SPECIAL NOTICE
A -- SN07-12 - Request for Information - Assurable Global Networking
- Notice Date
- 12/21/2006
- Notice Type
- Special Notice
- NAICS
- 541710
— Research and Development in the Physical, Engineering, and Life Sciences
- Contracting Office
- Other Defense Agencies, Defense Advanced Research Projects Agency, Contracts Management Office, 3701 North Fairfax Drive, Arlington, VA, 22203-1714, UNITED STATES
- ZIP Code
- 00000
- Solicitation Number
- Reference-Number-SN07-12
- Response Due
- 1/31/2007
- Archive Date
- 2/15/2007
- Description
- REQUEST FOR INFORMATION - Assurable Global Networking Defense Advanced Research Projects Agency's (DARPA) Strategic Technology Office (STO), is requesting information on research ideas and approaches that could provide the foundation for next-generation Assurable Global Networks (AGNs). The requested information is sought to determine whether or not recent "clean-slate" thinking about the Internet has generated concrete ideas that warrant specific project-oriented investment by DARPA. No funding has currently been allocated to this effort, which is viewed as long-term fundamental networking research. A Broad Agency Announcement and/or other solicitation may or may not result from the findings of this RFI. The DoD's Global Information Grid (GIG) includes a global network currently based on Internet technology. Considering the objectives of GIG architects provides some guidance as to the desired nature of an AGN. In the same way that it is unthinkable that commercial networks of the future could be as fragile and vulnerable as those of today, the future GIG must be assurable first and foremost. It is increasingly clear that current Internet technology is an inadequate foundation for an "assurable" network, if "information assurance" comprises concerns such as confidentiality, availability, integrity, and safety, which in turn depend on authentication and accountability. Root causes of vulnerability in today's networks arguably lie in the prioritized list of ARPANET design principles documented in Table 1 [based on D. Clark, "The Design Philosophy of the DARPA Internet Protocols". Proc SIGCOMM, Sept 1988]. As outlined in Table 1, the topmost concern was basic inter-connectivity and the least concern was accountability; this list of priorities resulted in an Internet with corresponding strengths and weaknesses. It is likely that quite a different design would have emerged if assurability had been the topmost priority, and if the full range of modern threats (insider threat, lifecycle threats, inconsistent configuration management, pervasive software flaws, human error, social engineering, node capture, etc.) had been anticipated. The prioritized list of design principles is interesting not only in its implications for information assurance, but also in terms of requirements that are not explicitly addressed. For instance, Internet designers clearly recognized the need to accommodate multiple networks and distributed management as driving design criteria. However, it has become clear that in practice network resources and access are also often partitioned as "Communities of Interest" (COIs) that do not necessarily correspond to geography or administrative domains. COIs are collaborative groups of users that must exchange information in pursuit of shared goals, interests, missions, or business processes. COIs often have special privacy concerns, multi-level security challenges, complex trust relationships, and ever-evolving coalition relationships. The best way to support such communities of interest is an open problem that may lead to radically different network designs, especially when information assurance is a topmost concern. A second unmentioned requirement concerns support for mobility. Present-day Internet infrastructure is largely static, yet mobility is intrinsic to modern society and to the mission of the DoD. From the AGN perspective it is important to note that not just endpoints but also the infrastructure are expected to be mobile. Therefore, mobility at multiple levels must be intrinsic to future network designs, and topology construction may well occur as the result of forces that differ notably from the underlying economic market of the Internet. Finally, the original design criteria concerning support for heterogeneous subnets (original priority #4) is worth re-emphasizing in the context of an Assurable Global Network. Protocol designers must consider the complexities that arise when trying to support users at the "tactical edge". End-to-end communication over wireless links and subnets must be intrinsically and securely supported by future network architectures or the goal of ubiquitous connectivity and computing will not be realized. DARPA Internet design principles (in priority order) Information Assurance Implications The Internet must support multiplexed utilization of existing interconnected networks. Interconnectivity and assurability are inherently at odds and must be balanced deliberately, but this topmost priority does not explicitly consider the tradeoff. Moreover, because legacy networks must be incorporated into the design, the required security mechanisms are driven by the limitations of the least capable legacy network. Internet communication must continue despite loss of networks or gateways. To speak of lost gateways and networks oversimplifies the nature of modern threats. Robustness must be redefined in terms of cyberattack as well as external physical attack or failure. Signals intelligence, infiltration, exfiltration, and malicious control are as important to consider as outright infrastructure loss. The Internet must support multiple types of communications service. Support for deploying multiple types of service without central administration is a key factor in the success of the Internet. Having said that, it may be that mission-specific assurable networks are not an appropriate arena for experimentation and innovation. It remains to be seen how a network architecture can