Download Slide 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Internet protocol suite wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Net neutrality law wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Net bias wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

History of CP/CMS wikipedia , lookup

Transcript
1
IBM Research
Internet: Act II
Krishna Nathan
VP Services
Director Zurich Research Laboratory
IBM Research
Internet Act II
November 25, 2004
© 2002 IBM Corporation
IBM Research
Internet: Act II
The Internet Revolution is far
from complete
 Number of users
 Number of devices
 Speed/bandwidth
We are entering a new
phase of Internet
applications
 Amount of content
 Number of applications
Internet Act II
November 25, 2004
© 2004 IBM Corporation
2
IBM Research
Technology Revolutions
Pervasive Revolution
Internet Revolution
PC Revolution
Mainframe Revolution
Internet Act II
November 25, 2004
© 2004 IBM Corporation
3
IBM Research
Technology Revolutions
e-business
Pervasive Revolution
 Improve intra-organizational productivity
 Streamline business processes between organizations
 Introduced new business Internet
modelsRevolution
Internet Revolution
PC Revolution
Mainframe Revolution
Internet Act II
November 25, 2004
4
Pervasive Revolution
© 2004 IBM Corporation
IBM Research
Technology Revolutions: Business Benefits
Pervasive Wireless enabling the On Demand Era
Pervasive Revolution
 Real time sense and response to core applications
 Access to mission critical data from any location
Revolution
 Connect people, data andInternet
processes
on demand
 Decision making and communication without human
intervention (Autonomic computing)
PC Revolution
Pervasive Revolution
Mainframe Revolution
Internet Act II
November 25, 2004
© 2004 IBM Corporation
5
IBM Research
Any Device
All devices can communicate with and understand one another
RFID &
Interactive
Sensors
 There will be over one trillion
devices by 2005
 Number of communicating
data devices growing from
2.4 billion to 23 billion in
2008 and one trillion by 2012
Source: IDC Research 02/2004
Internet Act II
November 25, 2004
© 2004 IBM Corporation
6
IBM Research
Any Data
Seamlessly communicate exploding amount of data on demand, to
support people and business processes
Amount of data received or transmitted
by device (in Petabytes/Day)
1,200,000
1,000,000
800,000
Industrial
Automobile
 Amount of data accessed will
explode to 1.075 Zettabytes
(1018) by 2008
 Variety of Data
Entertainment
600,000
Mobile
 Driving the need for a flexible
architecture
400,000
200,000
Computers
 Creating opportunity for
business transformation
0
2003 2004 2005 2006 2007 2008
Internet Act II
November 25, 2004
© 2004 IBM Corporation
7
IBM Research
Advanced Radio Technologies
Emerging radio technologies will penetrate non-PC devices and
accelerate pervasive connectivity
 Wireless capability will be incorporated into
devices, appliances, sensors, etc. as “standard
equipment”

Multi-standard radios (MSR) supporting all
types of wireless computing platforms will
enable anytime, anywhere connections

Low power single-standard radios (SSR) will
enable sensor networks
Advanced Radio Technologies
MEMS
MSR: Data Concentrator
BB
DSP
SSR-MSR: Control Point
SSR: Sensor or Actuator
AFE
Multi- or Single
Standard Radio
(MSR or SSR)
System-onChip
Future
Link to Network Infrastructure
Meshed Sensor, RFID and Control Networks
Source: IBM modified after Intel
Internet Act II
Source: IBM
November 25, 2004
© 2004 IBM Corporation
8
IBM Research
Directional Shift in Network Traffic
The massive deployment of smart, networked sensors will dramatically affect
network volume and traffic patterns
Client
Server
Server
Client
Server
Client
Server
Sensors
1:50
1:1
1:1
100:1
Web Server
VoIP
Conversation
P2P File
Sharing
Sensor/RFID
System
 Traditionally, client requests accommodated by caching
 In future, computation will move to the edge of the network
to aggregate, synthesize and filter data
Internet Act II
November 25, 2004
© 2004 IBM Corporation
9
IBM Research
Future Networks
Data, voice and multimedia will be carried over a heterogeneous
physical network running IP
 Supporting very large number and
variety of devices



Wireless communicators: Cell
phones, PDA’s, pagers …
Interactive “smart” sensors: health
monitors, environmental sensors …
RFID tags
Location-based
Services



Complete range of service (internet,
TV, VoIP, …)
Self-configuring
Seamless roaming
On demand remote storage
Internet Act II
On
Demand
Storage
Server
Distributed
storage
SAN
Gateway
PSTN
Enhanced IP
Core Network
 Enabling “true” mobile computing

Edge of Network
Services
Intelligent network
elements
Access
Router
Cellular
Radio
PAN
Base station
November 25, 2004
WLAN
PAN
Access-point
Smart
Sensors /
RFID tags
© 2004 IBM Corporation
10
IBM Research
IPv6 is key to the next phase
IPv6 represents a major step in the Internet’s ability to scale
and support new applications
 Uniform global address space


