China’s next-generation internet is streets ahead of the West

“At the root of the problem,” says the New Scientist, “are ‘two major gaps in the architecture of the internet’, according to a report from the New England Complex Systems Institute, compiled in 2008 for the US Navy and released to the public this week.” Those ‘gaps’ include firstly an inability to block malware as a whole rather than after recognizing individual instances, and secondly – although not made explicit in the article – the lack of IPv4 capacity for future internet expansion.

The two technologies that are best suited to solve these problems are SAVA for malware and IPv6 for space – both of which are being implemented in China’s next-generation internet project. But SAVA is hardly new, nor its use by China unknown. In 2007 Jianping Wu at China’s Beijing Tsinghua University published a paper, Source Address Validation: Architecture and Protocol Design, that explained, “This architecture is deployed into the CNGI-CERNET2 infrastructure - a large-scale native IPv6 backbone network of the China Next Generation Internet project. We believe that the Source Address Validation Architecture will help the transition to a new, more secure and sustainable Internet.”

Wu expanded on this in 2008, in Building a next generation Internet with source address validation architecture. In this he explains how SAVA can be implemented to make the internet more secure since every packet transmitted across the network will hold an authenticated source IP address. That address must be authorized, unique and traceable. “The packets that do not hold an authenticated source address will not be forwarded in network. Therefore it is impossible to launch network attacks with spoofed source addresses,” he wrote.

Other advantages he mentions include fine grained network management, where providers “can easily bill users based on their end-to-end usage, as is the case with telephony;” application authentication without the need for cryptography; and the acceleration of new internet applications. For the last, he notes, “P2P applications and other large scale multimedia applications (for example, VoIP using SIP), can be accelerated in deployment and improved in performance by using globally unique authenticated IPv6 addresses.”

That last point is important. “While SAVA is applicable for IPv4 networks it is designed for IPv6 networks,” he continues. The fundamental reason for China’s next-generation internet being more advanced than anything in the West is not some secret project but its more rapid deployment of IPv6, something the West is still struggling with. The New Scientist quotes Donald Riley, an information systems specialist at the University of Maryland: “If you are thinking about the future of the internet, anyone that explores that territory and maps it out first has a definite competitive advantage; especially with the resources available to China.”

What’s Hot on Infosecurity Magazine?