[Paleopsych] New Scientist: How to mend a broken internet

Premise Checker checker at panix.com
Thu Jan 20 21:19:29 UTC 2005

How to mend a broken internet

         New Scientist vol 184 issue 2473 - 13 November 2004, page 46

       Can we patch what we've got, or is a total rethink needed? Danny
                             O'Brien investigates

     THE smart conference suite at Stanford University in California was
      packed with the cream of the computing community. They were there,
     earlier this year, to hear David Cheriton explain his vision of the
    future of the internet. If Cheriton is to be believed, the wired world
    we now know and rely on is on the brink of collapse. The internet, he
                             insists, is broken.

    How can this be? Emails still get through. The web seems to work well
     enough. Prophesies of doom might seem alarmist, even laughable. But
     Cheriton, a professor of computing at Stanford, has played a leading
      role in computer networking for the best part of 20 years, and the
     networking community takes him seriously. Cheriton reckons that the
    internet is dangerously insecure, and it's a verdict that few internet
    experts would disagree with. What held the audience's rapt attention,
           however, was Cheriton's radical solution to the problem.

     "Look at the way things are going," he says. From phone networks to
      banking, power distribution and air-traffic control systems, just
       about every critical communication network will soon rely on the
     internet. And that makes us all vulnerable. "Unless we do something
      soon, the internet will become the largest target of attack on the
                  planet in terms of doing economic damage."

    Hints of what may be in store are already emerging. Earlier this year,
     criminal gangs held several gambling websites to ransom, threatening
        to knock their servers off the web by flooding them with bogus
    traffic. Denial of service attacks like these now happen almost every
     week, and the internet's security monitoring organisation, CERT, has
        had almost 320,000 reports of malicious attacks since it began
     gathering statistics in 1988. Though police forces across the globe
        have set up dedicated units to tackle cybercrime, the pace is
    quickening, and more than a third of these attacks took place in 2003
                               [11](see Graph).

     The source of the problem is there for all to see. The internet was
      created at a time when no one dreamed its users would be anything
     other than benevolent. So it was designed to deliver its packets of
      digital data in the most straightforward way possible, without any
      thought of defeating spam, or defending its servers from malicious
                             hackers or viruses.

       Even the Internet Engineering Task Force (IETF), the internet's
    official guardian, acknowledges there are problems. But what should be
       done about it is still hotly disputed. Karl Auerbach, a computer
    engineer who has been involved with the internet since 1974, explains
       the caution: "There's a lot about the current internet we don't
     understand," he says. "You can bring down a net by trying to repair
    Machines on the internet are attacked almost every week, and the pace
          is quickening. Over 100,000 attacks occurred in 2003 alone

    On top of the net's poor security, there are other concerns that many
          internet experts consider equally pressing. Most high-tech
     manufacturers foresee a future in which everything from your car to
     your fridge will be connected to the net. The problem is how to give
    them all a unique address that will identify them on the net. Like an
    old telephone network in which the number of subscribers has outgrown
       the pool of available phone numbers, the existing design of the
            internet has too few addresses for all these devices.

      The IETF's solution is a rewrite of the internet protocol (IP) on
      which the net is founded. Called IPv6, the rewrite was proposed as
       long ago as 1992 and it undeniably provides more numbers, or "IP
     addresses": up from the 4.5 billion available today to a staggering
      thousand billion billion billion billion. With IPv6, the IETF also
       took the opportunity to defend the net against denial of service
     attacks by adding new security features such as encrypted signatures
       to authenticate packets of information and further encryption to
    prevent the packets being tampered with. Since then, IPv6 has been the
                     Net's big chance to improve itself.

