Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Slide 1
Document related concepts
Internet protocol suite wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Net neutrality law wikipedia , lookup
Zero-configuration networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
1 IBM Research Internet: Act II Krishna Nathan VP Services Director Zurich Research Laboratory IBM Research Internet Act II November 25, 2004 © 2002 IBM Corporation IBM Research Internet: Act II The Internet Revolution is far from complete Number of users Number of devices Speed/bandwidth We are entering a new phase of Internet applications Amount of content Number of applications Internet Act II November 25, 2004 © 2004 IBM Corporation 2 IBM Research Technology Revolutions Pervasive Revolution Internet Revolution PC Revolution Mainframe Revolution Internet Act II November 25, 2004 © 2004 IBM Corporation 3 IBM Research Technology Revolutions e-business Pervasive Revolution Improve intra-organizational productivity Streamline business processes between organizations Introduced new business Internet modelsRevolution Internet Revolution PC Revolution Mainframe Revolution Internet Act II November 25, 2004 4 Pervasive Revolution © 2004 IBM Corporation IBM Research Technology Revolutions: Business Benefits Pervasive Wireless enabling the On Demand Era Pervasive Revolution Real time sense and response to core applications Access to mission critical data from any location Revolution Connect people, data andInternet processes on demand Decision making and communication without human intervention (Autonomic computing) PC Revolution Pervasive Revolution Mainframe Revolution Internet Act II November 25, 2004 © 2004 IBM Corporation 5 IBM Research Any Device All devices can communicate with and understand one another RFID & Interactive Sensors There will be over one trillion devices by 2005 Number of communicating data devices growing from 2.4 billion to 23 billion in 2008 and one trillion by 2012 Source: IDC Research 02/2004 Internet Act II November 25, 2004 © 2004 IBM Corporation 6 IBM Research Any Data Seamlessly communicate exploding amount of data on demand, to support people and business processes Amount of data received or transmitted by device (in Petabytes/Day) 1,200,000 1,000,000 800,000 Industrial Automobile Amount of data accessed will explode to 1.075 Zettabytes (1018) by 2008 Variety of Data Entertainment 600,000 Mobile Driving the need for a flexible architecture 400,000 200,000 Computers Creating opportunity for business transformation 0 2003 2004 2005 2006 2007 2008 Internet Act II November 25, 2004 © 2004 IBM Corporation 7 IBM Research Advanced Radio Technologies Emerging radio technologies will penetrate non-PC devices and accelerate pervasive connectivity Wireless capability will be incorporated into devices, appliances, sensors, etc. as “standard equipment” Multi-standard radios (MSR) supporting all types of wireless computing platforms will enable anytime, anywhere connections Low power single-standard radios (SSR) will enable sensor networks Advanced Radio Technologies MEMS MSR: Data Concentrator BB DSP SSR-MSR: Control Point SSR: Sensor or Actuator AFE Multi- or Single Standard Radio (MSR or SSR) System-onChip Future Link to Network Infrastructure Meshed Sensor, RFID and Control Networks Source: IBM modified after Intel Internet Act II Source: IBM November 25, 2004 © 2004 IBM Corporation 8 IBM Research Directional Shift in Network Traffic The massive deployment of smart, networked sensors will dramatically affect network volume and traffic patterns Client Server Server Client Server Client Server Sensors 1:50 1:1 1:1 100:1 Web Server VoIP Conversation P2P File Sharing Sensor/RFID System Traditionally, client requests accommodated by caching In future, computation will move to the edge of the network to aggregate, synthesize and filter data Internet Act II November 25, 2004 © 2004 IBM Corporation 9 IBM Research Future Networks Data, voice and multimedia will be carried over a heterogeneous physical network running IP Supporting very large number and variety of devices Wireless communicators: Cell phones, PDA’s, pagers … Interactive “smart” sensors: health monitors, environmental sensors … RFID tags Location-based Services Complete range of service (internet, TV, VoIP, …) Self-configuring Seamless roaming On demand remote storage Internet Act II On Demand Storage Server Distributed storage SAN Gateway PSTN Enhanced IP Core Network Enabling “true” mobile computing Edge of Network Services Intelligent network elements Access Router Cellular Radio PAN Base station November 25, 2004 WLAN PAN Access-point Smart Sensors / RFID tags © 2004 IBM Corporation 10 IBM Research IPv6 is key to the next