support both innovation and security. On another note, the Internet implementation of this criterion arguably promoted lack of separation between user applications and network services, thus needlessly exposing essential services to easy attack by users. Separation of control and data may be essential to network assurability. The Internet architecture must accommodate a variety of networks. Cross-domain security solutions are particularly difficult to design. The Internet architecture must permit distributed management of its resources. Existing implementations of distributed management are largely based on assumptions of trust, leading to protocols such as BGP that allow single inept or malicious user or administrator to create widespread chaos. Protocol "bulkheads" do not exist to limit damage from errors or malicious users. Defensive systems are layered upon protocols at additional cost and complexity, instead of being jointly designed with those protocols. The combination of configuration complexity and human error is the largest source of vulnerability in many networks. The Internet architecture must be cost effective. To the extent that economic considerations may be a root cause of poor security, a criterion concerning the cost of network defense should perhaps have a higher priority. Having said that, cost and security can also be at odds. What is the architecture that properly balances security and economic concerns? The Internet architecture must permit host attachment with a low level of effort. An integrated design would ensure simplified and authenticated attachment, one desirable end-point of this program. It remains to be seen what minimum requirements must be imposed on end systems in order to deliver an AGN. The resources used in the internet architecture must be accountable. Authentication and accountability are central to the achievement of IA objectives comprising availability, integrity, confidentiality, and safety. Table 1: Prioritized design criteria of the original DARPA Internet What is the path forward? Promising network designs are emerging in response to new network use cases. For instance, the concept of mobile ad-hoc networking has recently stimulated thinking about highly challenged environments that must support COIs, coalitions and joint operations, intrinsic mobility, bandwidth constraints, heightened threat of eavesdropping, and a potential for node capture that underlines the impossibility of fully preventing node compromise. Thus MANETs represent an extremely challenging niche for information assurance and network design and represent a small-scale version of the objective AGN. If the history of disruptive technology is any guide, an effective MANET design might therefore substantially influence future networks. After all, MANETs do and will have inherently self-configuring protocols that account for mobility and reduce the threat of vulnerabilities based on misconfiguration. Assurable MANETs will likely be based on protocols that have a "Byzantine Generals" perspective on trust in contrast to present-day protocols that assume well-intentioned interlocutors. Finally, MANETs that support multiple COIs despite bandwidth constraints will have revisited the ideas about separation of control and data that are partly responsible for the complexity of red/black interfaces in today's GIG designs. Although MANETs represent one source of disruptive innovation for Internet design, a first-principles architectural rethinking has as at least as much promise and may yield results more rapidly than the diffusion of niche ideas. Therefore, to inform future work on Assurable Global Networks, DARPA/STO is soliciting position papers answering the following questions: 1. What should be the prioritized list of design criteria for a future Assurable Global Network that ultimately supports the DoD GIG? 2. What technology shortfall examples most clearly illustrate the need for a new architecture? 3. What concepts from the current Internet would need to evolve or change in order to support the proposed reprioritization? 4. What elements of the present-day Internet design can or should be retained in the future AGN? 5. To what extent does traditional "layering" impede progress toward the AGN? What might be the most appropriate abstractions and separations of concern in a future Internet? Consider both vertical layering and horizontal end-to-end considerations. Of particular interest are layerings that explicitly account for the relationship between network management, virtual private networks, and network control traffic. 6. There are many threats to information assurance other than network architecture, to include the inevitability of software bugs, the complexity of system configuration, the susceptibility of people to social engineering attacks, and the inevitability of human error. Are these orthogonal issues in information assurance or can network design help defend against these threats and if so how? 7. Are the needs of the DoD so different from users of the present Internet that a separate network architecture is needed, or can one architecture serve both needs? 8. What overall R&D roadmap (key milestones and general timeline) might lead to a deployable Assurable Global Network? Do not be unrealistically constrained by time, but consider rather what would be needed to achieve a fully featured result. 