Making the Internet of the Future Happen Today

With all the policy controversy around the Internet today it’s useful to take a step back and look at the overall trajectory. While the battles over privacy, security, and the roles of the FCC and FTC in implementing regulation are important, these are local US concerns.

While our regulations do have some impact on the rest of the world, the other nations that wanted net neutrality regulations wrote laws specifying it rather than repurposing legacy legislation. So the question of Title I versus Title II simply doesn’t resonate outside our borders.

Leaving the regulatory battles aside, the Internet has shortcomings. Not only is it vulnerable to active attacks (such as DDoS) and passive abuse (surveillance and tracking), it’s grossly inefficient, unreliable, and inconsistent. The efficiency shortcomings keep prices high, while the consistency issues limit the development of new applications such as Time-Sensitive Networks.

Content-Centric Networking Makes the Internet More Efficient

Content-Centric Networking (CCN) automates a manual process. When you want a given piece of content on the Internet today, you first need to locate it. If it’s a movie, it might be on Netflix, Amazon, Hulu, or your local cable company. You can try to use Google to find it, but more often than not, it isn’t helpful because Google doesn’t index the common services.

So you have to visit the possible sites to find it. And once you do, you download it and/or play it. This last step may involve two important transactions: an invisible DNS lookup to translate the site’s domain to an IP address and potentially a more visible financial transaction.

The DNS transactions we use today are quite underpowered: we ask the question: “what is the IP address of” and we get one or more answers. The answers can consist of unicast IPv4 and/or IPv6 addresses, multicast addresses, or error responses. These are sorted out by the Internet protocol software on your device, so you don’t see this transaction unless it fails.

A More Powerful DNS

Effectively, CCN replaces (or supplements, more accurately) DNS with a more powerful function: Instead of looking up the domain where you already know the content is located, you ask where the content is located. This involves labeling the content with magic number (unique across the whole Internet) and asking for all the places where it can be found. The DOI does the labeling, and it already exists thanks to CCN researchers.

Asking this question means you’re probably going to get a number of answers. Your software will then choose based on details such as price, proximity, and network load. If you want a Netflix movie that a neighbor is already accessing, you’re probably going to get your copy from the neighbor.

This means the content has to be encrypted and otherwise protected from unauthorized use by an authentication procedure. This is interesting because it has to be embedded in the content. The way we do this today is by authenticating the path between user and content rather than the content itself. Current norms are inherently insecure, but CCN is not.

An Internet of Packets Rather Than Circuits

Content-level access control makes it a lot easier to replace the Internet of hard, brittle pipes we have today with one that’s immeasurably more nimble, more secure, and more dynamic. For all practical purposes, today’s Internet still looks a lot like the old telephone network because it’s based on a circuit model.

The Internet doesn’t implement its version of circuits the way the telephone network does, of course. TCP rapidly creates and destroys virtual circuits in software running on the client and server computers, while the phone network implements circuits inside network equipment.

But application software written for the Internet may as well be running on a telephone network because it assumes that these circuits are safe, reliable, and stable even when they aren’t. Man-in-the-middle attacks work because Internet circuits are not nearly as secure as telephone circuits, for example. But packet-based security solves that problem quite well.

The Smart CCN is Still Not Perfectly Secure

The CCN still has some vulnerabilities: the lookup procedure can be faked, so an attacker could easily expose your machine to a myriad of responses to queries you didn’t make. This problem can be overcome in principle by authenticating the IP address of the machine making the query, but there are holes:

This security feature brings another bit of good news: Distributed denial-of-service attacks—in which hackers send a large volume of requests to a website or server in order to crash it—are more difficult to execute in CCN. Unusual traffic patterns are easier to discern in a CCN network and can be shut down quickly. On the other hand, clever attackers may just try to figure out a way to flood the network with interest packets instead. This security challenge would have to be solved before CCN could be widely adopted.

When an attack of this nature succeeds, the results can be severe. In the worst case, attackers might induce in poorly-managed computer to give up gigabytes of sensitive material. So more work needs to be done before CCN is ready for prime time.

Momentum is Building

Despite problems that remain to be solved, CCN is a fascinating development that challenges a number of sacred Internet preconceptions: it’s not a stupid network, it’s not a dumb, fat pipe, and it’s not especially “end-to-end”. Its greatest virtues are security, efficiency, and usefulness. I’m OK with abandoning Internet dogma and tradition for these payoffs.

Next time, I’ll explain Time-Sensitive Networking, another departure from dogma.