Mashed Articles

No crime, no lag, no malware: 2020′s internet sounds like heaven. PC Plus checks out its foundations.

Safe, secure and speedy: that’s the internet of 2020. In a decade’s time, the web will be a very different place. There will be no crime, no malware and no fake online banking sites. Latency won’t be a problem. High-definition video will be smooth, and buffering will be a distant, nightmarish memory.

And that’s not all. The internet will have grown dramatically, making room for a new generation of connected devices: cars, phones, TVs, everything. Super-fast speeds are the rule, not the exception. To borrow a phrase, it just works.

At least, that’s what we hope the web will be like. To make it happen, engineers merely need to rethink the way the internet works and change pretty much everything. What could be simpler? Some big changes are already in progress. The explosion of internet-
enabled devices means that we’re running out of IP addresses even more quickly than expected: RIPE NCC’s Managing Director Axel Pawlik noted in January that the pool of unassigned IPv4 addresses would run out as early as 2011. But the move to IPv6, which can handle around “a trillion trillion trillion” addresses – 3.4×1038 if you’re feeling pedantic – is largely a software, not hardware, issue. “In most cases it’s very easy to reprogram connectivity software on a chip to ensure a device is IPv6 compatible,” Pawlik says.

But things aren’t progressing as straightforwardly as you would think. “Despite the simplicity of ensuring compatibility, widespread IPv6 take-up has so far been slow, and many of the best known digital devices available today, including the iPhone, do not yet support the next generation of IP addressing,” warns Pawlik. That lack of urgency is disappearing fast, with big names like Google implementing IPv6 support, router firms embracing the new system and new operating systems – including Windows and OS X – supporting it.

If we’re late embracing IPv6, the internet won’t grind to a halt – existing IP addresses will keep working – but as the European Commission reports, “the growth and also the capacity for innovation in IP-based networks would be hindered”. The EU is pushing IPv6 hard, and it expects European ISPs and “the top 100 European sites” to be IPv6-enabled this year.

As a happy by-product of IPv6, widespread adoption will make the internet more secure too. The IPsec security protocol is a compulsory part of IPv6, which means all IPv6 communications can be encrypted and authenticated.

Route masters

We’re using the internet in ways its creators couldn’t possibly have imagined, from the rise of video to the sheer number of connected devices. We’re constantly pushing the internet’s capacity, stability and security, and inevitably cracks are beginning to show.

Aaron Falk is the Chair of the Internet Research Task Force (IRTF) and Engineering Lead with the Global Environment for Network Innovations (GENI). “There are many areas where the current architecture is straining to meet the needs of the users,” he says. “In particular, the areas of mobility, security, and network management were not well addressed in the original architecture, leading to a patchwork of mechanisms. The greatest concern is not so much that today’s traffic is challenged but that the ad-hoc machinery being inserted into the network will inhibit future innovations. I worry about tomorrow’s applications more than today’s.”

The IRTF is a technological trouble-shooter for internet architecture, as Falk explains: “The IRTF hosts research groups that work in areas ‘adjacent’ to the IETF (Internet Engineering Task Force). This can be pre-standards technologies, hard problems that emerge from the IETF or operations communities, technologies where the internet may be one of many possible communications strategies, or architectural issues.”

He continues: “Sometimes research groups assist IETF working groups by bringing researcher expertise or otherwise ‘pre-baking’ technologies so they are ready for standardisation. For example, the Mobility Optimizations Research Group has been working on IP mobility solutions that feed into the MIPSHOP (Mobility for IP: Performance, Signalling and Handoff Optimization) working group for standardisation. Another example is the IRTF Research Group on Internet Congestion Control (ICCRG) which evaluates new congestion control proposals that arise in the IETF.”

I dream of GENI

One of the problems with the current web is that it’s too big and too important to muck around with. That’s where GENI comes in. The Global Environment for Network Innovations is funded by the US National Science Foundation, and it’s best described as a (serious) playground where new ideas can be tested out. “GENI will support two major types of experiments,” the organisation says. “Controlled and repeatable experiments, which will greatly help improve our scientific understanding of complex, large-
scale networks, and ‘in the wild’ trials of experimental services that ride atop or connect to today’s internet and that engage large numbers of human participants.

