internet: act ii

1

© 2002 IBM Corporation

IBM Research

Internet Act II November 25, 2004

Internet: Act II

Krishna NathanVP ServicesDirector Zurich Research Laboratory IBM Research

IBM Research

Internet Act II November 25, 2004 © 2004 IBM Corporation 2

Internet: Act II

Number of users

Number of devices

Speed/bandwidth

Amount of content

Number of applications

The Internet Revolution is far from complete

We are entering a new phase of Internet

applications

IBM Research


Technology Revolutions

Mainframe Revolution

Internet Revolution

Pervasive Revolution

PC Revolution

IBM Research



Internet Revolution


PC Revolution

e-business

Improve intra-organizational productivity

Streamline business processes between organizations

Introduced new business models

Technology Revolutions

Internet Revolution


IBM Research



Internet Revolution


PC Revolution

Technology Revolutions: Business Benefits

Pervasive Wireless enabling the On Demand Era

Real time sense and response to core applications

Access to mission critical data from any location

Connect people, data and processes on demand

Decision making and communication without human intervention (Autonomic computing)


IBM Research


Any Device

There will be over one trillion devices by 2005

Number of communicating data devices growing from 2.4 billion to 23 billion in 2008 and one trillion by 2012

Source: IDC Research 02/2004

RFID &Interactive Sensors

All devices can communicate with and understand one another

IBM Research


Any Data

0

200,000

400,000

600,000

800,000

1,000,000

1,200,000

2003 2004 2005 2006 2007 2008

Amount of data accessed will explode to 1.075 Zettabytes (1018) by 2008

Variety of Data

Driving the need for a flexible architecture

Creating opportunity for business transformation

Amount of data received or transmitted by device (in Petabytes/Day)

Computers

IndustrialAutomobile

Mobile

Entertainment

Seamlessly communicate exploding amount of data on demand, to support people and business processes

IBM Research


FutureSystem-on-Chip

MEMS BBDSP

AFE

Multi- or SingleStandard Radio(MSR or SSR)

Advanced Radio Technologies

Source: IBM modified after Intel Source: IBM

MSR: Data Concentrator

SSR-MSR: Control Point

SSR: Sensor or Actuator

Link to Network Infrastructure

Meshed Sensor, RFID and Control Networks

Advanced Radio Technologies

Wireless capability will be incorporated into devices, appliances, sensors, etc. as “standard equipment”

Multi-standard radios (MSR) supporting all types of wireless computing platforms will enable anytime, anywhere connections

Low power single-standard radios (SSR) will enable sensor networks

Emerging radio technologies will penetrate non-PC devices and accelerate pervasive connectivity

IBM Research


Directional Shift in Network Traffic

1:50

Web Server

Client Server

1:1

VoIP Conversation

Client Server

1:1

P2P File Sharing

Client Server

100:1

Sensor/RFID System

Sensors Server

The massive deployment of smart, networked sensors will dramatically affect network volume and traffic patterns

Traditionally, client requests accommodated by caching

In future, computation will move to the edge of the network to aggregate, synthesize and filter data

IBM Research


Future Networks

Supporting very large number and variety of devices

Wireless communicators: Cell phones, PDA’s, pagers …

Interactive “smart” sensors: health monitors, environmental sensors …

RFID tags

Enabling “true” mobile computing Complete range of service (internet,

TV, VoIP, …) Self-configuring Seamless roaming On demand remote storage

Data, voice and multimedia will be carried over a heterogeneous physical network running IP

PAN

Server

Gateway

PSTN Enhanced IPCore Network

Base station

WLAN

Access-point

Intelligent networkelements

CellularRadio

AccessRouter

Location-based

Services

On Demand Storage

PAN

Distributed storage

Edge of NetworkServices

SAN

Smart Sensors / RFID tags

IBM Research


IPv6 is key to the next phase

Uniform global address space Ample supply of addresses

Eliminates the problem of ambiguous “private” addresses and network address translation

Automatic configuration

Complete Mobile IP solution

Global addressability allows end to end security

Number of people

Number of unique IPv4 addresses

Trillion nodes squeezed into 4.3 billion IPv4 addresses ?

