Woodstock, The Internet and Campu2011 – Bringing People to Together         Steve Crocker        January 20, 2011
Brazil   Beautiful country   Warm people   Delicious food   And…                             2
A Prolific Builder of Networks                                 3
About me…   CEO, Shinkuro, Inc.       Collaboration technology and Internet infrastructure security   ICANN       Secu...
Early days   Los Angeles and Chicago area. Math.   Started programming in high school   UCLA -> MIT -> UCLA   Lots of ...
Network origins   Early and mid 1960s – Several attempts    to connect two and three computers   Computers were big, exp...
The Arpanet   Advanced Research Projects Agency    (ARPA, DARPA) is part of the U.S. Dept    of Defense   Funds research...
ARPA Environment   Research labs at major universities and    some companies   Graphics, computer architecture,    progr...
Arpanet – December 1969
Arpanet – June 1970
Arpanet – March 1977
Standards on the Arpanet   Single vendor (BBN) for routers (IMPs)       Proprietary format, addressing, routing   No fo...
The Early “Standards” Process   Open architecture       Multiple protocol layers            Not a fixed number; new lay...
Network Working Group   Loose, open organization       From current or future Arpanet sites   No formal charter       ...
Jon PostelSteve CrockerVint CerfAug 1994 –25 yearanniversary ofthe Arpanet                 15
Documents (The RFCs)   Completely open, informal documents   “Standards” arrived at by consensus       Mild management ...
Jon Postel1943-1998             17
Arpanet begets the InternetLots of other networks Other countries - UK, CA, FR Other agencies - NASA, DoE Local nets - ...
Internet Standards   Network Working Group evolved into    multiple groups   Internet Activities Board (IAB) formed   I...
Keeping track of things   RFCs had numbers      Postel took over from Crocker in 1971   Other things needed numbers    ...
THE GROWTH PERIOD                    21
Internet Users        1000         900         800         700         600millions 500         400         300         200...
Users 1970 – 1997                                            mom!                      business            WWW            ...
Organizations -- Global   IETF – Internet Engineering Task Force   ICANN – Internet Corporation for    Assigned Names an...
Organizations – Regional   LACTLD – Latin America and    Caribbean Top Level Domains   LACNIC – Latin America and Caribb...
The Birth of ICANN   IANA function become complicated       Contention over domain names       Allocation of addresses...
Illustrative      North     South         Europe       Africa       Asia -                       Amer      Amer           ...
Illustrative      North     South         Europe       Africa       Asia -                       Amer      Amer           ...
Security – A Difficult Story   In the early days, each computer had its    own security   Network was open, but we knew ...
As the network grew…   Breakins       Morris Worm in 1988 -> CERT   Firewalls, Virus checkers   Some use of cryptograp...
Cache Poisoning and DNSSEC                             31
1 Webpage = Multiple DNS Name                Resolutionsruss.mundy@cobham.com                  32
DNS: Data FlowZone administrator                         1                                      4  Zone file              ...
DNS VulnerabilitiesCorrupting data                      Impersonating                Cache                                ...
How bad can it get?• In wireless environments, it’s easy to  substitute DNS responses.• Redirect to a false site  – Steal ...
Where Does DNSSEC Come In?• DNSSEC secures the name to address  mapping  – Transport and Application security are just    ...
DNSSEC hypersummary• Data authenticity and integrity by  signing the Resource Records Sets with  private key• Public DNSKE...
History – Design Process   Demonstration of Cache Poisoning in    early 1990s       Raised concern at high levels in the...
The “Final” Design   “Final” design standardized in RFC    4033-35 March 2005   Additional privacy requirement emerged  ...
The Deployment Process   Deployment is separate from design    and standardization   Software products, tools   Documen...
Top Level Domain Leaders   Sweden       .SE first top level domain deployment       Formal launch DNSSEC service Feb 20...
The Root   The Root was signed July 15, 2010   Extensive debate for three years   Lengthy preparation   Two “key cerem...
LOOKING AHEAD                45
Predictions – ScorecardService             Predicted?Email                  YesInstant Messaging      YesJAVA             ...
The Future – TechnicalMore bandwidth, better connectivityVoice interactionGradual automatic translation                   ...
The Future – Organizational   Global businesses and organizations   Emphasis on skills, not location   The door is open...
What to do?   Work on projects that make a difference       The money will take care of itself   Work with others     ...