9. What cornerstone high-payoff project or experiment should be executed in the short term to best create a foundation for a future AGN? Note: this is the most important question in the list. Ideally the answer follows logically from answers to the previous 8 questions. Interested parties should submit their position paper and optional briefing by responding to this RFI as described in the instructions to follow. WORKSHOP A workshop will be held for selected RFI respondents in the vicinity of Arlington, VA on February 22, 2007. The workshop may include an overview of AGN requirements and challenges, invited presentations, submitter presentations, discussions, and Q&A. Respondents interested in attending should visit the registration website at http://csc-ballston.dmeid.org/darpa/registration/intro.asp?regCode=jQfxH8aC. In order to attend the workshop, attendees must be registered on the site by January 31, 2007 and have submitted an RFI response. Acceptance of registration will be conditional upon receipt and selection of an RFI submission as well as space limitations. Because of space limitations, participation may be restricted to a single representative of a given institution and/or a single co-author of a given position paper. All US Citizens are required to complete the attached US Citizenship Verification form in order to attend this workshop. Non-U.S. citizens may attend pending the completion of the Foreign National Information Request Form found on the registration site. Attendance at the workshop will be voluntary. Attendance is not required to propose to subsequent Broad Agency Announcements (if any) or research solicitations (if any) on this topic. DARPA will not provide cost reimbursement for workshop attendance. Respondents chosen to participate in the workshop may be invited to brief their RFI responses. Due to limited time, presenters may be selected based upon details of their RFI responses. Time limits on the presentation will be determined based on a variety of factors including the number of presenters and the time needed for other presentations and discussions. Respondents who wish to present must include a suitable 15-minute briefing along with their RFI response. INSTRUCTIONS TO RESPONDERS This announcement contains all information required to submit a position paper. No additional forms, kits, or other materials are needed. DARPA appreciates responses from all capable and qualified sources, including but not limited to universities, university affiliated research centers, federally-funded research centers, private or public companies, and Government research laboratories. DARPA also encourages responses from cross-institution teams of early-career Young Investigators, to be defined as untenured faculty having completed their PhD within the past 6 years. Position papers have the following formatting requirements: a) A one page cover sheet that identifies the title, organization(s), responder's technical and administrative points of contact - including names, addresses, phone and fax numbers, and email addresses of all co-authors; b) An executive summary with a one page limit summarizing the key ideas; c) A single overview briefing chart graphically depicting the key ideas; d) A technical response to the 10 questions posed above in question/answer format, with a 15 page limit in minimum 10 point font; e) An optional list of citations including URLs if available; f) An optional briefing if the submitter wishes to be considered to present at the workshop; g) The above should be submitted as MS Word, PDF, and/or MS PowerPoint documents. Respondents are encouraged to be as succinct as possible while at the same time providing actionable insight. Respondents must submit one original and two paper copies of the full response and one electronic copy of the full RFI response (in Microsoft Word, Adobe PDF, and/or Microsoft PowerPoint on a single CD ROM). Disks must be clearly labeled with RFI SN07-12, offeror organization, and points of contact. The full RFI response (original and designated number of hard and electronic copies) must be submitted to: DARPA/STO, Attn: Mr. J. Christopher Ramming, 3701 N. Fairfax Drive, Arlington, VA 22203-1714. Responses to this Request for Information (RFI) are due no later than 4:00pm, Local Time, Arlington, VA, on JANUARY 31, 2007. ANY INQUIRIES ON THIS REQUEST FOR INFORMATION AND/OR WORKSHOP MUST BE SUBMITTED TO AGN-rfi@darpa.mil with a copy to James.Ramming@darpa.mil. NO TELEPHONIC INQUIRIES WILL BE ACCEPTED. DARPA will host a web site in support of RFI SN07-12, Assurable Global Networking. The Web Site will contain information supplementary to this document such as Question & Answer lists in the event that clarifications are needed. The URL for the web site is The URL for the web site is http://www.darpa.mil/sto/solicit/AGN/index.htm. In the event of any discrepancies between material published on this web site and FedBizOps, FedBizOps takes precedence. DISCLAIMERS AND IMPORTANT NOTES This is an RFI issued solely for information and new program planning purposes and does not constitute a solicitation. No proprietary or classified information should be submitted. Respondents are advised that DARPA is under no obligation to acknowledge receipt of the information received, or provide feedback to respondents with respect to any information submitted under this Request for Information (RFI). All information submitted in response to the RFI will be considered public information and will be made available to workshop attendees and, in the event of a BAA or other solicitation, on a public web site as well. NO PROPRIETARY OR CLASSIFIED INFORMATION SHOULD BE INCLUDED IN THE RFI RESPONSE. All materials presented at the AGN RFI Workshop must be approved for public release in advance by the organization that funded the research. The DARPA Program Manager will screen the submissions for sensitive material. It is the presenters' responsibility to ensure the material has been approved for public release by the organization that funded the research. In accordance with FAR 15.201(e), responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI. Submissions may be reviewed by: the Government (DARPA and partners including but not limited to ARL and OSD-NII); Federally Funded R&D Centers (such as MITRE and MIT Lincoln Laboratories);and Systems Engineering and Technical Assistance (SETA) contractors (such as Schafer Corporation, Booz Allen Hamilton, Computer Sciences Corporation, and Linquest). A Microsoft Word version of this RFI is attached to this announcement.
- Record
- SN01201533-W 20061223/061221221221 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |