Securing the cloud

Cloud computing.
Cloud computing. Image: Jonathas Rodrigues Flickr/CC

This story originally appeared on the Texas Science Web site.

The future of the Internet could look like this: The bulk of the world's computing is outsourced to "the cloud" -- to massive data centers that house tens or even hundreds of thousands of computers. Rather than doing most of the heavy lifting themselves, our PCs, laptops, tablets and smart phones act like terminals, remotely accessing data centers through the Internet while conserving their processing juice for tasks like rendering HD video and generating concert-quality sound.

What needs to be figured out for this cloud-based future to emerge are three big things. One is how the computers within these data centers should talk to each other. Another is how the data centers should talk to each other within a super-secure cloud core. The third is how the cloud should talk to everyone else, including the big Internet service providers, the local ISPs and the end-of-the-line users (i.e. us).

This last channel, in particular, interests Michael Walfish, an assistant professor of computer science and one of the principal investigators of the NEBULA Project, which was awarded $7.5 million by the National Science Foundation to develop an architecture for making the Internet more cloud-friendly. If we're going to be trusting so much of our computing lives to the cloud, he believes, we need to develop a more secure model for how information travels.

Michael Walfish
Michael Walfish, assistant professor of computer science, is working to secure the future of cloud computing. 

"A sender should be able to determine the path that information packets should take," Walfish said. "A receiver should not have to accept traffic that she does not want. An intermediate provider should be able to know where the packet's been and should be able to exercise its policies about the downstream provider that's going to handle the flow next."

Walfish's system for providing such capacities, which he's developing with colleagues at Stanford, the Stevens Institute of Technology and University of California-Berkeley, is called ICING. It's a set of protocols that allow every packet of information not only to plot out a path from beginning to end, choosing every provider along the way, but also to establish a chain of provenance as it goes that proves, to both the intermediaries and the final recipients, that it came from where it said it was coming from.

"What we do is take a packet, a unit of data, and we add some fields to the head of the packet," Walfish said, who in 2009 won an Air Force Young Investigator Award for work related to ICING.

"These fields contain enough cryptographic information to be able to communicate to every realm along the way, and back to the sender, where the packet's been. So when a packet shows up, I know where it's been. I know whether it obeys the policies of everyone along the path. That property does not exist today."

The advantages of such knowledge, Walfish said, should be considerable. Senders, for instance, could contract with intermediate providers for a kind of expressway through the Internet. Recipients would have an easier time sorting their incoming traffic into different levels of priority depending on the routes the packets took.

Perhaps the greatest advantage of adopting a system like ICING, Walfish said, would come in the area of security. Targets of various kinds of Internet attacks, like denial-of-service attacks, would be able to sever traffic from their attackers faster and with much greater precision. Governments would be able to set up channels of communication that pass through only well-vetted and highly-trusted service providers. Internet security companies could, from anywhere in the world, inspect your traffic for viruses.

"Right now, there are ways to deal with attackers, but they're crude, and they're reactive," said Walfish. Once the traffic enters the victim's network link, you're hosed. All you can do is shut it all down. It would be like if you had a huge line of people coming into your office, not letting you get work done. You could kick them all out, but you still wouldn't get any work done because you'd spend all your time kicking them out. What you really need is for them to not show up in the first place."

Continue reading ...