“We’re well underway on the second year of GENI prototyping, GENI Spiral 2,” Falk says. “One of our more exciting activities is what we are calling ‘meso-scale deployments’ of virtualisable, programmable routers, switches, and WiMax base stations on 14 campuses and two national research backbone networks. Deployments like these are particularly exciting because they’ll allow experimental applications and services built on GENI to directly reach real users on university campuses. Thus researchers will have the ability to build new services – perhaps incompatible with the current internet – and test them at-scale with real end-users.” One area of concern is routing tables, which the net’s backbone routers use to direct online traffic. The BGP (border gateway protocol) routing table has grown hugely, doubling in size between 2003 and 2009, and there are concerns that if the level of growth continues, router hardware won’t be able to cope. The IRTF’s Routing Research Group (RRG) is investigating alternatives, and its goal is to produce solid recommendations that the IETF can implement. Another related program is Rochester Institute of Technology’s Floating Cloud initiative, which hopes to address the problem of routing table growth by moving the routing tables from inside routers to network clouds. Initial testing took place on a dozen Linux boxes, and the next step is to try it on GENI.

The BGP routing table doubled in size between 2003 and 2009, and it’s still getting bigger.

GENI isn’t the only initiative that the NSF is helping to fund. Its Future Internet Architectures (FIA) program is offering $30million to fund projects that will transform the net. As the NSF puts it: “Proposals should not focus on making the existing internet better through incremental changes, but rather should focus on designing comprehensive architectures that can meet the challenges and opportunities of the 21st century.”

FIA is a continuation of FIND, the NSF’s Future Internet Design project. FIND asked researchers to redesign the internet from scratch, and FIA will narrow around 50 FIND projects down to two, three or four serious contenders.

Safety and security

With the existing internet, security is something that’s largely been bolted on as an afterthought – but the FIA program expects security to be a key consideration from the outset. That’s leading to some interesting ideas, including one security system that takes its cues from Facebook. Davis Social Links (DSL) adds a “social control layer” to the network that identifies you not by your IP address but by your social connections. If it works – and DSL is in the very, very early stages of development – it could make a major dent in problems such as spam and denial of service attacks.

Eugene Kaspersky, CEO of Kaspersky Lab, would like to take things even further. In October, he argued that the internet’s biggest weakness was anonymity, and that everyone should have online passports. “I’d like to change the design of the internet by introducing regulation – internet passports, internet police and international agreement – about following [web] standards,” he told ZDNet Asia.

Kaspersky explained further on the Viruslist.com blog: “When I say ‘no anonymity’, I mean only ‘no anonymity for security control’,” he writes, explaining that he couldn’t care less what people posted on blogs or downloaded through BitTorrent. “The only [requirement] – you must present your ID to your internet provider when you connect.” Kaspersky argues that such requirements are inevitable, with some EU countries already introducing digital IDs. “Another prototype of e-passports is the two-factor authentication we use to access corporate networks,” he says. “The only thing missing today is a common standard.”

Security guru Bruce Schneier isn’t convinced. “Mandating universal identity and attribution is the wrong goal,” he writes on Techtarget. “Accept that there will always be anonymous speech on the internet. Accept that you’ll never truly know where a packet came from. Work on the problems you can solve: software that’s secure in the face of whatever packet it receives, identification systems that are secure enough in the face of the risks. We can do far better at these things than we’re doing, and they’ll do more to improve security than trying to fix insoluble problems.”

The quest for improved security is attracting a lot of attention – and a lot of money. The US Defense Advanced Research Projects Agency (DARPA) awarded contracts worth $56million in January to two firms as part of its National Cyber Range security programme, which will enable network infrastructure experiments, new cyber testing capabilities and realistic testing of network technology. A month previously, Raytheon BBN Technologies was awarded an $81million contract by the Army Research Laboratory to build the largest communications lab in the US, again to research network security.

David Emm is part of Kaspersky Lab’s Global Research and Analysis Team. “It would be unrealistic to expect a wholesale re-architecture of the internet, or even of some of the technologies that are used online,” he says. “If we fix the problem by removing the facility, we run the risk of damaging legitimate activity too.”

There’s also the issue of displacement: if the internet becomes tougher to compromise, villains will simply switch to social engineering instead. As Emm points out, corporate email filtering to remove attached ‘.exe’ files simply spawned the use of links rather than attachments to spread viruses and other malware. “There has always been a human dimension to PC attacks,” he says. “Patching code is fairly straightforward once you know what you need to fix. But patching humans takes longer and requires ongoing investment.”