    But there's one big problem with IPv6. Even now, 12 years after it was
    introduced, most people are still not using it. And that highlights a
    problem with re-engineering the net: the pace of change is dictated by
    the most conservative users. Even when the people nominally in charge
       have agreed on a change, they have to persuade everyone else to
      switch. Upgrading to IPv6 means installing it on every part of the
     net, and while most modern computers support the new protocol, just
    one old machine on a route between two computers - be it a desktop PC,
     or one of the computers along the way that steers packets of data to
       their destination - will force the network to default to the old

      To the dismay of IETF engineers, internet users are turning to an
    alternative - and many would say clunky - solution to their problems.
    Network Address Translation (NAT) is the most common, cheap fix to the
    shortage of IP numbers. It is a way of hiding several computers behind
      a single IP address. Think of it as like a telephone operator at a
     company with several phones but only one line to the outside world.
        Just as the operator switches calls to any number of internal
     extensions, so the NAT machine diverts packets from the internet to
    the computer that requested them. All traffic through these computers
      goes to and from the net via a single IP address, but because the
     internet uses packets rather than a continuous uninterrupted stream
    like a phone call, the NAT machine can juggle the data for hundreds of
     machines. It's a simple solution, with the advantage that no global
        upgrade is required. If you are using a local area network or
    broadband service to connect to the net, there's a good chance there's
                   NAT between you and the global internet.

    The IETF hates NAT. What its engineers would like is for any computer
      on the internet to be able to address a data packet to any other,
      without the intervention of any machines on the way. That was the
     original mission of the Internet engineers: and, for a brief period,
     they achieved it. Then NAT came along and spoilt it. "NATs balkanise
       the net," Auerbach says. Worse, by disguising the shortage of IP
    addresses, NAT has slowed down the switch to IPv6. "With NAT in place,
           there's no compelling reason for most users to switch."

     This is where Cheriton disagrees with the IETF. Far from casting NAT
     as the villain of the peace, he sees it as the internet's potential
    saviour that will rescue us from what he says is the great IPv6 white
     elephant. NAT and IPv6 have been around for about the same time, he
     points out. "They both had their chance, but NAT has succeeded," he
         says. "I'm a great believer in the survival of the fittest."

    Controversially, he claims that NAT might do a better job of securing
      the net against malicious attack than IPv6's encryption features.
    "Encryption and authentication don't get you any safety," he says, as
       they rely on keeping the encryption key secret. "As soon as that
        secret is out - and all secrets leak in the end - the security
       It is incredibly easy to fake the source of data sent across the
              internet. Spammers and hackers do it all the time

       Computers often receive unsolicited packets of information that
    pretend to be from a trusted or familiar source but in fact come from
     somewhere else. It is incredibly easy to fake the source of data in
     this way. Spammers do it, and malicious hackers do it to cover their

    NAT could be made to stand guard against these rogue packets, keeping
       them out of local networks like a receptionist filtering calls,
       Cheriton says. Machines behind a NAT can't be reached directly;
    packets have to wait for the gatekeeping machine to explicitly permit
     them to enter before they can get through. Getting rid of NATs would
               make the net worse and more unstable, he argues.

    His solution is to co-opt the NAT system to weed out rogue packets. He
    wants to switch the NAT boxes from being enemy number one to the net's
        best citizen. Cheriton laid out his vision in an experimental
      networking project called TRIAD (or, in full, Translating Relaying
          Internetwork Architecture integrating Active Directories).

     While IPv6 makes machines that are now hidden behind NATs visible to
       the internet at large, Cheriton's system goes one better. Unlike
    today's IP addresses, TRIAD data packets will have addresses that are
    hierarchical, like postal addresses: for example, "Fred's Machine, c/o
      the Stanford NAT". You can string theses addresses together, so if
     you're Danny, say, and you're behind a NAT at New Scientist, a data
     packet from you to Fred carries the address "Fred, c/o the Stanford
     NAT box, c/o New Scientist NAT box/ from Danny". In this way, TRIAD
     allows computers behind NATs to become fully connected: they are as
       reachable as any other computer on the network. And because the
    addresses can be as long as you like, there is no limit to the maximum
    number of machines you can connect on the net. Number shortage solved.

                               Openness is key

     But how do you find out what address to use to reach the destination
     you want? Under the existing internet system, a network of computers
    called domain name servers (DNSs) hold tables that translate addresses
        such as [12]www.newscientist.com into IP addresses of the form, which are what the machines that route data round the
                          net currently understand.