Ample supply of addresses
Eliminates the problem of
ambiguous “private” addresses
and network address translation
 Automatic configuration
Number of people
Number of unique
IPv4 addresses
 Complete Mobile IP solution
 Global addressability allows end
to end security
Trillion nodes squeezed into
4.3 billion IPv4 addresses ?
IPv6: 340 billion, billion,
billion, billion addresses !
Internet Act II
November 25, 2004
© 2004 IBM Corporation
11
IBM Research
Semantic Connectivity
Future
Traditional
Current
Layer 7: Application
Layer 7: Application
Layer 6: Presentation
Layer 6: Presentation
Layer 5: Session
Layer 5: Session
Layer 5: Session
Layer 4: Transport
Layer 4: Transport
Layer 3: Network
Layer 4: Transport
Layer X: Discovery, Addressing
Layer 3: Network
Layer 2: Media
Access
Layer 1: Physical
Access
Layer 2: Media
Access
Layer 1: Physical
Access
Layer 3: Network
Layer 2: Media
Access
Layer 1: Physical
Access
Routing,
Fixed
Addresses
Discovery,
Layer 7: Application
Addressing,
Routing
Layer 6: Presentation
 Future pervasive IP-based networks


Today, applications implement the network and transport functions needed to
facilitate the seamless mobility of users in the application layer
In the future, the internet protocol stack will be augmented (layer X) to provide
the semantics and application layer information required for intelligent routing
Internet Act II
November 25, 2004
© 2004 IBM Corporation
12
IBM Research
Web Services Complete the Internet Protocol Stack
A New Programming
model and computing
platform is emerging
Person
Application
Business
Process
Presentation
Session
BPEL
BPEL
SOAP
SOAP
XML
HTML
HTTP
1995
Transport
Computer
Network
TCP/IP
Data Link
Network
Physical
 Based on collections of web
services (not networks of
computers)
 Complex sets of distributed
services will appear as
though they exist and run on
a single "machine" - a virtual
computer
 A runtime environment will
be required to support the
semantics and expectations
associated with this new
programming model
Tannenbaum, 1981
Internet Act II
November 25, 2004
© 2004 IBM Corporation
13
IBM Research
Virtual Computer Abstraction
Virtual Abstraction
Physical Resources
New Apps
Virtual
Middleware
Cross system frameworks for
business integration and
other common functions
Virtual OS
Virtual
Engine
Virtual
Computer
Internet Act II
November 25, 2004
© 2004 IBM Corporation
14
IBM Research
The World of "On demand"
The Grid is a key part of the foundation for
On Demand e-business
 On Demand Business




Responsive in real-time
Variable cost structures
Focused on what's core and differentiating
Resilient around the world, around the clock
 On Demand Operating Environment




Integrated
Open
Virtualized
Autonomic
 www.ibm.com/ondemand
Internet Act II
November 25, 2004
© 2004 IBM Corporation
15
IBM Research
On Demand Operating Environment
A new game changing IT platform is emerging
Linux
Open Standards
XML
WSDL
OGSA
Virtualized
 Web Services
 Components based assembly
 Declarative not procedural
SOAP
 Virtual Computer
 Distributed
Autonomic
Integrated
 Manageable
complexity
 Resource utilization
 Resilient
 New Interaction
Paradigm
 Empowering People
 Efficient information
routing
Internet Act II
November 25, 2004
© 2004 IBM Corporation
16
IBM Research
Security and Privacy
Pervasive connectivity and on demand computing will increase security
and privacy concerns, requiring new software and hardware solutions
Attack sophistication increases while intruder
sophistication decreases
 Increased connectivity, diversity of
devices, global resource sharing
and richer applications increase
High
complexity, amplifying the
vulnerability of the network and
escalating the privacy concerns
 New security and privacy policies
will be required
High
Cross-site scripting
Staged attack
Distributed attack
tools
"Stealth" / advanced
scanning techniques
Denial of service
GUI
Packet spoofing
Attack
Sophistication
www attacks
Automated probes
and scans
Network management
diagnosis
Sniffers
Intruder
Sophistication
Sweepers
 Establishment of “trusted” devices,
servers and gateways will be
required to accommodate dynamic
network infrastructure and provide
end-to-end security
Low
Hijacking
sessions
Back Doors
Disabling audits
Password
guessing
Burglaries
Internet availability of
attack scripts
Exploiting Known
Vulnerabilities
Password cracking
Low
Self-replicating code
1980
1985
1990
1995
2000
Source: Network Infrastructure Security (C) 2002 Gary McGraw
Internet Act II
November 25, 2004
© 2004 IBM Corporation
17
IBM Research
Notoriously Difficult Security Problems
 Massive inflow of vulnerabilities