IPv6: 340 billion, billion, billion, billion addresses !

IPv6 represents a major step in the Internet’s ability to scale and support new applications

IBM Research


Semantic Connectivity

Future pervasive IP-based networks Today, applications implement the network and transport functions needed to

facilitate the seamless mobility of users in the application layer In the future, the internet protocol stack will be augmented (layer X) to provide

the semantics and application layer information required for intelligent routing

Layer 6: Presentation

Layer 5: Session

Layer 4: Transport

Layer 3: Network

Layer 2: Media Access

Layer 1: Physical Access

Layer 7: ApplicationDiscovery,Addressing,Routing


Layer 5: Session

Layer 4: Transport

Layer 3: Network



Layer 7: Application

Routing,Fixed Addresses

Traditional Current


Layer 5: Session

Layer 4: Transport

Layer 3: Network



Layer 7: Application

Layer X: Discovery, Addressing

Future

IBM Research


Web Services Complete the Internet Protocol Stack

TCP/IP

Network

Computer

Business Process

Person

BPELSOAP

Application

Presentation

Session

Transport

Network

Data Link

Physical

1995

Tannenbaum, 1981

A New Programmingmodel and computingplatform is emerging

Based on collections of web services (not networks of computers)

Complex sets of distributed services will appear as though they exist and run on a single "machine" - a virtual computer

A runtime environment will be required to support the semantics and expectations associated with this new programming model

BPELSOAPXMLHTMLHTTP

IBM Research


Virtual Computer Abstraction

Virtual Middleware

Virtual OS

Virtual Engine

New Apps

Cross system frameworks for business integration and other common functions

Set of distributed services

that transparently manages

processes & resources

Distributed, heterogeneous set

of computers, operating

systems and networks

Virtual Abstraction Physical Resources

Virtual Computer

IBM Research


The World of "On demand"

On Demand Business Responsive in real-time Variable cost structures Focused on what's core and differentiating Resilient around the world, around the clock

On Demand Operating Environment Integrated Open Virtualized Autonomic

www.ibm.com/ondemand

The Grid is a key part of the foundation for On Demand e-business

IBM Research


On Demand Operating Environment

Integrated New Interaction

Paradigm Empowering People Efficient information

routing

Open Standards Web Services Components based assembly Declarative not procedural

Virtualized Virtual Computer Distributed

Autonomic Manageable

complexity Resource utilization Resilient

Linux

OGSA

SOAP

WSDL

XML

A new game changing IT platform is emerging

IBM Research


Security and Privacy

Increased connectivity, diversity of devices, global resource sharing and richer applications increase complexity, amplifying the vulnerability of the network and escalating the privacy concerns

New security and privacy policies will be required

Establishment of “trusted” devices, servers and gateways will be required to accommodate dynamic network infrastructure and provide end-to-end security

Pervasive connectivity and on demand computing will increase security and privacy concerns, requiring new software and hardware solutions

Low

High

1980 1985 1990 1995 2000

Passwordguessing

Self-replicating code

Password cracking

Exploiting Known Vulnerabilities

Disabling audits Burglaries

Back Doors

Sweepers

Hijacking sessions

Sniffers

Network management diagnosis

Packet spoofing

GUI

Automated probes and scans

Denial of service www attacks

"Stealth" / advanced scanning techniques Distributed attack

tools

Cross-site scripting

Staged attack

Low

High

Internet availability of attack scripts

Intruder Sophistication

Attack Sophistication

Attack sophistication increases while intruder sophistication decreases

Source: Network Infrastructure Security (C) 2002 Gary McGraw

IBM Research


Notoriously Difficult Security Problems

Massive inflow of vulnerabilities Time to exploitation is shrinking Increasing sophistication of attacks vs. automation of malware

