Curriculum Vitae of Hannu H. Kari/Visions of the future

(per 31.12.2005)

Future directions of networking

Internet is nowadays dramatically different that when it was originally designed just a few decades ago. Thanks to Moore's law, the performance of computers allows us to introduce new services, such as voice and video over Internet, that were unthinkable just a few years ago. Also, the business environment has changed from a world of monopolistic teleoperators to dynamically changing global business opportunities. Thus, we are living in a very dynamic world.

When looking at the future mega trends on the area of
computer networks, we can list the following six topics:
  • Convergence of the telecom and datacom networks. In the future, "all-IP" networks will carry all information, including voice and data. This is logical development as the rapid development of Internet-technology has exceeded the capacity of the traditional telecommunication networks with several orders of magnitude.
  • Heterogeneous technologies. Internet was originally designed to operate on top of various transmission technologies and this has been one of its success factors. Especially, the various wireless access network technologies have opened up the possibility to be connected with the net all the time and everywhere. This opens new opportunities to utilize Internet and its services.
  • Dynamicity of networks. Traditional networks have been very static in their nature. However, in modern systems, we must be capable of adjusting our networks and services on the dynamically changing environment, where changes are due to mobility of a user, reallocation of limited resources, failure of equipment, or any other possible reason.
  • Dependency on the networks. Modern society is more and more dependent on the continuous operation of the networks. Especially, due to the convergence, all services will be eventually carried over the same network. Additional reliability requirement comes due to the fact that more and more services are converted to digital form and the only way to deliver them is over the networks.
  • Security threats and privacy needs. The privacy issues of individuals and organizations are getting even more important, since modern computer networks enable criminal entities to violate our privacy. This includes also our rights to get correct information as well as protection against viruses and network criminals.
  • Data integrity. Integrity of information in Internet is a serious, although not so widely understood, problem. With modified or falsified information, it is possible to cause serious damage to the entire society.
    • In order to build a reliably working Internet for the future, we have to do some redesigning of the Internet architecture. Here, we can benefit from the experience of the most harsh environment, where Internet-protocols have been used: wireless military networks, where the enemy is all the time present and has the most hostile intentions. This environment has been my main research area for last five years. If the networks can be designed to operate in very dynamic and hostile environments, the same design principles can be ported to normal commercial networks, where the level of hostility and dynamicity may be much lower. Since there are also serious security threats in commercial Internet, we must accept some performance penalty that is caused by additional security enhancement in the form of increased computation and additional data in the IP packets. However, if we can reduce the future problems in Internet in this way, this is quite acceptable tradeoff, especially when looking for the rapid annual growth of Internet traffic.

    We must remember, that we can't solve all the problems just with technical enhancements, but we need to understand technology in relation with other aspects such as legal aspects as well as human and usability issues.

    The foundation of the future Internet is a reliably working network infrastructure that can carry legitimate packets over the network in all situations. This means that network must be capable of detecting per every packet whether it is valid or not. Traditional solutions, such as IPsec, do not work here, since we need to do the validation in every routing node in the network, not just at the final destination of the packet. Otherwise, the network infrastructure is vulnerable against various attacks, such as packet manipulation, DoS- and DDoS-attacks. Since my dissertation was on the fault tolerant computing and reliability analysis, I know well that network reliability can be increased, only up to the certain level, by improving the reliability of each node. After that, we need to extend fault tolerant design from hardware design to fault tolerant protocols and applications.

    One of the novel solutions for this problem is our Packet Level Authentication (PLA) -concept, that uses strong digital signatures to sign every packet at the sending node and with the public keys attached to the packet, any intermediate node can validate the integrity and timeliness of the packet. The original idea came on my research project ("007") in 2002. PLA was originally designed for securing communication and routing protocols in wireless military networks. In December 2005, National Technology Agency of Finland granted us 480 kEUR for a two-year research project to develop a prototype based on the initial proof-of-concept demonstrator of the PLA concept that was demonstrated at SFW2004 -workshop on April 2004. Together with Kaisa Nyberg (professor on cryptology) and Jorma Skyttä (professor at Signal Processing Laboratory) we can specify most suitable cryptographic algorithms for PLA that are possible to implement efficiently on HW. Hence, validation of digital signatures with the speed of 10 Gigabit/s Ethernet connections can be made with a single silicon chip. Thus, the solution is foreseen to be scalable for core network router speeds. This research project is a good example on the future trends of research, where it is necessary for experts in various areas to work together in order to solve research complex problems.

    Regardless of what the technology will finally be installed to protect the future Internet's infrastructure, its main tasks are clear. The network must have a scalable solution where good entities can exchange their packets, but problems that are caused by the malicious entities can be eliminated promptly. Since viruses and other malicious software may convert any benevolent computer into an attacking tool, we need to have a mechanism that allows us to exclude infected, compromized computers quickly from the network. This research can benefit much from my previous experience on incomplete trust in networks what several of my conference papers have discussed about. On this area, my first doctoral student, Catharina Candolin, defended her dissertation in December 2005.

    When the network is capable of carrying the packets in all situations, we can start building other services on top of it. With mobility management, we can be reachable all the time. With security solutions, we can maintain our desired level of privacy, even though some pieces of information will always leak to outsiders. Hence, mobility management and security protocols must be carefully designed in order to minimize potential leaks of confidential information.

    Applications and services must be built in a way that supports dynamicity. One of our applications in the strategic GIGA-research program of National Technology Agency of Finland points to future directions. In our Nomadic Applications -project, we are making a transition from device mobility (such as GSM phone changing its location) to session and service mobility, where an instance of a service (i.e., a program) can migrate from one computing environment to another and use dynamically various computing resources (such as user interface, network connection, processing power, and memory) optimally even though the pieces of that virtual computer can change at any time. In order to enable such visions, we need reliably working networks and trustworthy computers that can share dynamically and securely various computing tasks. In such a future scenario, we don't need to carry computers and all the information with us, but we can utilize more efficient computing resources that are currently available around us. Instead of restarting the service in the new computing device, we can keep our sessions running and we can continue from the same spot where we had left it in the previous system.

    Teaching and research

    I have always linked research projects and education tightly together. This allows future engineers to work with interesting topics and learn skills that are also valuable at the industry. Learning-by-doing is the best way to understand new things.

    Future

    A critical issue facing Finnish universities is the global competition. Our engineers are no longer competing only with people graduating from Oulu or Tampere, but increasingly with people from India and China. ICT business is nowadays global. Regardless of the origin of our engineering students, we need to teach skills that are useful not only today, but also years to come. Just by looking of the radical changes that have happened in the last ten years, Internet and mobile phones as good examples, we can only guess how different the world will be in 2015 or 2025, when our young students have their most productive time at the industry. When comparing with other countries, the financing and human resources in Finland are limited. Thus, we should look further ahead into the future in order to find new things that will bring us a competing edge against our global competitors. This can be done only by putting more efforts into research and by envisioning future possibilities and problems.