Imagine the situation - a global tele-conference has been convened by the UN to discuss how to regulate the global Internet. Each participant is geographically separate from all others, and uses the Internet to communicate with the other participants. Meanwhile there are myriad observers who wish to discover how their favourite communication medium is going to evolve. Because such weighty matters hang upon the utterances of each speaker, the participants need to be sure that each speaker is actually who she purports to be. Indeed, there is a band of rogue hackers who disagree with the direction that Internet Evolution is proceeding, and wish to subvert the conference. The hackers intend to imitate speakers and thus drag the conference to a more anarchic decision.
For the technology described previously, the hackers need only create the speech packets, and then send to the multicast group, using the same identifiers as the real participant10.1. If they wish to be really sneaky they could forge group leave packets for the participant they are imitating, and then feed the imitated person sufficient of the conference so that their suspicions are not aroused.
It is obvious that the technology in the above scenario needs to be extended:
How is the identity of the speakers proven? Through authenticating that the packets really came from the purported source, generally by attaching some data explicitly, or implicitly in the stream, which can only be generated by the source. In talking to people, this comes in voice patterns, in the patterns of speech such as mannerisms, in the subjects and things they know, and most importantly, by checking that their physical appearance corresponds to the person we believe. However, there are times when we do not know enough about the individual to use these techniques - instead we trust to some token which only the individual could possess - a letter of introduction from a trusted friend or the policeman's badge.
In the networked domain, we use the same techniques - if we are talking to people we know, then it is sufficient to trust to the past history to give us clues that they are who they say they are. However, this is more difficult in the electronic domain, and so we can expect the growth of new urban myths where students embarrass teachers by pretending to be someone else. In the plenary session above, the technique used would be to attach a token to the packets, which can only have been generated by the individual. How can we generate these tokens? We shall discuss this below in the use of cryptography.
Our hackers above could deny service to the participant because the network is open. There are many good reasons to design open networks10.2, but there are times when it is necessary to protect the network. This can be achieved through the use of features of the routing protocols the judicious use of filters and firewalls, and careful design of network topology.
Next: Pay per View Distribution
Up: Roadmap
Previous: Roadmap
Jon CROWCROFT
1998-12-03