Poorly designed software Poor engineering, poor usability

Minimal outflow Well-known vulnerabilities do not get fixed, exploitation peek often after

release of patch

Growing complexity of (security) management Complex set-up and administration, many ways to do the same thing Never changed standard passwords and settings/profiles Helpdesk and other social attacks

OS, routers, application monocultures Write once, attack everywhere

Secure Internet protocols (IPSec, SSL, ..) do not

address these problems

IBM Research


Application owner sets the domain policy

Strong isolation on the platform protects the app component from

other apps

Virtual Trust Domain BVirtual Trust Domain A

Well-defined control points for inter-trust domain interactions

TPMs on all devices provide anchor for strong authentication

Virtualization Virtualization

Virtualization Virtualization Virtualization

AApp

AApp

AApp

Virtualization

AApp

BApp

BApp

BApp

Towards a More Secure Infrastructure

All comm. is authenticated and protected

IBM Research


Privacy Research Roadmap

Today’s focus: Assessment and

descriptions of practices

Enforcement and audit Building tools

The next steps: Cross-domain privacy

and identity management Design methods and

process design tools Privacy patterns and

tools for specific applications

The challenges: Privacy by default Predictable and measurable

trust and privacy Privacy in times of pervasive

sensors, virtually unlimited storage and computing power, and totally connected systems

New business models that favor privacy

IBM Privacy Research Institutewww.research.ibm.com/privacy

IBM Research


Internet: Act II

Pervasive connectivity: One trillion of connected devices by 2012

Grid computing evolving into “on demand computing”

IPv6 represents a major step in the Internet’s ability to scale and support new applications

Security and privacy are critical to the future of Internet

We are entering a new phase of Internet applications

IBM Research


Seeing Old Things in New Ways

IBM Research


Being lucky

IBM Research


MERCI

THANK YOU

IBM Research


New disruptive technologies, such as WiMax, may also offer potential threats to wireless operators’ voice and data revenues

Q1-2004 Q2-2004 Q3-2004 Q4-2004 Q1-2005 Q2-2005 Q3-2005 Q4-2005

Tech

no

log

y E

volu

tion

Pre 802.16

802.16a

802.16ePilot

Strateg

ic R

ation

aleP

rod

uct

Evo

lutio

n

Broadband DeploymentLaunch wireless broadband service to areas without broadband access

Triple PlayUse 802.16 standard technology to offer voice, video, and data in selected markets

Enhance customer retention Provide for revenue growth Bundle with other IP services

Compete with Cable Fully leverage the economics of 802.16

Test technology, service delivery, and project economics

Pilot

IBM Research


Example of Network Convergence

Converged applications over data networks VoIP - Growing rapidly in enterprises

• Cable companies offering VoIP service Delivery of entertainment (TV, video-on-demand, games, etc.)

2001 2002 2003 2004 2005 20060

20

40

60

80

100

120

140

Th

ou

sa

nd

s

Circuit Switched Voice MinutesIP Telephony Voice Minutes

Enterprise Circuit vs. IP Telephony Minutes

Relative Use of Voice and Data in Enterprise Private Exchange

Voice

Data

0%

20%

40%

60%

80%

100%

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

Per

cen

t o

f T

raff

ic

IBM Research


Business companies are increasing installing IP equipment with IP enablement but uncertainties remain on VoIP usage

At the start of 2004 largest companies were using VoIP• 25% to 30% of American companies

23% of Japanese companies• 15% to 20% in Europe where the UK then northern Europe are

leading the way

Drivers and inhibitors to VoIP’s deployment

Drivers Obstacles

Reduced on-net traffic charges Investments

Removal of a portion of phone access Security

Traffic sharing on a single network Difficulty of calculating ROI and TCO

Savings on human resources Reconfiguration of the internal network

Cost reductions when moving offices, extending services and changing sites

Increased productivity and mobility

IBM Research


VoIP systems are ideal for businesses that interface with customers by phone and need to improve customer service

