This is my promised column on data security and the Internet of Things (IoT). The recent Dyn DDoS attack showed the IoT is going to be a huge problem as networked devices like webcams are turned into zombie hoards. Fortunately I think I may have a solution to the problem. Really.
I’m an idiot today, but back in the early 1990’s I ran a startup that built one of the Internet’s earliest Content Distribution Networks (CDN), only we didn’t call it that because the term had not yet been invented. Unlike the CDNs of today, ours wasn’t about video, it was about the daily electronic delivery of PDF editions of newspapers and magazines. Canon told us that if the New York Times, say, would make a PDF version of its daily paper, the Japanese company would give an ink jet printer to every electronic subscriber, making their money solely on replacement ink cartridge sales. Communication would be between the CDN and printer with no PC involved. It was effectively an Internet of Things, circa 1994. Obviously, we failed, but learned a lot along the way.
Our network was called Pronto and had a few features so far ahead of their time that they still aren’t generally available in other products. It was my idea and general architecture but the actual network was designed by Paul Tyma before he built his own products that include Dash-O and Dotfuscator at PreEmptive Systems, a total redesign of Gmail for Google, Home-Account (my mortgage startup from 2008 — great timing with that one), Mailinator, Refresh, and most recently whatever they are doing at Lendingtree, where Paul is now the CTO.
Pronto was designed as a global delivery system using massive numbers of simple networked devices that worked together to deliver the newspaper no matter what. To Pronto nuclear war would have been a minor inconvenience.
Does this sound to you like a bot-net? That’s exactly what it was only we never thought of Pronto being used for evil. In fact I can argue pretty strongly that we designed evil out of it completely.
What made Pronto unique for the time was that it made only the most primitive use of Internet infrastructure, replacing services like DNS, for example, with something similar but different and unique to Pronto The system had publishers and clients but everything in-between was a peer-to-peer network where identities didn’t matter so much as proximities and loads determined by ping times using a bastardized multicast protocol. We didn’t even use IP addresses in the sense that Vint Cerf would have recognized them. If we could use today’s vocabulary to describe what we built 22 years ago, it was a Software Defined Network (SDN).
Part of the technical inspiration for Pronto came from a conversation I had with Roger Boisvert, a Canadian who was also a pioneering ISP in Japan. Roger ran Global OnLine (GOL), an early broadband ISP in Tokyo that specialized in English Language support. GOL supplied our test network in Japan.
NTT, Japan’s largest telco and ISP, was an investor in Pronto, but they couldn’t provide infrastructure for less than $75,000 per month, they said, because of regulations. Roger hosted us for free.
One day over lunch Roger explained his novel method of containing half a dozen Yokohama customers who used vastly (often 100X) more data than the average GOL member: he put each in his own bandwidth-constrained Virtual Private Network but never told them. Each of these customers got all the data they were paying for and no more. I thought it was brilliant so I simply applied the principle globally to Pronto! which became a VPN the size of the Earth.
We could do the same thing today with the Internet of Things. There is no reason at all why the IoT has to share address space with IPV4 or V6. The point is networking these things together, not networking them to mess with CNN or Facebook. As an SDN the IoT could use a radically different addressing scheme along with packets unrecognizable to most NICs and all built to overlay the regular Internet using the same fiber and routers. The bits would still flow through the same network, but it wouldn’t be evident what they were for until they reached their final destination, which would be a relatively rare gateway between the two networks.
Key here is the idea that the IoT has to be dirt cheap so that means microcoding the network in a way that’s super-cheap to build in volume but inevitably super-expensive to change (or co-opt). I’m not saying it would be impossible to turn a Pronto-ized IoT into a malicious bot-net, but I am saying it would be a lot easier to find your bots somewhere else.
Normally we’d say “the bad news in this is that everything currently in use for IoT has to be thrown away” but given the dire possibilities for data security of current IoT hardware the scenario shifts into an OPPORTUNITY to replace all six billion IoT nodes operating today, because doing so saves the future. And what hardware industry doesn’t want an opportunity to be paid again to replace 100 percent of its already large installed base?
Thank you, sir. May I build you another?