phase IPv6 represents a major step in the Internet’s ability to scale and support new applications Uniform global address space Ample supply of addresses Eliminates the problem of ambiguous “private” addresses and network address translation Automatic configuration Number of people Number of unique IPv4 addresses Complete Mobile IP solution Global addressability allows end to end security Trillion nodes squeezed into 4.3 billion IPv4 addresses ? IPv6: 340 billion, billion, billion, billion addresses ! Internet Act II November 25, 2004 © 2004 IBM Corporation 11 IBM Research Semantic Connectivity Future Traditional Current Layer 7: Application Layer 7: Application Layer 6: Presentation Layer 6: Presentation Layer 5: Session Layer 5: Session Layer 5: Session Layer 4: Transport Layer 4: Transport Layer 3: Network Layer 4: Transport Layer X: Discovery, Addressing Layer 3: Network Layer 2: Media Access Layer 1: Physical Access Layer 2: Media Access Layer 1: Physical Access Layer 3: Network Layer 2: Media Access Layer 1: Physical Access Routing, Fixed Addresses Discovery, Layer 7: Application Addressing, Routing Layer 6: Presentation Future pervasive IP-based networks Today, applications implement the network and transport functions needed to facilitate the seamless mobility of users in the application layer In the future, the internet protocol stack will be augmented (layer X) to provide the semantics and application layer information required for intelligent routing Internet Act II November 25, 2004 © 2004 IBM Corporation 12 IBM Research Web Services Complete the Internet Protocol Stack A New Programming model and computing platform is emerging Person Application Business Process Presentation Session BPEL BPEL SOAP SOAP XML HTML HTTP 1995 Transport Computer Network TCP/IP Data Link Network Physical Based on collections of web services (not networks of computers) Complex sets of distributed services will appear as though they exist and run on a single "machine" - a virtual computer A runtime environment will be required to support the semantics and expectations associated with this new programming model Tannenbaum, 1981 Internet Act II November 25, 2004 © 2004 IBM Corporation 13 IBM Research Virtual Computer Abstraction Virtual Abstraction Physical Resources New Apps Virtual Middleware Cross system frameworks for business integration and other common functions Virtual OS Virtual Engine Virtual Computer Internet Act II November 25, 2004 © 2004 IBM Corporation 14 IBM Research The World of "On demand" The Grid is a key part of the foundation for On Demand e-business On Demand Business Responsive in real-time Variable cost structures Focused on what's core and differentiating Resilient around the world, around the clock On Demand Operating Environment Integrated Open Virtualized Autonomic www.ibm.com/ondemand Internet Act II November 25, 2004 © 2004 IBM Corporation 15 IBM Research On Demand Operating Environment A new game changing IT platform is emerging Linux Open Standards XML WSDL OGSA Virtualized Web Services Components based assembly Declarative not procedural SOAP Virtual Computer Distributed Autonomic Integrated Manageable complexity Resource utilization Resilient New Interaction Paradigm Empowering People Efficient information routing Internet Act II November 25, 2004 © 2004 IBM Corporation 16 IBM Research Security and Privacy Pervasive connectivity and on demand computing will increase security and privacy concerns, requiring new software and hardware solutions Attack sophistication increases while intruder sophistication decreases Increased connectivity, diversity of devices, global resource sharing and richer applications increase High complexity, amplifying the vulnerability of the network and escalating the privacy concerns New security and privacy policies will be required High Cross-site scripting Staged attack Distributed attack tools "Stealth" / advanced scanning techniques Denial of service GUI Packet spoofing Attack Sophistication www attacks Automated probes and scans Network management diagnosis Sniffers Intruder Sophistication Sweepers Establishment of “trusted” devices, servers and gateways will be required to accommodate dynamic network infrastructure and provide end-to-end security Low Hijacking sessions Back Doors Disabling audits Password guessing Burglaries Internet availability of attack scripts Exploiting Known Vulnerabilities Password cracking Low Self-replicating code 1980 1985 1990 1995 2000 Source: Network Infrastructure Security (C) 2002 Gary McGraw Internet Act II November 25, 2004 © 2004 IBM Corporation 17 IBM Research Notoriously Difficult Security Problems Massive inflow of vulnerabilities Time to exploitation is shrinking Increasing sophistication