Carl Malamud: Internet Talk Radio, flame of the Internet.
Malamud: This is Geek of the Week. We’re talking to Phil Karn, who’s a staff engineer at Qualcomm Inc. Welcome to Geek of the Week, Phil
Phil Karn: Thanks Carl.
Malamud: You’re perhaps best known in the Internet as the author of KA9Q. Why don’t you tell us what KA9Q is?
Karn: Okay well, first of all, KA9Q was actually my amateur radio call, my ham radio call sign. I’ve been a radio amateur since I was in high school. It’s uh, been some time now. But that name has gotten applied to a package of software I wrote primarily for amateur packet radio use. It does TCP/IP under DOS machines. However it has found quite a following beyond amateur radio. And a lot of are people running it who have nothing to do with amateur radio.
Malamud: So this is a public domain TCP/IP implementation?
Karn: Well, quasi public domain. It’s…
Malamud: Freely available.
Karn: Freely available, yes. I encourage for use by anyone in an academic setting or amateur radio setting. It’s kinda shareware in other environments, and anyone who wants to put it into a product should come talk to me. It’s been the basis of a number of commercial products such as the Telebit NetBlazer, the Rockwell CMC NetHopper, and the NEC Dr. BonD, are all based on licensed copies of KA9Q.
Malamud: So this is software you can just FTP down turn a PC into a router?
Karn: Yes. Yes. It’s more than just a router. The system is an executable file which you executes on DOS, and it acts as an IP router with multiple interfaces including amateur packet radio, which you know, reflects its origins. And it also has the standard Internet services and clients. There’s a telnet client, an FTP client, an FTP server, a mail server, and so forth.
Malamud: When we think of TCP/IP we think of Ethernet, we think of 300 or 1200 or 9600 BPS modems. We don’t necessarily think of amateur radio. How does TCP/IP work in that environment?
Karn: It works. Not fast by anybody’s standard. But it does work, and in fact some of the early experiments in running TCP/IP over amateur radio produced performance enhancements which later got fed back into the TCP spec.
Malamud: For example.
Karn: Well, for example there’s an algorithm that I invented about several years into the project which calls for filtering of round-trip times, based on whether or not a packet had been retransmitted. There’s this problem in TCP that if you retransmit a packet more than once— Or you send a packet more than once, otherwise you would retransmit it, and then an acknowledgment comes back, you don’t know whether the acknowledgment was for the first transmission of that packet, or for a later transmission of that packet. In other words you don’t know whether the packet was lost or whether the network was simply slow in responding. So you have to be careful in measuring such round-trip times and incorporate them into your estimate of the round-trip time, otherwise TCP will perform very badly. So I came up with an algorithm for dealing with that in the packet radio environment, where it was really a critical problem. And it has since gone back into the TCP spec.
Malamud: Now, your early work on packet radio has I guess come back to haunt you now that you’re working at Qualcomm. You’re working on wireless data communications?
Karn: Right. Now I get to do it for real.
Malamud: And what kind of work are you looking at now?
Karn: Okay. Qualcomm is a company— It’s been around since 1985, it’s grown very very rapidly, especially in the last few years. We’re now well over a thousand employees. We’re based in San Diego although have a presence and in Boulder, Colorado. And our primary activity, or Qualcomm’s field of activity is radio communication services, particularly spread-spectrum, commercial applications of spread spectrum. We have a service that we sell— It’s been extremely popular, it’s growing very fast. I like to say that it’s growing about as fast as the Internet, doubling about once every year—a little over a year. It’s a service called Omnitracs and it’s primarily—or it could be best described as satellite email for truckers. We just recently sold our 60,000th unit. The system consists of a satellite terminal, a Ku band satellite terminal that sits on a truck, and a hub in San Diego. And from San Diego at Qualcomm we have lines, VSAT links, telephone lines, packet links and so forth, back to various trucking company dispatchers so that they keep track of their trucks while they’re on the road.
So that’s Qualcomm’s primary source of revenue right now. And we’ve been feeding a lot of that money back into what we call the CDMA digital cellular project. CDMA is actually a generic term, it stands for Code-Division Multiple Access. It’s a form of spread spectrum where several transmitters can share the same frequency band at the same time in the same area by use of different spreading codes. So we have applied CDMA techniques to the development of a new digital cellular telephone system which we also call CDMA. And that was recently standardized within United States as second digital cellular telephone system.
My role in this project is primarily to bring up data services over CDMA. I’ve had TCP/IP running over CDMA for about the last year. And in fact it’s based on the KA9Q NOS software package, with necessary additions to support CDMA.
Malamud: What kind of bandwidth are we’re looking at here?
Karn: The CDMA channel was originally developed for a low-bitrate voice encoder, a variable-rate voice encoder, using a modified codebook inside a linear predictor, a SELP vocoder. The maximum rate is approximately 8,000 bits per second, in round numbers. Again that’s based on the characteristics of the vocoder; data was secondary. So, the throughput that you can get when you run TCP/IP over a CDMA channel, with all the protocol overheads and so forth taken out, is roughly 900 to 950 characters per second, depending on conditions.
Malamud: And how does this compare let’s say to RAM Mobile Data, or some of the other data services?
Karn: It’s quite a bit faster than RAM Mobile, but just looking raw speed is somewhat deceptive. What’s really important is what’s the reliability. If you drop half the packets, it doesn’t matter that it’s fast because TCP will always be you know, timing out and backing off and retransmitting—your overall throughput will be very poor.
The RAM Mobile system’s based on narrowband technology, that is the CDPD technology, the Cellular Digital Packet Data. And they don’t perform nearly as well in urban multipath environments as does CDMA.
