A responsible internet: the challenges ahead (part 2 of 2)

Evolving the internet through additional design goals

We think of a responsible internet as the next stage in the evolution of the internet because it adds the goals of transparency, accountability and controllability to the original set of design goals of the internet protocol suite. Interestingly, accountability (which depends on transparency) was a goal of the internet’s original design as well but ended up taking a back seat to other goals (e.g. survivability in military environments). Our notion of a responsible internet is agnostic to previous and future changes to internet standards, so it can also be used in ‘clean slate’ internetworks, such as those based on SCION or RINA.

Design principles for a responsible internet

Developing and spinning up a responsible internet is an ambitious endeavour that introduces many technical and non-technical research challenges (see below), so we’ll need a few basic design principles to make the work feasible and manageable.

Open networking

Our first design principle is that we implement a responsible internet on networking hardware (e.g. routers and switches) that can be programmed through open-source software and consists of open hardware modules. We call this ‘open networking’. Open networking is important because it allows for the remote attestation of networking hardware and software security, the gradual introduction of new network functions, and fine-grained telemetry from network data planes. Open source-based programmable routers are already commercially available (e.g. based on P4-programmable ASICs).

Large-scale multi-source measurements

Our second design principle is that we populate network operator descriptions (see Figure 1 in part 1 of this blog) using large-scale measurements from multiple sources and multiple vantage points on the internet. Examples of such sources are heterogeneous measurement systems operated by independent observers (e.g. using OpenINTEL), telemetry from open programmable data planes inside operator networks and ‘self-descriptions’ that network operators provide, similar to the descriptions of GAIA-X nodes.

Technical research challenges

Our first technical challenge is to design, prototype and evaluate the mechanisms that a responsible internet requires. Examples include:

• Transparency: specification languages to capture the security attributes and relationships of network operators, interoperable systems that continually measure their values from multiple vantage points, and open source network data planes.

• Accountability: mechanisms such as append-only logs that enable users to retrieve and cryptographically verify transparency details, for instance in terms of changes that operators made to their networks.

• Controllability: specification languages that enable users to express the trust and sovereignty requirements for their traffic and protocols for the responsible internet to find matching operators and route traffic through them.

Another important challenge is how to balance security and transparency because a responsible internet’s network descriptions may offer attackers quicker and more effective reconnaissance methods for possible targets. Finally, our challenge is to spin-up a small-scale responsible internet and then grow it organically. The network can for instance piggyback on the existing Dutch national P4 testbed, which uses SURF’s optical network to interconnect P4-programmable hardware at the University of Twente, University of Amsterdam, Delft University of Technology, AMS-IX, SIDN Labs and SURF.

Non-technical challenges

An important non-technical challenge is how we can demonstrate the added value of a responsible internet for various types of user (e.g. providers of critical services, policy makers and citizens) using the small-scale responsible internet. This requires close interaction with domain experts (e.g. from the energy industry) and network operators. It also requires the development of prototype services, for instance for the control room of a grid provider (cf. Figure 1). Such validations also help to flesh out the technical mechanisms that a responsible internet requires. Another major non-technical challenge is the development and evaluation of incentives for network operators to gradually roll out the concept. Open networking plays an important role in accomplishing this, because otherwise the internet would require a complete overhaul of all its equipment and software. Incentives may include new revenue models for network operators enabled by a responsible internet (e.g. based on an operator’s ‘responsibility score’) and new policies, for instance set by industry initiatives similar to MANRS or by national governments.

Getting it off the drawing board

These challenges illustrate that building an operational responsible internet is a daunting task. However, we believe it is possible to get the concept off the drawing board because several basic building blocks already exist, such as for our two technical pillars of large-scale measurements (e.g. the OpenINTEL measurement system) and open networking (e.g. the Dutch national P4 testbed). We therefore recently submitted a proposal in response to the NWA Cybersecurity Call to request funding to further investigate the concept, in particular to develop the core technologies and incentives for network operators, and to spin-up a small-scale responsible internet. If granted, these funds will enable us to reinforce existing collaborations between Dutch universities and companies and thus significantly advance the topic of secure, stable and transparent future networks.

Looking forward to your feedback!

We realise that a responsible internet is a concept that might take some discussion before it can be digested and accepted (or, indeed, rejected). We are therefore very much open to your input and feedback and we hope that this blog will contribute to a wider, cross-discipline dialogue among stakeholders such as researchers, citizens, operators and policy makers. If you’re interested in more details, you check out the paper we wrote. It discusses the concept of a responsible internet in more detail, including the research challenges and starting points we identified. The paper was published in the September issue of the Journal of Network and Systems Management (JNSM).

Acknowledgements

This work is part of the 2STiC research programme (Security, Stability and Transparency for inter-network Communications). Website: https://www.2stic.nl/. SIDN and the University of Twente were partly funded by the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No 830927. Project website: https://www.concordia-h2020.eu/. University of Amsterdam was funded by the Dutch Science Foundation in the Commit2Data programme (grant no: 628.001.001). Project website: https://dl4ld.nl/ .