50
Momento telefônica   steve crocker
Momento telefônica   steve crocker
Upcoming SlideShare
Loading in...5
×

Momento telefônica steve crocker

254

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
254
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Momento telefônica steve crocker

  1. 1. Woodstock, The Internet and Campu2011 – Bringing People to Together Steve Crocker January 20, 2011
  2. 2. Brazil Beautiful country Warm people Delicious food And… 2
  3. 3. A Prolific Builder of Networks 3
  4. 4. About me… CEO, Shinkuro, Inc.  Collaboration technology and Internet infrastructure security ICANN  Security and Stability Advisory Committee (SSAC)  ICANN Board of Directors (currently vice chair) Arpanet pioneer  First connection (UCLA 1969); initial protocols  Request for Comments (RFCs) R&D, R&D management, some start ups  USC-ISI, Aerospace Corp, Trusted Information Systems, CyberCash, Longitude Systems
  5. 5. Early days Los Angeles and Chicago area. Math. Started programming in high school UCLA -> MIT -> UCLA Lots of programming, artificial intelligence Building a network looked fun and useful – but not really “serious” 5
  6. 6. Network origins Early and mid 1960s – Several attempts to connect two and three computers Computers were big, expensive Existed mostly in universities and large businesses  No personal computers 6
  7. 7. The Arpanet Advanced Research Projects Agency (ARPA, DARPA) is part of the U.S. Dept of Defense Funds research to make big changes  “Factor of 10, not 10%” Started Arpanet project in 1967 7
  8. 8. ARPA Environment Research labs at major universities and some companies Graphics, computer architecture, programming languages, artificial intelligence Arpanet built to connect these labs 8
  9. 9. Arpanet – December 1969
  10. 10. Arpanet – June 1970
  11. 11. Arpanet – March 1977
  12. 12. Standards on the Arpanet Single vendor (BBN) for routers (IMPs)  Proprietary format, addressing, routing No formal plan or organization for apps  Organic cooperation among initial sites Informal, cooperative process emerged 12
  13. 13. The Early “Standards” Process Open architecture  Multiple protocol layers  Not a fixed number; new layers anticipated  Middle layers accessible  New protocols encouraged Open participation  Originally just from host sites  Everyone equal - individuals, not organizations  No cost for participation (NWG)  No cost for documents (RFCs) 13
  14. 14. Network Working Group Loose, open organization  From current or future Arpanet sites No formal charter  S. Crocker chaired and was funded Grew from fewer than 10 to 50 and up  Split into parallel working groups  Telnet, File Transfer Protocol (FTP), others 14
  15. 15. Jon PostelSteve CrockerVint CerfAug 1994 –25 yearanniversary ofthe Arpanet 15
  16. 16. Documents (The RFCs) Completely open, informal documents “Standards” arrived at by consensus  Mild management to declare completion  Strong emphasis on running code Documents named “Request for Comments” to emphasize open, invitational nature Became more structured over time 16
  17. 17. Jon Postel1943-1998 17
  18. 18. Arpanet begets the InternetLots of other networks Other countries - UK, CA, FR Other agencies - NASA, DoE Local nets - Ring nets, Ethernet Other media - packet radio, packet satelliteNeed to interconnect and interoperate 18
  19. 19. Internet Standards Network Working Group evolved into multiple groups Internet Activities Board (IAB) formed IETF born under the IAB 1986 19
  20. 20. Keeping track of things RFCs had numbers  Postel took over from Crocker in 1971 Other things needed numbers  Protocol parameters, etc.  Let Postel do it DNS invented  Postel hands out country code TLDs Internet Assigned Numbers Authority (IANA) 20
  21. 21. THE GROWTH PERIOD 21
  22. 22. Internet Users 1000 900 800 700 600millions 500 400 300 200 100 0 5 6 7 8 9 0 1 2 3 4 5 1 99 199 199 199 199 200 200 200 200 200 200data from www.nua.comhttp://www.internetworldstats.com/stats.htm
  23. 23. Users 1970 – 1997 mom! business WWW CSNet NBC TVgeeks geeks and students1970 1981 1988 1997
  24. 24. Organizations -- Global IETF – Internet Engineering Task Force ICANN – Internet Corporation for Assigned Names and Numbers ISOC – Internet Society W3C – World Wide Web Consortium … 24
  25. 25. Organizations – Regional LACTLD – Latin America and Caribbean Top Level Domains LACNIC – Latin America and Caribbean Network Information Center NIC.BR – Brazillian Top Level Domain Many others 25