The last mile

There’s another big piece of architecture that needs upgrading: the bit between your ISP and you. Whether that’s a wired connection or a wireless one, today’s technology needs a serious speed boost. As Tim Johnson of broadband analyst Point Topic explains, “ Over the past 15 years or so we’ve seen the data speeds that typical home users get going up roughly 10 times every five years. I think that will continue over the next decade so that by 2020 many users will be getting a gigabit on their home broadband.

BT’s 21CN project is a software-driven network that aims to drive innovation.

“The big barriers that must be overcome to get there are (a) extending fibre all the way to the home, and (b) providing the backhaul capacity and the interconnect standards to make it useful,” he elaborates. “Both of those are do-able but I think it will be quite late in the teens before they are achieved.”

Johnson reckons that things will get particularly interesting when 100Mbps+ connections are the norm, as they will be able to deliver immersive, high-definition environments and “a huge new space of technology, applications and lifestyle possibilities”. But he’s not convinced the internet can even handle that – not in its current form, anyway.

“This kind of application is rather different from what the internet was designed for and is good at,” he says. “From an engineering point of view it will mean provisioning capacity that will allow users to set up assured end-to-end symmetrical calls of at least 20Mbps each way. There also needs to be a huge amount of standards development and investment to support setup and switching. […] It’s possible that this could all be done across the open internet, but my own belief is that as this type of traffic grows it will create the need for more dedicated capacity. IP and intelligent multiplexing will still rule, but the basic architecture will be different.”

Going mobile

In developed countries, the internet is moving away from the desktop and onto mobile phones and other wireless devices, while in developing countries the internet is primarily a mobile medium already. In both developed and developing countries the number of mobile internet users will increase dramatically in the next decade. So if you think the mobile networks are creaky now, things could get considerably worse in a decade.

For the mobile internet at least, the future may look an awful lot like the past. As Jon Crowcroft of the University of Cambridge writes: “We are so used to networks that are ‘always there’ – so-called infrastructural networks such as the phone system, the internet, the cellular networks (GSM, CDMA, 3G) – and so on that we forget that once upon a time (why, only in the 1970s) computer communications were fraught with problems of reliability, and challenged by very high cost or availability of connectivity and capacity.”

Noting that technologies such as email coped fine in those conditions, Crowcroft suggests that, “It appears that it’s worth revisiting these ideas for a variety of reasons: it looks like we cannot afford to build a Solar System-wide internet just yet, [but] it looks like one can build effective end-to-end mobile applications out of wireless communication opportunities that arise out of infrequent and short contacts between devices carried by people in close proximity, and then wait until these people move on geographically to the next hop. It’s interesting to speculate that these systems may actually have much higher potential capacity than infrastructural wireless access networks, although they present other challenges (notably higher delay).”

Such systems – variously called Intermittent, Opportunistic or Delay Tolerant networks – have a wide range of applications. They’re useful in emergencies and in areas where there isn’t an existing network infrastructure, and they’re particularly well suited to emerging applications where a constant signal can’t be guaranteed, such as internet-enabled cars.

While such networks could ultimately be deployed in remote areas, for most of us the future of the mobile internet is very similar to what we’ve already got. LTE (Long Term Evolution) is a kind of 3G network with knobs on, and in the UK at least it’s generating much more interest than the rival WiMax technology. When LTE begins to roll out later this year it will deliver theoretical speeds of up to 140Mbps, rising to 340Mbps after a 2011 upgrade. An even faster version of the network, LTE Advanced, is in the works. It’s worth noting, though, that even the first version of the LTE network will take several years to roll out nationwide.

And WiMax? In February this year, Patrick Plas – Alcatel-Lucent’s Chief Operating Officer for Wireless – told reporters that the company “is not putting a lot of effort into this technology any longer” as mobile networks were showing “a clear direction taken by the industry towards LTE”. That’s an honest indication of where the mobile internet is heading.

Looking ahead

Predicting the future is a tricky business, and predicting the future of the internet is doubly so. However, it’s clear that the next decade will see some dramatic changes in the way the web works. Some changes are definite – the move to IPv6 will happen, albeit more slowly than many would like – while other developments such as opportunistic networks may never become mainstream.

What we can predict is that the internet of 2020 will be coping with user numbers and traffic volumes that we can barely imagine. To be able to cope with that, the net will probably become a hybrid: a mix of old and new. As Falk puts it: “Recent interest in ‘clean slate’ network architectures encourages researchers to consider how the internet might be designed differently if, say, we knew then what we know now about how it will be used,” he says. “But that is not to say we must discard the current internet to fix the problems. The internet has tremendous value, has supported astronomical growth and changed the lives of millions of people. I believe research in new internet designs will provide insights on where the high-leverage points are on the current design thus allowing us to understand, justify, and deploy changes that will bring the greatest benefit.”