Time to exploitation is shrinking
Increasing sophistication of attacks vs. automation of malware
 Poorly designed software

Poor engineering, poor usability
Secure Internet protocols
 Minimal outflow
(IPSec, SSL, ..) do not

Well-known vulnerabilities do not get
fixed, exploitation
peek often after
address
these
problems
release of patch
 Growing complexity of (security) management



Complex set-up and administration, many ways to do the same thing
Never changed standard passwords and settings/profiles
Helpdesk and other social attacks
 OS, routers, application monocultures

Write once, attack everywhere
Internet Act II
November 25, 2004
© 2004 IBM Corporation
18
IBM Research
Towards a More Secure Infrastructure
Strong isolation on the
platform protects the
app component from
other apps
TPMs on all
devices provide
anchor for strong
authentication
App
App
App
App
A
A
B
B
Virtualization
Application
owner sets the
domain policy
All comm. is
authenticated
and protected
Virtualization
Virtualization
App
App
App
A
A
B
Virtualization
Virtual Trust Domain A
Virtualization
Virtualization
Virtual Trust Domain B
Well-defined control points for inter-trust domain interactions
Internet Act II
November 25, 2004
© 2004 IBM Corporation
19
IBM Research
Privacy Research Roadmap
The challenges:
The next steps:
Today’s focus:
 Assessment and
descriptions of
practices
 Enforcement and audit
 Building tools
 Cross-domain privacy
and identity
management
 Design methods and
process design tools
 Privacy patterns and
tools for specific
applications
 Privacy by default
 Predictable and measurable
trust and privacy
 Privacy in times of
pervasive sensors, virtually
unlimited storage and
computing power, and
totally connected systems
 New business models that
favor privacy
IBM Privacy Research Institute
www.research.ibm.com/privacy
Internet Act II
November 25, 2004
© 2004 IBM Corporation
20
IBM Research
Internet: Act II
We are entering a new phase of
Internet applications
 Pervasive connectivity: One trillion of
connected devices by 2012
 Grid computing evolving into “on demand
computing”
 IPv6 represents a major step in the Internet’s
ability to scale and support new applications
 Security and privacy are critical to the future
of Internet
Internet Act II
November 25, 2004
© 2004 IBM Corporation
21
IBM Research
Seeing Old Things in New Ways
Internet Act II
November 25, 2004
© 2004 IBM Corporation
22
IBM Research
Being lucky
Internet Act II
November 25, 2004
© 2004 IBM Corporation
23
IBM Research
MERCI
THANK YOU
Internet Act II
November 25, 2004
© 2004 IBM Corporation
24
IBM Research
New disruptive technologies, such as WiMax, may also offer
potential threats to wireless operators’ voice and data revenues
Q1-2004
Q2-2004
Q3-2004
Q1-2005
Q4-2004
Q2-2005
Q3-2005
Q4-2005
Technology Evolution
Pre 802.16
802.16a
802.16e
Pilot
Product Evolution
Broadband Deployment
Launch wireless broadband service to areas without
broadband access
Pilot
Triple Play
Use 802.16 standard technology to offer voice,
video, and data in selected markets
Strategic Rationale
 Test
technology,
service
delivery,
and project
economics
 Enhance customer retention
 Provide for revenue growth
 Bundle with other IP services
Internet Act II
November 25, 2004
 Compete with Cable
 Fully leverage the economics of 802.16
© 2004 IBM Corporation
25
IBM Research
Example of Network Convergence
 Converged applications over data networks

VoIP - Growing rapidly in enterprises
• Cable companies offering VoIP service

Delivery of entertainment (TV, video-on-demand, games, etc.)
Enterprise Circuit vs. IP
Telephony Minutes
140
120
80%
100
60%
Data
40%
20%
0%
Thousands
100%
Voice
80
60
40
20
0
20
00
20
01
20
02
20
03
20
04
20
05
20
06
20
07
20
08
20
09
20
10
Percent of Traffic
Relative Use of Voice and Data in
Enterprise Private Exchange
2001 2002 2003 2004 2005
2006
Circuit Switched Voice Minutes
IP Telephony Voice Minutes
Internet Act II
November 25, 2004
© 2004 IBM Corporation
26
IBM Research
Business companies are increasing installing IP equipment with IP
enablement but uncertainties remain on VoIP usage
At the start of 2004 largest companies were using VoIP
• 25% to 30% of American companies

23% of Japanese companies
• 15% to 20% in Europe where the UK then northern Europe are
leading the way
Drivers and inhibitors to VoIP’s deployment
Drivers
Obstacles
Reduced on-net traffic charges
Investments
Removal of a portion of phone access
Security
Traffic sharing on a single network
Difficulty of calculating ROI and TCO
Savings on human resources
Reconfiguration of the internal network
Cost reductions when moving offices,
extending services and changing sites
Increased productivity and mobility
Internet Act II
November 25, 2004
© 2004 IBM Corporation
27
IBM Research
VoIP systems are ideal for businesses that interface with
customers by phone and need to improve customer service
 VoIP enables applications that reside on the converged network
 VoIP makes a better alternative to more traditional customer service solutions as it supports:

wireless access

high-performance teleworker solutions

improved unified communications
 In call centers VoIP is more effective than traditonal solutions

It enables to add remote teleworkers seamlessly to staff calls

Since the calls can be routed anywhere seamlessly, remote workers will have the same
information about the caller and account information.

