Topic: Security, Transparency and High Bandwidth Networks

Findings:

High bandwidth networks (10 gigabit per second now, 100 Gbps soon, 1000 Gbps within the 5-15 year time horizon of this work) pose unique security challenges. For instance, at 10 Gbps and above, network security devices such as firewalls have trouble simply keeping up.

Such an observation might spur multiple potential responses, including:

1. "We need a research program to help develop security devices which can deliver at least reduced functionality even at extreme wire speeds"

2. "We need research into alternative innovative network architectures, seeking alternatives which do not rely on a concentration of network traffic on a relatively small number of ever-faster network interconnections" or

3. "We need a security strategy which recognizes the critical need to continue to enhance the scalability and performance of our networks, while striving to preserve their simplicity and end-to-end transparency."

Of those options, we believe option three is most promising, and should guide federal networking deployment in the 5-15 year horizon.

By consciously avoiding complexity in the network:

• we minimize the likelihood that we will introduce performance-limiting and difficult-to-surmount roadblocks to the continued growth in network throughput

• we reduce the likelihood that we may inadvertently introduce low-speed choke points vulnerable to distributed denial of service (DDoS) traffic-flooding attacks

• we simplify identification and resolution of network issues which may arise from time-to-time

• we allow users to develop and field innovative applications without concern that opaque defensive security measures may complicate or out-and-out preclude those efforts

• we reduce the cost of deploying new networks, allowing faster networks with larger footprints to be deployed earlier than would otherwise be possible

Recommendations and Implications for Research Directions:

Given the vision of a high speed, end-to-end transparent network, this has implications for some potential research directions. For example, given an end-to-end transparent network:

• Research on perimeter-based network security solutions should be de-emphasized

• Bandwidth abundance reduces the need for quality of service (QoS) based protection schemes meant to guard against potential distributed denial of service attacks