When doing message level encryption, the public key of the recipient is used to encrypt the source message. But how to obtain the encryption key of the recipient? Is there some directory (X500?) containing all these keys? Nope. Encryption keys are usually exchanged via out-of-band mechanisms.

For message level signing, things are much easier: a sender attaches its certificate to the signed message. The receiver checks the certificate first and next uses the public key contained in the certificate to verify the signatures. If the sender switches to a new private key, a new certificate containing the new public key is sent along with each message.

But what if a receiver wants to switch to a new encryption key? How to inform all senders that they should start using a new encryption key? What I’ve seen happening is that a company informs its business partners that they should all switch to this new key at exactly the same date and time. Clumsy solution. This could easily be avoided if ESB’s and B2B tools supported the use of both the old and new encryption key for a while (try to decrypt with the new key, next try to decrypt with the old key). But products don’t support this simple feature.

Note: switching to new encryption key is typical when the same keys are used for signing and encryption; the certificate needs to be renewed and this often implies a new keypair and thus new encryption key.

EDIINT/AS2 is a popular protocol for B2B communication. AS2 uses message level security extensively, both for signing and encryption. So AS2 uses are confronted with this challenge of key renewal. Now AS2 has an optional profile called “Certificate Exchange Messaging” that allows the automated exchange of new encryption keys! And it requires the parallel use of an old and new key.

This optional CEM profile exists already for a while but support is still limited: Axway, Cleo Communications Inc. GXS,Inc., Inovis, and SEEBURGER.

Writen by Vinodh Pushparaj

Data Centers are the core of the Internet. The computer servers that power the Interne,t call Data Centers their home. If you think of how many billions of online transactions that happen every day you will be amazed to know that the final resting place of all these stored transactions is the Data centers. This Amazement quickly turns into Panic when you think about how much private data and vital data is stored there. Over years the Data Center technologies have evolved a lot into much advanced techniques like server virtualization and high speed power houses. There are more than 100 factors one should evaluate a data center against before choosing one to home their servers. In this article we will see the three main that in turn dictate the rest of the factors.

1. Security: We just now saw how much data is stored, processed and served by the data centers. All these are vital data that makes or breaks a global economy. Security includes the data encryption capability of the servers, the security of the uplinks or the backbone networks that are employed. It includes security mechanisms like the Public key dongles and the capability to store the data securely and safely. The less talked aspect is the physical security of the box and the whole data center itself. We are talking about limiting snooping and sniffing the packets, but what happens if one person just walks in carries off a server. How much credit card data, transaction details, bank details and the SSN’s get compromised! You can have a slow box but an insecure one creates a ton of problems in the form of countless lawsuits. Choose the data center that excels in all aspects of security. Ask pointed questions, expect the right answers.

2. Reliability: The next important aspect is the reliability of the systems and the data center infrastructure itself. We are just not talking about backup machines or RAID 5 HDD. We are talking of highly available power systems with sufficient backup time and in house generators for emergencies. The additional aspect to consider is reliability of the company that offers the data center and the persons working for the company. You many want to talk a little bit about their hiring and daily authentication and authorization process if you are even a mid-sized company. Disaster recovery systems are critical for the five 9′s in reliability don’t be stalled because a California power-company had a complete emergency shutdown due to an earthquake or a hurricane in Florida. You should be able to gracefully failover to alternate sites.

3. High Speed: The third aspect is the much needed speed. This is more complex than you think. Adding a word saying that we have the high end servers making a data center a high speed infrastructure is minimum requirement. The network uplinks and the Internet backbone the center are connected to are also very important. You have to ask for custom solutions like caching technologies, load balancing blueprints and high end routers, switches and backplanes.

This article just touches on these major concepts and you have to do sufficient research on the keywords employed in this article. As I said there are 100 factors to consider before choosing the right datacenter. Any good company owning a data center would openly help you evaluate their infrastructure against these factors.

You can find a good Data Center with many of the good capabilities discussed in this article in fastpcnet.net. Ask them about their custom solution and how they measure against the deciding factors and you will be happy at the answers.

Author Holds a Masters in Distributed computing and does freelancing for many great Internet companies through the no fee free freelance website freelancefree.com.