of attacks vs. automation of malware Poorly designed software Poor engineering, poor usability Secure Internet protocols Minimal outflow (IPSec, SSL, ..) do not Well-known vulnerabilities do not get fixed, exploitation peek often after address these problems release of patch Growing complexity of (security) management Complex set-up and administration, many ways to do the same thing Never changed standard passwords and settings/profiles Helpdesk and other social attacks OS, routers, application monocultures Write once, attack everywhere Internet Act II November 25, 2004 © 2004 IBM Corporation 18 IBM Research Towards a More Secure Infrastructure Strong isolation on the platform protects the app component from other apps TPMs on all devices provide anchor for strong authentication App App App App A A B B Virtualization Application owner sets the domain policy All comm. is authenticated and protected Virtualization Virtualization App App App A A B Virtualization Virtual Trust Domain A Virtualization Virtualization Virtual Trust Domain B Well-defined control points for inter-trust domain interactions Internet Act II November 25, 2004 © 2004 IBM Corporation 19 IBM Research Privacy Research Roadmap The challenges: The next steps: Today’s focus: Assessment and descriptions of practices Enforcement and audit Building tools Cross-domain privacy and identity management Design methods and process design tools Privacy patterns and tools for specific applications Privacy by default Predictable and measurable trust and privacy Privacy in times of pervasive sensors, virtually unlimited storage and computing power, and totally connected systems New business models that favor privacy IBM Privacy Research Institute www.research.ibm.com/privacy Internet Act II November 25, 2004 © 2004 IBM Corporation 20 IBM Research Internet: Act II We are entering a new phase of Internet applications Pervasive connectivity: One trillion of connected devices by 2012 Grid computing evolving into “on demand computing” IPv6 represents a major step in the Internet’s ability to scale and support new applications Security and privacy are critical to the future of Internet Internet Act II November 25, 2004 © 2004 IBM Corporation 21 IBM Research Seeing Old Things in New Ways Internet Act II November 25, 2004 © 2004 IBM Corporation 22 IBM Research Being lucky Internet Act II November 25, 2004 © 2004 IBM Corporation 23 IBM Research MERCI THANK YOU Internet Act II November 25, 2004 © 2004 IBM Corporation 24 IBM Research New disruptive technologies, such as WiMax, may also offer potential threats to wireless operators’ voice and data revenues Q1-2004 Q2-2004 Q3-2004 Q1-2005 Q4-2004 Q2-2005 Q3-2005 Q4-2005 Technology Evolution Pre 802.16 802.16a 802.16e Pilot Product Evolution Broadband Deployment Launch wireless broadband service to areas without broadband access Pilot Triple Play Use 802.16 standard technology to offer voice, video, and data in selected markets Strategic Rationale Test technology, service delivery, and project economics Enhance customer retention Provide for revenue growth Bundle with other IP services Internet Act II November 25, 2004 Compete with Cable Fully leverage the economics of 802.16 © 2004 IBM Corporation 25 IBM Research Example of Network Convergence Converged applications over data networks VoIP - Growing rapidly in enterprises • Cable companies offering VoIP service Delivery of entertainment (TV, video-on-demand, games, etc.) Enterprise Circuit vs. IP Telephony Minutes 140 120 80% 100 60% Data 40% 20% 0% Thousands 100% Voice 80 60 40 20 0 20 00 20 01 20 02 20 03 20 04 20 05 20 06 20 07 20 08 20 09 20 10 Percent of Traffic Relative Use of Voice and Data in Enterprise Private Exchange 2001 2002 2003 2004 2005 2006 Circuit Switched Voice Minutes IP Telephony Voice Minutes Internet Act II November 25, 2004 © 2004 IBM Corporation 26 IBM Research Business companies are increasing installing IP equipment with IP enablement but uncertainties remain on VoIP usage At the start of 2004 largest companies were using VoIP • 25% to 30% of American companies 23% of Japanese companies • 15% to 20% in Europe where the UK then northern Europe are leading the way Drivers and inhibitors to VoIP’s deployment Drivers Obstacles Reduced on-net traffic charges Investments Removal of a portion of phone access Security Traffic sharing on a single network Difficulty of calculating ROI and TCO Savings on human resources Reconfiguration of the internal network Cost reductions when moving offices, extending services and changing sites Increased productivity and mobility Internet Act II November 25, 2004 © 2004 IBM Corporation 27 IBM Research VoIP systems are ideal for businesses that interface with customers by phone