     TRIAD will do away with DNS machines, and give NAT boxes the job of
     finding an address. The NAT boxes will talk amongst themselves like
     neighbourhood gossips to discover who is looking after a particular
     name. But crucially for Cheriton's idea of making the system secure,
          they will also share information about rogue data packets.

    Cheriton likens TRIAD to the way the air traffic control system works.
     When an aircraft is given an instruction, it can be heard by all the
    other pilots in the area. If a pilot receives a command that conflicts
    with previous orders given to other pilots, then they will refuse that
     order and other pilots will immediately know that the controller is
    making errors, or maybe even acting maliciously. Openness is the key.

    In the TRIAD world, say a terrorist wants to use a computer to pretend
    to be a machine that is authorised to close down a power station. The
      terrorist's machine would have to announce that it belonged to the
    power station's network to all the local TRIAD servers - including the
     one run by the power station. Such announcements would travel across
    the net in a matter of seconds, Cheriton says. The real power station
     servers could then quickly put out a message - using one of the old
      routes that they know from experience they can trust - telling the
                        world to ignore the impostor.

    So instead of being the silent Balkanisers of the net, NAT boxes would
      become its chattiest and most dutiful citizens - a kind of online
    neighbourhood watch. Almost all the work of running the net would fall
                                   to them.

      But what about the spoof packets that disguise their true origin?
     While today it is easy for a sender to fake a data packet's address,
        in TRIAD all packets are traceable. Each packet must carry the
    addresses of every machine it visits on route through the network. So
     packets from Transylvania will have "c/o Transylvanian NAT" on them.
    If a machine from the Transylvania NAT is suspect, every intermediary
       NAT in the network can be told to ignore packets winging in from
    Transylvania. Cheriton claims this will give the network an automatic
        ability to contain denial of service attacks almost instantly.

    Many internet engineers see Cheriton as a maverick. And as he himself
    acknowledges, "there are a lot of wild crazies out there with ways to
      replace the net". But not many of them have his track record. His
      hunches on the future of networking, though often controversial at
    first, have usually proved right. In the late 1980s, when many in the
     networking world were abandoning the internet's TCP/IP system for a
     competing standard called Open Systems Interconnection (OSI), it was
     Cheriton who said that OSI was doomed to fail. Later, when telephone
      companies suggested that the internet's hardware would be rendered
      obsolete by a more telephone-friendly system called ATM, Cheriton
     declaimed against that, too - and started his own company, Granite,
    producing a new generation of high-speed internet hardware. That made
     him his first fortune, when he sold the company to internet hardware
      manufacturer Cisco. Five years ago, two students turned up at his
      house asking for seed money to start a company based on their PhD
    theses: Cheriton spotted the potential and wrote Larry Page and Sergey
     Brin their first investor's cheque. Their bright idea became Google,
        and when the company went public this year The Washington Post
            estimated Cheriton's stake at more than $300 million.

     But re-engineering the internet will require more than the say-so of
    one man, no matter how impressive his credentials. What's more, TRIAD
     has its own problems. If the comparatively conservative IPv6 project
      ultimately fails because it requires so many potentially dangerous
    changes to the net, isn't the more radical TRIAD even more dangerous?
        Nearly three years since Cheriton began working on TRIAD, the
     organisations responsible for defining standards on the net continue
     to support IPv6, and have paid little attention to his warnings. But
        the idea is far from dead. Research papers that adopt many of
    Cheriton's ideas are appearing in computing journals. IPv6 still isn't
                      here. And the NAT keeps spreading.

     "I'm an old guy," says Cheriton. "I remember back in 1980, when the
     phone companies thought they had the solution to everything, and the
    Internet engineers were the young Turks. Now, we're the ones who have
                              become ossified."

    While Cheriton acknowledges that his plan for TRIAD as it stands might
     never make it out of the labs, he believes that his ideas about NATS
    will win out over IPv6 in the end. He's banking that his students will
    go out into the world and propagate them. That's a long shot, but then
          again so were many of Cheriton's other high-tech gambles.

                                Danny O'Brien
               Danny O'Brien is a technology writer in San Jose

More information about the paleopsych mailing list