  26. 26. The Birth of ICANN IANA function become complicated  Contention over domain names  Allocation of addresses ICANN created by U.S. Government  Internet Corporation for Names and Numbers Major Functions  Manage DNS root including defining new TLDs  Allocate IP address blocks  to regional Internet registries (RIRs)  Registers IETF Internet parameter values  Foster competition and innovation  Security too 26
  27. 27. Illustrative North South Europe Africa Asia - Amer Amer Pacific8 Policy & Laws7 Law Enforcement FBI6 Response CERT AUCERT NANOG AFNOG Root Server Operators5 Operations Internet Engineering and Planning Group4 Products/Networks3 Implementation IETF2 Protocols1 Architecture IAB 27
  28. 28. Illustrative North South Europe Africa Asia - Amer Amer Pacific8 Policy & Laws7 Law Enforcement FBI6 Response CERT ICANN AUCERT NANOG AFNOG Root Server Operators5 Operations Internet Engineering and Planning Group4 Products/Networks Advisory role across multiple levels and countries (DNS and addressing only)3 Implementation IETF2 Protocols1 Architecture IAB 28
  29. 29. Security – A Difficult Story In the early days, each computer had its own security Network was open, but we knew each group, and each group knew its users Public key cryptography not yet known 29
  30. 30. As the network grew… Breakins  Morris Worm in 1988 -> CERT Firewalls, Virus checkers Some use of cryptography  SSL, PGP, SSH 30
  31. 31. Cache Poisoning and DNSSEC 31
  32. 32. 1 Webpage = Multiple DNS Name Resolutionsruss.mundy@cobham.com 32
  33. 33. DNS: Data FlowZone administrator 1 4 Zone file master Caching forwarder 2 3 5 Dynamic updates slaves resolver 33
  34. 34. DNS VulnerabilitiesCorrupting data Impersonating Cache master impersonation Zone administrator 1 4 Zone file master Caching forwarder 2 3 5 Dynamic updates slaves resolver Cache pollution by Data spoofing Unauthorized updates Altered zone data Server protection Data protection 34
  35. 35. How bad can it get?• In wireless environments, it’s easy to substitute DNS responses.• Redirect to a false site – Steal passwords• Redirect to a man-in-the-middle site – See and copy an entire session – Web, email, IM, etc.– And, of course, Kaminsky’s attack 35
  36. 36. Where Does DNSSEC Come In?• DNSSEC secures the name to address mapping – Transport and Application security are just other layers. 36
  37. 37. DNSSEC hypersummary• Data authenticity and integrity by signing the Resource Records Sets with private key• Public DNSKEYs used to verify the RRSIGs• Children sign their zones with their private key – Authenticity of that key established by signature by the parent 37
  38. 38. History – Design Process Demonstration of Cache Poisoning in early 1990s  Raised concern at high levels in the U.S. Government  Caused initiation of DNSSEC design work Three major design iterations for more than a decade  Basic design is straightforward  Distributed key management didn’t scale well in early designs 38
  39. 39. The “Final” Design “Final” design standardized in RFC 4033-35 March 2005 Additional privacy requirement emerged  NSEC3 standardized March 2008, RFC 5155 Key Rollover Scheme using Timers  RFC 5011, September 2007 39
  40. 40. The Deployment Process Deployment is separate from design and standardization Software products, tools Documentation – tutorials, manuals, … Services Early adopters  Zone signers  Validators 40
  41. 41. Top Level Domain Leaders Sweden  .SE first top level domain deployment  Formal launch DNSSEC service Feb 2007 Brazil, .MUSEUM, ORG, Bulgaria, Puerto Rico, Brazil, Czech Republic, Portugal, Switzerland, Thailand, Namibia, NET, … Coming soon: United Kingdom, Mexico, COM, many others 41
  42. 42. The Root The Root was signed July 15, 2010 Extensive debate for three years Lengthy preparation Two “key ceremonies” with >30 participants from the entire world This marks the end of the beginning Still a long way to go 42
  43. 43. LOOKING AHEAD 45
  44. 44. Predictions – ScorecardService Predicted?Email YesInstant Messaging YesJAVA YesWorld Wide Web YesSkype YesGoogle NoFacebook No 46
  45. 45. The Future – TechnicalMore bandwidth, better connectivityVoice interactionGradual automatic translation 47
  46. 46. The Future – Organizational Global businesses and organizations Emphasis on skills, not location The door is open to everyone And everyone is competing with you! 48
  47. 47. What to do? Work on projects that make a difference  The money will take care of itself Work with others  The credit will take care of itself Take the initiative Build, don’t destroy 49
  48. 48. 50
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×