Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

NSF Awards $15m to Develop Secure Internet Architecture

The NSF is awarding $15 million in grants for the development, deployment and testing of future internet architectures
The NSF is awarding $15 million in grants for the development, deployment and testing of future internet architectures

In 2010, the Directorate for Computer and Information Science and Engineering (CISE) at the NSF announced awards for four  projects, each worth up to $8 million over three years, as part of the Future Internet Architecture (FIA) program. The awards enabled researchers at dozens of institutions across the US to pursue new ways to build a more trustworthy and robust internet. That was mostly an exploratory phase; now, new grants are funding trial deployments for three of them to test the concepts in a real-world scenario.

“The objective of the new awards is to move the FIA efforts from the design stage to piloted deployments that assess how the designs work at large-scale and within challenging, realistic environments,” the NSF said. “Cities, non-profit organizations, academic institutions and industrial partners across the nation will collaborate with researchers to test the new designs.”

Two notable projects from the cybersecurity perspective are Named Data Networking (NDN) and eXpressive Internet Architecture (XIA). The third awardee is the MobilityFirst project.

"These projects are just the beginning of what it would take to create a full-scale Future Internet," said Keith Marzullo, director for NSF's Computer and Network Systems Division, "but the ultimate goal is the design and deployment of a network that serves all the needs of society."

NDN will trade in the internet’s existing client-server model of interaction for a new model centered on content creation, dissemination and delivery. It will include mechanisms to support secure content-oriented functionality, regardless of the specific physical location where the content resides. The architecture thus moves the communication paradigm from today's focus on "where", i.e., addresses, servers and hosts, to "what", i.e., the content that users and applications care about.

“By naming data instead of their location (IP address), NDN transforms data into first-class entities,” the NSF explained. “While the current Internet secures the communication channel or path between two communication points and sometimes the data with encryption, NDN secures the content and provides essential context for security.”

This approach allows the decoupling of trust in data from trust in hosts and servers, enabling trustworthiness as well as several radically scalable communication mechanisms; for example, automatic caching to optimize bandwidth and the potential to move content along multiple paths to the destination. This project addresses the technical challenges in creating NDN, including routing scalability, fast forwarding, trust models, network security, content protection and privacy, and a new fundamental communication theory enabling its design.

The NDN project is partnering with Open mHealth, a non-profit, patient-centric health ecosystem, and with UCLA Facilities Management, which operates the second largest Siemens building monitoring system on the West Coast, to test actual implementation.

When it comes to XIA, researchers at Carnegie-Mellon University and three other institutions are planning to use a $5 million, two-year grant to test a next-generation internet architecture they've developed, geared to eliminate bottlenecks and incorporate intrinsic security features that can assure users that the websites they access and documents they download are legitimate.

The trials will involve delivering online video on a national scale, and setting up a vehicular network in Pittsburgh.

XIA also includes caching features – the researchers said the network will be able “to directly access content where it is most accessible, not necessarily on a host website.” The details of the actual deployments have yet to be worked out, according to Peter Steenkiste, professor of computer science and electrical and computer engineering at Carnegie-Mellon and XIA's principal investigator. However, in the online video case, it will probably involve various nodes spread across the US.

In that trial, the researchers will test the XIA network's ability to eliminate bottlenecks in the transmission of video, which now accounts for a majority of internet traffic and is slated to grow and strain the network further. Loss of even a few data packets in a high-definition video stream is of course readily apparent, Steenkiste noted, so this will be a critical test of XIA's reliability.

Meanwhile, vehicles can use wireless communication channels called dedicated short-range communications, or DSRC, that are similar to Wi-Fi. Creating DSRC networks is challenging, however, because cars and trucks quickly pass from one DSRC access point to the next. Again, because XIA enables computer users to directly access content wherever it might be on the network, rather than always accessing a host website, it should enable vehicles to solve this issue.

Plans are underway to deploy XIA in a network in and around the CMU campus, or possibly piggybacking atop downtown Pittsburgh's free Wi-Fi network, to enable vehicles to share information about road and traffic conditions and to enable occupants to access the internet and entertainment options.

Simply finding a way to evaluate network architectures will be part of the research effort, Steenkiste said, noting no widely accepted benchmarks yet exist. "It's not like the network is simply faster — it's more abstract than that," he explained. Security and reliability are some of the properties that must be evaluated.

"These deployments will leverage, and enable us to deepen, our work on secure network operations, including providing a highly available infrastructure and secure authentication mechanisms," Steenkiste said. "They will enable us to build and test a robust XIA network and establish best practices for using our architecture, including support for mobility and enhanced cybersecurity."

XIA is designed to evolve with the internet, so that it will enable future users to accommodate communications with entities that no one has dreamed of yet, researchers said. Also it’s being architected so that it can be deployed piecemeal, so that the entire internet need not be transformed before people can start seeing XIA's benefits.

What’s Hot on Infosecurity Magazine?