The Internet has become an indispensable infrastructure for our economy, society, and government. However, despite its critical importance, today's Internet is extremely fragile and suffers from frequent attacks. One of the main reasons for the security vulnerabilities of today's Internet is that the Internet protocols and architecture were designed for a trustworthy environment. This assumption is clearly no longer valid in today's Internet, connecting millions of people, computers, and corporations distributed throughout the world. Many researchers have studied how to secure the Internet, mostly by proposing patches to address current vulnerabilities. However, partial solutions and ad hoc mechanisms often do not address the root cause of the problems, and hence will not be able to eradicate the current problems and prevent them from manifesting in different forms in the future. Moreover, security patches and ad hoc security solutions increase network complexity, which in turn increases vulnerability. Thus, we need a radical new design for a next-generation Internet, which is designed ground-up from sound principles.
Intellectual Merit: The principal investigators (PIs) plan a series of efforts to engage the community in systematically exploring this important question of how to provide the next-generation Internet with a set of fundamental security design principles and mechanisms that will provide the next generation Internet with provable security guarantees. One part of the planning effort is one or more workshops. Starting from a clean-slate approach, participants in the workshops will investigate the fundamental issues in designing a secure next generation Internet, which not only removes many of the current security problems but also provides provable security guarantees against unforeseen future attacks. The deployment of a next-generation secure Internet will likely start out as a research test bed. Such an infrastructure will attract applications requiring high-assurance, resulting in a transition of hosts to the secure Internet. The success of such a test bed critically depends on the collaboration of researchers in networking, architecture, and security. A distributed effort with many small projects is unlikely to have the same impact as a coordinated collaborative research effort. This planning effort will provide coordination of research efforts and establishing community consensus for promising research directions.
Broader Impacts. This effort will involve the networking and security communities to establish a consensus on what security properties to provide in the network, and to establish promising research directions for designing a secure next-generation secure Internet. Included in this effort is a workshop with 30-40 networking and security experts from industry and academia to further explore and define a research direction for the next-generation secure Internet. The PIs will produce a report to communicate the results from this planning activity to the broader research community. Through a series of meetings, organized discussions, presentations, this effort will build a roadmap and help the community to reach consensus on what the important research directions are and how the different research efforts work together to achieve the desired goal of designing and implementing a testbed of an architecture for a next-generation secure Internet.