It can eliminate long distance charges, offering expert resources anywhere in their
network

It allows the latest applications to be networked anywhere, providing more features and
added scalability

The cost of call center applications will come down, making call center applications
(IVR, CTI and speech recognition) more affordable to smaller businesses and remote
locations.
 Key benefit of VoIP is the ability to manage and measure customer interactions through the
use of sophisticated network-wide reporting and management tools and the ability to quickly
make changes across the network to improve customer interactions.
Internet Act II
November 25, 2004
© 2004 IBM Corporation
28
IBM Research
What is SIP?
SIP
proxy
Session Initiation Protocol

A signaling protocol for setting up multimedia sessions
between endpoints

Fundamental shift from PSTN : infrastructure consists of
software on standard servers








SIP
proxy
RTP/UDP
packets
SIP designed in line with other Internet protocols by
the IETF
Uses overlay control network consisting of SIP
Proxies to route SIP messages : Media path
(RTP/UDP) decoupled from signaling
Router
name@domain addressing; message syntax similar
to HTTP
SIP provides

SIP
proxy
Session setup/modification/handoff/tear-down :
Voice/ Video over IP - Mobility control
Presence & Instant Messaging : Signaling message
carries the IM as payload (SIMPLE)
Publish/subscribe mechanism : SUBSCRIBE/
NOTIFY to events
SIP
User Agent
Client
Router
INVITE sip:[email protected]
SIP
User Agent
Server
200 OK
ACK
Supports calls to/from PSTN
Media Stream
Examples of SIP adoption

VoIP : Vonage, CableVision,…

IM : Lotus Sametime

Push-to-talk : Sprint PCS, Verizon Wireless

Collaboration software : Microsoft Live Office
Internet Act II
BYE
November 25, 2004
200 OK
sip.victormoore.com
© 2004 IBM Corporation
29
IBM Research
Major benefits of IPv6
 Automatic configuration



stateless, for manager-free networks
stateful (DHCPv6), for managed networks
help for site renumbering
 Better aggregated routing tables than IPv4
 Complete Mobile IP solution
 Global addressability allows IPSEC end to end.

mechanisms for secure firewall traversal will come
 Simplified header format with clean extensibility.

allows effective header compression
 Provision for a QOS flow label.
3.4 * 10^38 addresses!
Internet Act II
November 25, 2004
© 2004 IBM Corporation
30
IBM Research
Critical advantages of IPv6 for a services oriented
architecture such as the ODOE or a Grid
 Uniform global address space eliminates the
problem of ambiguous “private” addresses and
network address translation


Potential for massive scaling
Avoid interworking units within a VO
 Autoconfiguration and ample supply of addresses
are a big plus for flexible infrastructure configuration

Grids and Web Services use transport and application level
security, but IPv6 network level security is also an
advantage
Internet Act II
November 25, 2004
© 2004 IBM Corporation
31
IBM Research
Security and Network Architecture Protection (NAP)
 Security is a lot more than IPsec

Transport level (TLS/SSL) and applications level (e.g. Web
Services Security) remain fundamental
 NAP: By combining features of IPv6, such as using globally
routeable addresses, unique local addresses, and privacy
addresses appropriately, a network domain can be
effectively protected against many forms of attack at least as
effectively as by using IPv4 NAT, but without the operational
disadvantages of NAT.
 New IETF draft on this just published (IBM, Cisco, TTI
Telecom)

draft-vandevelde-v6ops-nap-00.txt
Internet Act II
November 25, 2004
© 2004 IBM Corporation
32
IBM Research
IPv6: IBM status
 IBM intends to enable IPv6 on all significant platforms and
middleware, in response to evolving market needs



Released IPv6 stacks on our main operating systems
Linux also has good IPv6 support
Plans for all major middleware products in the next 2-3 years
 Thus far NO application or middleware developer reports
special difficulty in upgrading to support IPv6 as well as
IPv4. "It's just work.“
 IBM SWG is tackling this, largely in response to the DoD
requirements - but it takes time, as every component has to
be checked.
Internet Act II
November 25, 2004
© 2004 IBM Corporation
33