Infrastructure for Resilient Internet Systems

Are you tired of Denial of Service (DoS) attacks, viruses, worms, and assorted causes of network downtime? A new solution might be on the (distant) horizon: The National Science Foundation (NSF) has selected five university computer science departments to create a new secure decentralized network infrastructure that would be resilient against failure and attack. The NSF awarded $12 million to launch development of the new project, called the Infrastructure for Resilient Internet Systems (IRIS). The selected universities are the Massachusetts Institute of Technology (MIT), the University of California at Berkeley, the International Computer Science Institute, New York University, and Rice University.

The group of universities will work to develop a new network infrastructure based on distributed hash table (DHT) technology, which will act as the cornerstone to "securely orchestrate data retrieval and computation on open-ended large-scale networks such as the Internet, even when the individual nodes on the network are insecure or unreliable."

Whereas DNS typically involves systems accessed in hierarchical order, DHT would, in contrast, involve a range of systems accessed based on a data object that an application requires. Developers could use DHT to create a network infrastructure similar to peer-to-peer (P2P) file-sharing networks, such as Gnutella or KaZaA, but with significant replication and security improvements—potentially a viable new computing infrastructure for the business world.

According to the basic operational theory of the new infrastructure, an object stored on the network would be digitally signed and replicated to numerous other file servers on the network. In the event of network degradation or failure (e.g., DoS attack, system crash, system overload, virus or worm infection), the object would be available elsewhere transparently to users. A file-system API would ride on top of DHT and automatically move data back and forth to files based on information DHT provides to the API.

This new type of network would be self-configuring and would automatically incorporate new network nodes without manual intervention. Systems (e.g., file servers) could join or drop off the network without significantly affecting overall network operation. If a malicious user or file server were to participate in the network, that user's activities could be minimized to prevent security problems (though computer scientists are still considering how to minimize those activities).

According to a proposal that discusses the new technology, "In general, DHTs will be used to organize complex structures consisting of related objects. Thus a key concern is the ability to provide verifiable inter-object references, perhaps analogous to secure links between web pages. A simple example involves naming an object using a cryptographic hash of its content, an idea that fits well with DHTs. More difficult challenges include mutable objects; objects that more than one user can change; verifying that the freshest version of an object has been obtained; and verifying that a particular set of objects consists of consistent versions. Initial work by the [program interfaces] in these areas include self-certifying pathnames for mutable data and techniques to ensure consistent and correct mutable file systems in the face of malicious file servers."

DHT isn't a new concept, but it hasn't been brought into mainstream business use. In the past, MIT computer scientists have outlined and discussed some of the security risks involved with P2P digital hash tables. According to Emil Sit and Robert Morris, the risks include incorrect routing lookups, incorrect routing updates, new network nodes being cross connected to a malicious parallel network, storage and retrieval attacks, inconsistent node behavior, unsolicited network traffic, and more.

The IRIS project must address these problems and many others before a new infrastructure can perform as promised. But the proposed system could act as a secure storage system for the Internet and could help users (e.g., businesses, government) mitigate the many nuisances we experience today. For more information about this new infrastructure design, visit the IRIS Web site. The IRIS Web site also lists similar and related projects, including a Microsoft research project called Farsite.