Collections not connections!
Pollere began to explore the potential in
moving beyond the connection-oriented transport sessions so prevalent in
the Internet starting with a 2018 NIST-funded project (70NANB18H186) to create network monitoring
for Named-Data Networking (NDN). The result of that project, Distributed Network Monitoring
Protocol (DNMP) was reported in a
at the ACM ICN 2019 conference, with
in addition to the NIST project report.
DNMP used NDN packets and the NDN Forwarding
Daemon (NFD) to move the packets but added a new synchronization protocol
syncps, a unique approach to securing DNMP messages using a trust schema
variant (VerSec), and introduced the notion of a bespoke transport that encompassed
transport protocol use of a custom trust schema that could be used by a trust management engine
in each bespoke transport.
Moving away from connection-oriented transport and its model of providing
data privacy by encrypting sessions to synchronized sets of independently secured publications provides an
opportunity to solve some of the harder problems in networking. In particular, internet of things provides a fertile ground.
IoT quite commonly uses an application protocol based on publish/subscribe
to topics rather than host-to-host sessions: MQTT (mqtt.org) and other
variants are widely deployed in IoT. Yet this pub/sub application model is built on
TCP/IP sessions and a central server or "broker" which maintains sessions
with all member devices. Extending
and generalizing lessons learned from DNMP, Pollere further developed VerSec and a library of bespoke
transport modules that provide signing, validation, certificate and key distribution,
and a pub/sub API. A
on this initial work toward generalization was published at ACM ICN 2021 and a code
with our on-going work was first made public.
Defined-trust Communications Framework
We noted the applicability
of our approach to the wider area of Operational Technologies (OT) networks
while working with Operant Networks.
This led us to move to a more robust and deployable network infrastructure than
the NDN research platform.
IPv6 Link Layer Multicast provides
exactly the network layer we needed and is used in Pollere's current work of a defined-trust
communications framework and its evolving codebase
DCT (Defined-trust Communications Toolkit).
The term defined-trust
is inspired by
LangSec's exhortation to "be definite in what you accept" for packet networks.
It also reflects that, in the defined-trust communications framework, all communications and communicator identities are defined
in a communications schema. The schema is used by each communicator as part of a
distributed trust management to secure publications. Use of set reconciliation over a collection of publications instead of a two-party session, or connection, makes for a broadcast media optimized
transport protocol well-suited to modern radio-based networks with efficient and robust use of media.
Detailed discussion and background can be found in the papers and github repository above. Talk slides (and some video) can be accessed from our
Defined-trust Transport for Limited Domains
While documenting the key concepts of defined-trust communications, we came across the important work defining and explaining Limited Domains:
and the paper Limited Domains Considered Useful.
The Limited Domain concept applies to "network behaviors and semantics that are specific to a particular set of requirements applied within a limited region of the Internet. Policies, default parameters, the options supported, the style of network management, and security requirements may vary between such limited regions." A particular Defined-trust Communications Limited Domain (or Trust Domain) is governed by a single trust anchor and communications schema (though only portions of the schema may be applied on some subnets or subdomains).
Pollere's brokerless zero-trust publish/subscribe defined-trust transport (DeftT) for Limited Domains is in preparation as an Independent Submission track IETF RFC:
current internet-draft with
DeftT operates on a Limited Domain that can span multiple subnets by using defined-trust's relay entities. A member of a Trust Domain needs only to be configured with its identity (as a certificate chain of trust) and the Domain's communications schema in order to join the Trust Domain securely. To learn about DeftT and the defined-trust communications framework, check out the links on this page or contact firstname.lastname@example.org.
For more information on Defined-trust Communications, contact email@example.com.