VoIP enables applications that reside on the converged network VoIP makes a better alternative to more traditional customer service solutions as it supports:

wireless access high-performance teleworker solutions improved unified communications

In call centers VoIP is more effective than traditonal solutions It enables to add remote teleworkers seamlessly to staff calls Since the calls can be routed anywhere seamlessly, remote workers will have the same

information about the caller and account information. It can eliminate long distance charges, offering expert resources anywhere in their

network It allows the latest applications to be networked anywhere, providing more features

and added scalability The cost of call center applications will come down, making call center applications

(IVR, CTI and speech recognition) more affordable to smaller businesses and remote locations.

Key benefit of VoIP is the ability to manage and measure customer interactions through the use of sophisticated network-wide reporting and management tools and the ability to quickly make changes across the network to improve customer interactions.

IBM Research


What is SIP?Session Initiation Protocol A signaling protocol for setting up multimedia sessions

between endpoints

Fundamental shift from PSTN : infrastructure consists of software on standard servers

SIP designed in line with other Internet protocols by the IETF

Uses overlay control network consisting of SIP Proxies to route SIP messages : Media path (RTP/UDP) decoupled from signaling

name@domain addressing; message syntax similar to HTTP

SIP provides Session setup/modification/handoff/tear-down :

Voice/ Video over IP - Mobility control Presence & Instant Messaging : Signaling message

carries the IM as payload (SIMPLE) Publish/subscribe mechanism : SUBSCRIBE/

NOTIFY to events Supports calls to/from PSTN

Examples of SIP adoption VoIP : Vonage, CableVision,… IM : Lotus Sametime Push-to-talk : Sprint PCS, Verizon Wireless Collaboration software : Microsoft Live Office

SIP proxy

RTP/UDP packets

SIP proxy SIP

proxy

Router Router

200 OK

ACK

INVITE sip:[email protected]

sip.victormoore.com

SIPUser Agent

Client

SIPUser Agent

Server

BYE

200 OK

Media Stream

IBM Research


Major benefits of IPv6

Automatic configuration stateless, for manager-free networks stateful (DHCPv6), for managed networks help for site renumbering

Better aggregated routing tables than IPv4 Complete Mobile IP solution Global addressability allows IPSEC end to end.

mechanisms for secure firewall traversal will come Simplified header format with clean extensibility.

allows effective header compression Provision for a QOS flow label.

3.4 * 10^38 addresses!

IBM Research


Critical advantages of IPv6 for a services oriented architecture such as the ODOE or a Grid

Uniform global address space eliminates the problem of ambiguous “private” addresses and network address translation

Potential for massive scaling Avoid interworking units within a VO

Autoconfiguration and ample supply of addresses are a big plus for flexible infrastructure configuration

Grids and Web Services use transport and application level security, but IPv6 network level security is also an advantage

IBM Research


Security and Network Architecture Protection (NAP)

Security is a lot more than IPsec Transport level (TLS/SSL) and applications level (e.g. Web

Services Security) remain fundamental

NAP: By combining features of IPv6, such as using globally routeable addresses, unique local addresses, and privacy addresses appropriately, a network domain can be effectively protected against many forms of attack at least as effectively as by using IPv4 NAT, but without the operational disadvantages of NAT.

New IETF draft on this just published (IBM, Cisco, TTI Telecom) draft-vandevelde-v6ops-nap-00.txt

IBM Research


IPv6: IBM status

IBM intends to enable IPv6 on all significant platforms and middleware, in response to evolving market needs Released IPv6 stacks on our main operating systems Linux also has good IPv6 support Plans for all major middleware products in the next 2-3 years

Thus far NO application or middleware developer reports special difficulty in upgrading to support IPv6 as well as IPv4. "It's just work.“

IBM SWG is tackling this, largely in response to the DoD requirements - but it takes time, as every component has to be checked.

internet: act ii

Documents