obtained from a trusted directory (Google) in response to a few relevant search terms. Implicitly, they are also trusting that

  1. The DNS has given them a reliable indicator of where to find a host authorised to “speak for” the name they are interested in.
  2. They have actually made an HTTP connection to that host or its delegate (such as a content distribution network, or CDN) and
  3. That the content retrieved over that connection is unaltered by any unauthorised intermediary.

Imagine a household. Father, Mother, 2 kids. Each morning, Mother gets up early and prepares breakfast, and while she’s at it she likes to read the news. Then the kids get up, and while they’re having breakfast they like watching cartoons in netflix. Then Father gets up and, like Mother, he likes reading the news also. But there’s a problem, Father can’t get the news because the home network is maxed up thanks to the kids streaming. Mother has a copy of the news, but Father can’t tell the network to retrieve it from Mother’s device, and its right there! in the same LAN!

What if the Internet was a Content Centric Network? That is, What if the Mother could somehow specify her intent: “get me today’s news” instead of the precise location of the news “GET www.nytimes.com”? Maybe the neighbour beat us to the punch and she has a bona fide copy of the news, and its quicker to retrieve it from the neighbour than from some server on the east coast. What if the network somehow knew that streaming cartoons is less important than getting the news, oh but remember, now the Mother has a copy, so the Father can get that copy as well and since both are on the same local network, everything works out.

In an increasingly networked world, why is it that seemingly our venerable Internet is not good enough anymore? It’s not that the Internet is bad, but the problem has changed.

Isn’t that similar to named data networking?

Yes, and also to data oriented architecture. However the fact that Content Centric Networking comes from the hand of Van Jacobson, has garnered a lot of interest. He went to Google to one of those tech talks way back in 2006, but it really is an eye opener. It’s called A New Way to look at Networking.

There’s a lot more on the topic, and I’ve been very interested in CCN since my M.Sc. studies at CICESE back at 2006 – 2008. Since then, the CCNx project got started and produced working code. Now with the NSA revelations and the direct threat to the Internet, more than ever we need CCNx to succeed, producing a Free (as in speech), secure, private Internet.