Security Research Directions for the Next Generation Internet Russ Mundy, Principal Networking Scientist mundy@tis.com 301-854-5707 Sandra Murphy, Senior Computer Scientist sandy@tis.com 301-854-5703 Trusted Information Systems 3060 Washington Road Glenwood, MD 21738 voice: 301-854-6889 fax: 301-854-5363 http://www.tis.com The Next Generation Internet (NGI) is intended to enable a new generation of powerful applications. These new applications can be characterized as being collaborative and highly distributed and as having strong performance demands. These characteristics make ensuring secure operation of the NGI a challenging problem which one might be tempted to reserve for later consideration. However, if we learn from the experience of the past few years of retrofitting security into existing Internet protocols, then we will recognize that it is imperative to incorporate security solutions as the NGI is being designed and built -- now, not later. The security requirements and policies for the NGI will expand on the work done for the existing Internet. The requirements for security in the NGI should be carefully considered as the NGI testbeds are designed and implemented. New methods are needed for the specification, enforcement, and sharing of policies and requirements that meet the needs of the NGI. Current efforts to improve the security of the Internet have concentrated on requirements for protecting the privacy, authentication and integrity of information transmitted. The NGI will require these security services with increased urgency as more sensitive information like health care information is communicated by the new applications. In addition, the development of collaborative activities between administratively diverse members will make authorization, previously subsumed in authentication, an important requirement. The development of quality of service in transmission is likely to introduce accountability for use, further increasing the need for authorization of use. Authorization structures, mechanisms, policies, etc. will be an important research area. Dynamism has clearly become an important focus in the Internet and it is certain to be as important in the NGI. We presently see applications like Java applets providing new capabilities dynamically. Research has begun on active networks which deploy new features as rapidly as a packet can traverse the network. The demands from this sort of dynamism on security solutions will continue to increase as the power of applications and performance speeds increase. In addition, security requirements themselves can change as the relationships between network entities become dynamic - from low level changes such as the network identity and location changes caused by severing and establishing ties to a service provider, to more visible changes as new business partnerships and collaborations between researchers modify the requirements for access or protection of information. Current security solutions are unfriendly to this amount of dynamism; they work best in a more static environment. Research is needed in new security solutions that enable, rather than hamper, the dynamism needed in the NGI. The security solutions for the Internet have been developed for a number of independent applications and protocols. The lack of integration of security across protocol levels and between applications has led to a situation where mechanisms in one protocol providing a low level of assurance can undermine the mechanisms in another protocol designed to provide a higher level of assurance. In the NGI, security solutions in different applications and protocols must facilitate, not hinder the overall security of the NGI. Research in mechanisms to integrate security mechanisms within a host or network are sorely needed. Several technologies important to NGI applications have their own specific security issues. For example, multicast is crucial to collaborative and distributed applications but has its own security concerns. Many different research efforts are underway to provide security in multicast but no general solution has been found. Security models differ among the proposed solutions - whether the need is to protect the multicast data, to protect the ability to form and join multicast groups or both. As multicast groups themselves are decentralized, non-hierarchical and dynamic, the security solutions for protection of the multicast data and the group operations may be most effective if they also are decentralized and non-hierarchical. Research and experience is needed in effective security solutions for multicast communications. Firewalls are another important security technology with specific security issues. The motivating factors behind the use of firewalls to protect enclaves - protecting sensitive internal resources from external threats, minimizing the number of entry points, etc. - will not change as we move to the next generation of applications in the NGI. In networks operating at speeds 100 to 1000 times faster than today's, the performance demands on firewall protection will be daunting. If enclaves are to securely participate in the new generation applications without egregious impact on real-time services or quality-of-service, research is required into new enclave protection technologies. Complex networks require remote network management tools, but the ability to manage a network remotely requires increased protection of the management of network devices and behavior. While protocols like SNMP have proven themselves capable tools, there has been little or no security in standards based network management. Non-hierarchical relationships among organizations in collaborative efforts are not wholly supported by the existing protocols. Flexible authorization structures are needed in the network management protocols. Security management and network management must be integrated to provide system wide security. Security in network management should be a research area in the NGI. Trusted Information Systems, Inc. (TIS) is dedicated to advancing the state of the art in computer and network security. TIS supports commercial and government clients in identifying security requirements of major networked systems and in establishing security policies, architectures and mechanisms to support those requirements. TIS is also internationally renowned for research in information systems security. TIS is performing research in areas such as flexible access control mechanisms for UNIX operating systems, secured CORBA mechanisms for distributed client/server interactions, and cryptographic enhancements to Internet infrastructure protocols. We have introduced new security solution technologies, like the TIS Internet Firewall Toolkit and RecoverKey technology. Integration of security solutions is a focus of many of our research efforts. Other research efforts address security protection for dynamic applications, such as Java applications and dynamic infrastructure. We expect to do research in security for active networks and in agile security solutions. TIS is eager to participate in providing security solutions for the Next Generation Internet.