and need to improve customer service VoIP enables applications that reside on the converged network VoIP makes a better alternative to more traditional customer service solutions as it supports: wireless access high-performance teleworker solutions improved unified communications In call centers VoIP is more effective than traditonal solutions It enables to add remote teleworkers seamlessly to staff calls Since the calls can be routed anywhere seamlessly, remote workers will have the same information about the caller and account information. It can eliminate long distance charges, offering expert resources anywhere in their network It allows the latest applications to be networked anywhere, providing more features and added scalability The cost of call center applications will come down, making call center applications (IVR, CTI and speech recognition) more affordable to smaller businesses and remote locations. Key benefit of VoIP is the ability to manage and measure customer interactions through the use of sophisticated network-wide reporting and management tools and the ability to quickly make changes across the network to improve customer interactions. Internet Act II November 25, 2004 © 2004 IBM Corporation 28 IBM Research What is SIP? SIP proxy Session Initiation Protocol A signaling protocol for setting up multimedia sessions between endpoints Fundamental shift from PSTN : infrastructure consists of software on standard servers SIP proxy RTP/UDP packets SIP designed in line with other Internet protocols by the IETF Uses overlay control network consisting of SIP Proxies to route SIP messages : Media path (RTP/UDP) decoupled from signaling Router name@domain addressing; message syntax similar to HTTP SIP provides SIP proxy Session setup/modification/handoff/tear-down : Voice/ Video over IP - Mobility control Presence & Instant Messaging : Signaling message carries the IM as payload (SIMPLE) Publish/subscribe mechanism : SUBSCRIBE/ NOTIFY to events SIP User Agent Client Router INVITE sip:[email protected] SIP User Agent Server 200 OK ACK Supports calls to/from PSTN Media Stream Examples of SIP adoption VoIP : Vonage, CableVision,… IM : Lotus Sametime Push-to-talk : Sprint PCS, Verizon Wireless Collaboration software : Microsoft Live Office Internet Act II BYE November 25, 2004 200 OK sip.victormoore.com © 2004 IBM Corporation 29 IBM Research Major benefits of IPv6 Automatic configuration stateless, for manager-free networks stateful (DHCPv6), for managed networks help for site renumbering Better aggregated routing tables than IPv4 Complete Mobile IP solution Global addressability allows IPSEC end to end. mechanisms for secure firewall traversal will come Simplified header format with clean extensibility. allows effective header compression Provision for a QOS flow label. 3.4 * 10^38 addresses! Internet Act II November 25, 2004 © 2004 IBM Corporation 30 IBM Research Critical advantages of IPv6 for a services oriented architecture such as the ODOE or a Grid Uniform global address space eliminates the problem of ambiguous “private” addresses and network address translation Potential for massive scaling Avoid interworking units within a VO Autoconfiguration and ample supply of addresses are a big plus for flexible infrastructure configuration Grids and Web Services use transport and application level security, but IPv6 network level security is also an advantage Internet Act II November 25, 2004 © 2004 IBM Corporation 31 IBM Research Security and Network Architecture Protection (NAP) Security is a lot more than IPsec Transport level (TLS/SSL) and applications level (e.g. Web Services Security) remain fundamental NAP: By combining features of IPv6, such as using globally routeable addresses, unique local addresses, and privacy addresses appropriately, a network domain can be effectively protected against many forms of attack at least as effectively as by using IPv4 NAT, but without the operational disadvantages of NAT. New IETF draft on this just published (IBM, Cisco, TTI Telecom) draft-vandevelde-v6ops-nap-00.txt Internet Act II November 25, 2004 © 2004 IBM Corporation 32 IBM Research IPv6: IBM status IBM intends to enable IPv6 on all significant platforms and middleware, in response to evolving market needs Released IPv6 stacks on our main operating systems Linux also has good IPv6 support Plans for all major middleware products in the next 2-3 years Thus far NO application or middleware developer reports special difficulty in upgrading to support IPv6 as well as IPv4. "It's just work.“ IBM SWG is tackling this, largely in response to the DoD requirements - but it takes time, as every component has to be checked. Internet Act II November 25, 2004 © 2004 IBM Corporation 33
