Autonomic Internet Identity and Reputation System
  
    University of Arizona Autonomic Computing Laboratory

Identity fraud is the enabler for almost all crime on the Internet.  Everything from spam, to phishing and identity theft, to phony websites and various other scams, relies on the perpetrator being able to use a false identity.  We need a simple, universal system, allowing anyone to verify the identity and assess the reputation of any domain on the Internet.  Such a system could put an end to much of the crime, and to the estimated $20B/year direct costs of spam.

Our long-range goal, however, is more than just stopping petty criminals.  We hope to have a major impact on more serious Internet crime, and reduce the threat of a massive attack on our cyber infrastructure.  If successful, our Registry will make spammer-supported botnets unprofitable.  Without these botnets, much of the petty crime on the Internet will disappear, in effect "draining the swamp", and leaving the more serious criminals exposed.  Without botnets, the most likely platform for massive and untraceable infrastructure attacks will be gone.

The system needs to be autonomic, or self-managing, due to the large number of participants, the variety and complexity of their authentication methods, the frequency of configuration changes, and the need for rapid response to an attack.  All of this will require a system with self-management beyond what is now used at even the largest ISPs.  Like Ebay, we can't rely on centralized staff to make individual judgments.  We must rely on an "honest majority" of participants to weed out the dishonest few.

The design of this system needs to carefully consider social factors and motivations of the various participants.  Many systems have failed due to narrow focus on the technology.  In an email system, for example, we must work around the fact that senders are not motivated to install special software, or to incur a substantial cost.  The cost of their failure to maintain security falls on someone else.

                            Typical Internet System Needing Trust between Unrelated Parties

   |--- Sender's Network ---|           |-- Recipient's Network -|
                                   /
   Author ==> MSA/Transmitter --> / --> Receiver/MDA ==> Recipient
                       /         /          /
                      /       Border       /
                     /                    /
                    /                    /
                    - - - REGISTRY - - -

We propose to build a system using existing protocols (TCP, DNS, SMTP, etc.).  This system will allow reputable domains to prove their identity and build a good reputation (the two components of trust).  Data to authenticate identity will be provided by domain owners via their DNS records.  Data to assess reputation will be provided by independent rating services.  Reliable rating services will be selected by users.

Unrelated parties, connecting through the Internet, will be able to establish trust with a simple query to a Registry of Internet Transmitters.  The Registry will be operated as a public service, with no favoritism toward any product, service, or methodology.  It will not depend on government regulations or new Internet standards, or be encumbered by a need to make ever-increasing profits.  We expect it to grow the way all open-source projects grow, by simply providing the best solution at the lowest possible cost.

Email is the biggest and most immediate beneficiary of our system, but the Registry should work for any application needing to establish domain-level trust in a TCP-based transaction across the Internet.  With email in mind, we have engineered the system so that almost all the cost of deployment will fall on Receiver domains, and very little on Transmitters.  The cost is small, however, and Receivers are motivated.

The requirements for a domain wanting to build trust in its name are simple.  All they have to do is publish a DNS record listing the IP addresses that they will assume responsibility for.  Then as long as they don't allow any abuse of those addresses (and as long as TCP and DNS remain secure) they can earn the trust of anyone using TCP to exchange email, view a website, or transact any other business with them.

There is no valid reason for any legitimate domain to oppose publication of this record.  It will not interfere with anything else they might be doing, and does not cause the "collateral damage" seen with some email authentication records.  For those who are merely lazy or uninformed, the Registry will have default records listing the IP range assigned by their Regional Registry to their network provider.

We look forward to the day when email recipeints can simply disconnect from any unknown or disreputable domain, and when website visitors will get an instant alert if the address of the webpage in their browser is not authorized by the domain they thought they were dealing with.  We know that reputation systems can make this happen.  Reputation is the one thing criminals can't buy.  We just need to get it organized.

home