Vision for Trustworthy Computing, Bill Gates, 15 Jan 2002

1
Vision for Trustworthy Computing,
Bill Gates, 15 Jan 2002

• now, when we face a choice between adding
  features and resolving security issues, we need
  to choose security.

2
Internet Technologies

• An example of how the system works
• Assume
• FTP is our application example.
• Ethernet is the underlying technology at the
  data link layer.
• Two slides of revision for some of you.

3
Application(say FTP) TCP IP Ethernet
Driver Physical Layer
Ethernet
4
SS
User Data

SS
SS
App. User
Header Data
SS
SS
TCP App. User Header
Header Data
SS
SS
IP TCP App.
User Header Header
Header Data
SS
SS
Ethernet IP TCP App.
User Ethernet Header
Header Header Header Data
Trailer
SS
46 to 1500 bytes for Ethernet
5
Original Internet Principles

• End-to-End Design Based on the assumption that
  end-points can trust one another.
• To move the functionality
• away from the network, and,
• towards the edges of the system.
• Reduces the complexity of the network.
• Reduces the cost of future upgrades
• New applications can be added without modifying
  the network.

6
Original Internet Principles

• Packet Switched Communication facility
• Different Networks connected through Routers
  (used essentially for routing only).
• Internet communication to continue despite loss
  of networks or routers.
• Cater to distributed management of resources.

7
Original Internet Principles (continued)

• Addresses that are simple, hierarchical and that
  can be overloaded for both naming a node and for
  routing to it.
• Higher level functionality at the edges and dumb
  network
• A single data delivery service (IP) to cater to
  both connectionless, unreliable datagram service
  (UDP) as well as to a reliable stream service
  (TCP).

8
New Environment

• Untrustworthy end-points
• Denial of service attacks
• Spam e-mails
• More demanding applications
• Requirement for high throughput
• Requirement for guaranteed delivery (e.g. audio
  or streaming video)
• ISPs view wide BW and/or guaranteed data
  transport services as a competitive
  differentiator.

9
New Environment

• Islands of wide BW and/or guaranteed service
  along with content servers, designed for
  technologists.
• Responses to the new environment
• Modify the end-nodes
• Add functions to the core of the network
• Firewalls
• NATs
• Traffic Filters

10
The Internet

• Internet Characteristics
• Architecture
• as it exists today

11
Table1Internet Traffic Characteristics
C clientDNS Domain Name SystemS
ServerMBONEMulticast Backbone
Source Antonio Rodriquez-Moral, LIBRA. Bell
Labs Technical Journal, 2(2) 42-67, Spring 1997.
12
Table2 Routing Persistence
Source Vern Paxson, End-to-End Routing
Behaviour in the Internet, IEEE/ACM Transactions
on communications, 5(5), October 1997.
13
Table3 Internet Traffic Characteristics

• Round Trip Delay (RTT)
• Most RTTs are within 70-160 ms
• ITU-T G.114 limit RTT to 300 ms or less
• HoweverSurveys show some people tolerate large
  RTTs of 800 ms
• Packet Loss
• Very bursty
• Affects contiguous packets
• Order of Packet Arrival
• Studies underway, butPaxson study shows out-of
  sequence arrival not unusual

Source Ulyees Black, Advanced Internet
Technologies, pages 70-71, 1999.
14
Packet Loss

• Data transmission masked by TCP
• Audio/Video ears and eyes catch it
• Audio System G.T23.1 masks a loss of up to 10
  if the loss is random and independent. It uses
  the previous packet to simulate the lost packet.
• But the packet loss in Internet is bursty.

15
Packet Loss

• Forward Error Correction system uses the
  technology used in mobile wireless system --by
  sending many copies of the coded voice. If even
  one copy arrives safely, the operation is
  effective.
• Since UDP is used for audio/video, the
  out-of-sequence arrival is also a problem.

16
Internet Example of a small part
HA
HB
HX
For point-to-point (relay-type) connections
through T1/SONET lines, PPP (Point to Point
Protocol) is used. SLIP (Serial Line IP) is now
rarely used.
Ethernet
R1
45 Mbps
T1 Line
R2
155 Mbps
SONET
Internet
SONET
T1 Line
H1
R4
R3
HN
H2
Ethernet
17
T Lines

• Frame carries 24 channels of 8 bits 1 bit for
  sync.193 bits
• T1 8000 frames per second
• 1.544 Mbps gt DS1
• T2 4 DS1s
• 6.312 Mbps gt DS2
• T3 7 DS2s
• 44.376 ? 45 Mbps gt DS3
• T4 6 DS3s
• 274.176 Mbps

18
T Lines

• ANSI Synchronous Optical Network SONET
• ITU-T Synchronous Digital Hierarchy SDH
• SONET rates
• OC1 51.84 Mbps
• OC3 155.520 Mbps
• OC12 622.080 Mbps
• OC-24 1.244 Gbps
• OC-48 2.488 Gbps
• OC-192 9.953 Gbps

19
FTP
SMTP
TELNET
DNS
RIP
BGP
OSPF
UDP
TCP
ICMP
IP
RARP
ARP
PPP
ETHERNET
Physical Layer
20

• UDP Ports
• RIP 520
• DNS 53
• TCP Ports
• BGP 179
• DNS 53
• SMTP 25
• TELNET 23
• FTP 21
• HTTP 80
• Lotus Notes 1352
• HTTP PROXY 8080

• Ethernet Type
• ARP 080616
• RARP 803516
• IP 080016
• IP Protocol
• OSPF 89
• UDP 17
• TCP 6
• ICMP 1