Trust in Anarchy?Problems in the Governance of Distributed Computing Systems

Ashwin J. Mathewashwin@ischool.berkeley.edu

School of InformationUC Berkeley

Hosts → DNS : Decentralization?

NSFNET NICHosts file

DNSRoot

YouTube Goes to Pakistan

~ 2 hours on 24th February 2008

BGP: Inter-Domain Routing

AT&TAS7132

CENICAS2152

UC BerkeleyAS25

YouTubeAS15169

I am YouTubeThese are my IP addresses

I am AT&TI can carry your traffic to YouTube

These are YouTube's IP addresses

I am CENICAT&T told me it can get to YouTubeI can carry your traffic to YouTube

through AT&TThese are YouTube's IP addresses

● Routing Claims

● Identity Claims

● Resource Claims

● No Warrants

● ~39,000 autonomous systems

● ~380,000 prefixes

Trust Models

A BRisk, Uncertainty

Problem

Solution:AssuranceStructure

Solution:Trust

Relation

A BRisk, Uncertainty

Trust

A BRisk, Uncertainty

AssuranceStructure ConfidenceConfidence

Trust in Networks

TrustRelations:Reputation

AssuranceStructure

TrustAnchor

GeneralizedTrust

NSFNET

From NSFNET to Internet

Tier 1

Tier 1

Tier 1

Tier 2 Tier 2

StubStub Stub

RouteArbiter

“... to establish and maintain databases and routing services which may be used by attached networks to obtain routing information ...

... will provide for an unbiased routing scheme which will be available (but not mandatory) for all attached networks.”

- 1993 NSF solicitation

Trust and Distrust: BCP38

Tier 1

Tier 1

Tier 1

Tier 2 Tier 2Tier 2

StubStub Stub

StubStub

Trusted Core

Filters

Network Topologies, Network Communities

Tier 1Tier 1

Tier 1

Tier 2 Tier 2 Tier 2

StubStub

Stub Stub Stub

APRICOTRIPE

NANOG

SANOG

AfNOG MENOG Social Organization

Technical/Commercial Organization

Tier 1

Securing BGP: Trustworthy Computing?

Tier 1

Tier 1

Tier 2 Tier 2

StubStub Stub

RPKITrust Anchor(s)

RPKI

Security and Governance

DNS

?Trust vs. Assurance Structures

Host Names

BGP