Lost In the Edge : Finding Your Way With Signposts

The de facto architecture of today’s Internet services all but removes users’ ability to establish inter-device connectivity except through centrally controlled “cloud” services. Whilst undeniably convenient, the centralised data silos of the cloud remain opaque and an attractive target for attackers. A range of mechanisms exist for establishing secure peer-to-peer connections, but are inaccessible to most users due to the intricacy of their network configuration assumptions. Users effectively give up security, privacy and (when peers are both on the same LAN) low-latency simply to get something useable. We observe that existing Internet technologies suffice to support efficient, secure and decentralized communication between users, even in the face of the extreme diversity of edge connectivity and middlebox intervention. We thus present Signpost, a system that explicitly represents individual users in a network-wide architecture. Signpost DNS servers create a “personal CDN” for individuals, securely orchestrating the many different available techniques for establishing device-to-device connectivity to automatically select the most appropriate. A DNS API gives application compatibility, and DNSSEC and DNSCurve bootstraps secure connectivity.

[1]  Frank Stajano,et al.  The Resurrecting Duckling , 1999 .

[2]  Donald E. Eastlake,et al.  DNS Request and Transaction Signatures ( SIG(0)s ) , 2000, RFC.

[3]  David D. Clark,et al.  Rethinking the design of the Internet , 2001, ACM Trans. Internet Techn..

[4]  Brian E. Carpenter,et al.  Middleboxes: Taxonomy and Issues , 2002, RFC.

[5]  Laurie Thomas Lee The USA PATRIOT Act and Telecommunications: Privacy under Attack , 2003 .

[6]  Bryan Ford,et al.  Unmanaged Internet Protocol , 2004, Comput. Commun. Rev..

[7]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[8]  Robert Tappan Morris,et al.  Persistent personal names for globally connected mobile devices , 2006, OSDI '06.

[9]  Saikat Guha,et al.  Identity Trail: Covert Surveillance Using DNS , 2007, Privacy Enhancing Technologies.

[10]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[11]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[12]  Marcel Dischinger,et al.  Detecting bittorrent blocking , 2008, IMC '08.

[13]  Boris Nechaev,et al.  Netalyzr: illuminating the edge network , 2010, IMC '10.

[14]  Jon Crowcroft,et al.  The near-term feasibility of P2P MMOG's , 2010, 2010 9th Annual Workshop on Network and Systems Support for Games.

[15]  Ramesh K. Sitaraman,et al.  The Akamai network: a platform for high-performance internet applications , 2010, OPSR.

[16]  Saleem N. Bhatti,et al.  Reducing DNS caching , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[17]  Mark Handley,et al.  Is it still possible to extend TCP? , 2011, IMC '11.

[18]  Saleem N. Bhatti,et al.  Identifier-Locator Network Protocol (ILNP) Architectural Description , 2012, RFC.

[19]  Bencheng Yu,et al.  Research of Access Control List in Enterprise Network Management , 2013 .

[20]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[21]  Stuart Cheshire,et al.  DNS-Based Service Discovery , 2013, RFC.

[22]  Marco Chiesa,et al.  Analysis of country-wide internet outages caused by censorship , 2011, IMC '11.