NSF Project at Carnegie Mellon Will Develop Architecture That Makes Internet Secure, Smart

Byron SpiceFriday, August 27, 2010

PITTSBURGH—Researchers at Carnegie Mellon University will lead a three-year, $7.1 million effort sponsored by the National Science Foundation (NSF) to develop a next-generation network architecture that fixes security and reliability deficiencies now threatening the viability of the Internet.

The eXpressive Internet Architecture (XIA) Project, one of four new projects funded through the Future Internet Architecture Program of the NSF's Computer and Information Science and Engineering (CISE) Directorate, will include intrinsic security features so that users can be assured that the websites they access and the documents they download are legitimate. XIA also will include features that will help users find the content they seek wherever it is most accessible, speeding information retrieval while easing network traffic.

"Today's Internet is vital to the functioning of our economy and society, yet it is under enormous pressure as security attacks become more sophisticated and as new uses continue to multiply," said Peter Steenkiste, professor of computer science and electrical and computer engineering at Carnegie Mellon. "Obviously, a lot of wisdom is embedded in the current Internet and we'll retain that. But parts of it are clearly broken and can't be fixed with incremental steps."

Steenkiste, the principal investigator for XIA, said many building blocks for correcting the Internet's deficiencies have been developed by various researchers. Putting them together into a usable, working system remains a major challenge, though researchers expect to have a prototype system operating within a year. To explore the technical challenges, the usability issues and public policy implications, the XIA project will draw upon the expertise of researchers across CMU's School of Computer Science and the College of Engineering, as well as colleagues from Boston University and the University of Wisconsin.

Today's Internet is a host-based system in which communications occur by exchanging packets of information over the network between host computers. For instance, a user wishing to read the CNN home page would send a request to the CNN host site, which would then send that content back to the user's host computer. But that same content may well exist on numerous computers, many of which may be closer or more accessible to the user than the CNN site. So XIA will enable users to address packets for the content they seek, rather than to a host site, which could significantly reduce network traffic by eliminating redundant downloads.

"When the original Internet was conceived, no one imagined that the network could keep track of the nearest copy of a huge number of Web pages," Steenkiste said. "But today we know that the network can be smart and that communications don't need to be host-to-host. And in 10 or 20 years, users may want to address packets to something other than hosts or contents, something we can't imagine today, so XIA will be able to accommodate communication with these as-yet unknown entities."

XIA will include intrinsic security features so users can be confident that their communications are trustworthy. For instance, the numeric codes that computers will use to identify documents will be hash values — strings of digits that are mathematically calculated based on the content of each document. A computer can thus mathematically determine whether the document it receives is consistent with the hash value that identifies it, or if it has been altered. Likewise, XIA will use another self-certifying method, called Accountable Internet Protocol, to ascertain that websites are legitimate using public key cryptography. These security features promise to reduce denial-of-service attacks, phishing attacks and the hijacking of messages.

In addition to Steenkiste, the project researchers include networking specialists David Andersen, Srinivasan Seshan and Hui Zhang of Carnegie Mellon's Computer Science Department faculty, Wisconsin's Aditya Akella and Boston's John Byers. Other Carnegie Mellon investigators include security expert Adrian Perrig, technical director of CyLab, and the Computer Science Department's David Feinberg, who will use lessons learned from XIA to improve high school education on Internet use. Sara Kiesler of the Human-Computer Interaction Institute will lead the evaluation of XIA's usability, while Jon Peha and Marvin Sirbu of the Engineering and Public Policy Department will explore the legal, economic and public policy implications of the new network architecture.

Ty Znati, director of the Computer and Network Systems Division within the CISE, said taking those larger social, economic and legal issues into account is an integral part of the Future Internet Architecture Program. In addition to XIA, the program includes projects led by UCLA, Rutgers University and the University of Pennsylvania. Each explores different aspects of a comprehensive network design and emphasizes a different vision of the Internet's future. The NSF anticipates that the teams will work together to enhance and possibly integrate their future Internet architectural ideas. 

For More Information

Byron Spice | 412-268-9068 | bspice@cs.cmu.edu