So our system, the figure I give you for our system is something that just works. As long as I can keep a call up that’s what you get. The data just keeps flowing. It’s much harder to get a figure for RAM Mobile or for CDPD…well, because they’ve only been tested…uh…back up on this one.
RAM Mobile and CDPD have been based on narrowband technology, and they have not been heavily tested in dense urban environments, unlike our system which has been tested very extensively in San Diego.
Malamud: Are there differences in range, in number of cells you need, the amount of equipment you need in order to provide nationwide coverage?
Karn: There’s some of that. All these are terrestrial UHF systems, so they all basically are limited to line of sight within a terrestrial area—line of sight on near line of sight paths within a metropolitan area. So they’re all similar in that regard. CDMA is simply much better at dealing with multipath, which is signals reflecting off of buildings and combining at the receiver. In most radio systems, including existing analog cellular, CDPD, and RAM Mobile, multipath seriously degrades performance. However in CDMA, multipath a actually a help. It’s actually something we exported to improve the reliability of the signal path.
So, there has not yet been any widespread deployment CDPD so we don’t really know how well that will perform in the real world. RAM Mobile is out there. I don’t want to speak for them. I’ve only seen it demonstrated at Interop, and I’ve seen people using PSI’s mail services based on RAM Mobile but I don’t have any personal experience with it myself so I can’t speak for them.
Malamud: We’re looking at a variety of very large projects which are not terrestrial-based. Things like Motorola’s LEO system, low Earth orbiting satellites. How does that compare to the type of data services that you’re looking at?
Karn: Okay. I’m glad you mentioned low Earth orbiting satellites since Qualcomm has a low Earth orbiting satellite project of its own called Globalstar. The idea is somewhat similar on the face of it to Iridium, which is a network of low Earth orbiting satellites. However the differences are that in the Globalstar system the satellites are much simpler. They’re basically what are called bent pipes. In other words there’s really no active processing of the signal on-board, it simply repeats what it hears. The idea is that the satellite would simply act as a repeater between a user station and a relatively nearby ground station, which would actually be your gateway into the network. There would not be any cross-satellite linking, unlike Iridium.
So this would be exactly the same modulation method and services that this terrestrial CDMA system would support, except it would be on different frequency bands and be going through a satellite rather than directly to a base station.
Malamud: A complimentary area is the work for Mobile IP, in which people are looking at the ability to get in a car and move from one subnetwork to another subnetwork and still keep the applications alive, still keep your telnet session or your email or whatever it is that you’re doing. What’s the relationship between the work that you’re doing with radio-based data links and the Mobile IP efforts that’re on the way.
Karn: I am personally very interested in Mobile IP. It’s one the reasons I’m still involved in IETF, along with some of the security issues which also come up when doing networking over radio. Mobile IP I see as being crucial to the future of these data radio services.
In the beginning, these services are going to be fairly simple, just as cellular radio was in the beginning. But as time goes on people are going to demand the ability to pick up a laptop and move around with them from one environment to another, one media to another, and have transparent connectivity, the only difference being speed and cost.
Malamud: Do we have any indication how we’re gonna do that? I know we don’t have final answers but do we at least see the road?
Karn: Oh, yeah. Yes. I think so. I can’t speak for the Mobile IP group as a whole. I’m not the chairman or part of the management of that group. But I think the only problem with the Mobile IP group right now is coming down to a consensus on one approach. Everyone has an approach which looks pretty much the same. Everyone has pretty much the same philosophy. What we really need to do is just get agreement on one common approach. I think that was facilitated a few months ago by the decision to start with a very simple service, not trying to optimize it to the nth degree but to start with a simple service and then deploy that, making sure that we don’t preclude optimizations and new services or features that could be added later.
Malamud: What are some of the broad brush… What’s a broad brush characterization of how we’re going to do Mobile IP? I know we don’t know all the details but we know [crosstalk] at least some of the ideas.
Karn: Okay. The basic principle of Mobile IP is the following: because the Internet is a connectionless network, I could go anywhere in that network and send a packet to a fixed host and it would get there. That’s not a problem because the routers in the network don’t really look at the source address in my packed so I could be anywhere. The problem however is how does a fixed host in the network get packets back to me if I’m moving around. The Internet is based on a hierarchical routing model where the routers in the backbone do not have every single host in the network listed in those tables, that would be infeasible, they have networks and subnetworks listed in that table. So I need to have some mechanism that I can move around and have my packets follow me without having to go back and retrofit every router in the Internet core.
This is being done by overlaying another level of hierarchical, so to speak, on the existing Internet using specialized routers called home agents and foreign agents. A home agent would be a router that sits on my home network, in other words the same subnet for which my IP address has been assigned. And the home agent will be responsible for knowing the actual location of the mobile at any given time, and then tunneling packets addressed to that mobile station to what’s called a foreign agent on the network where the mobile actually happens to be at the moment.
So, packets from the mobile station to a fixed station can go directly with no special handling. But packets from fixed stations to mobile stations would have to go through this extra tunneling step before they can be routed to the mobile station.
Malamud: And how far away are we from the from seeing Mobile IP as an integral part of the Internet?
Karn: I can’t really speak to that, I can say that in my own area, if we’re going to provide a meaningful IP connectivity service within CDMA—and I believe we will, just as CDPD’s core service is IP by radio, I think it’s going to be essential to have this. So as these systems get deployed, as CDMA and CDPD and other systems like RAM mobile become more popular I think this is going to be— [Karn is interrupted by music]
Malamud: Phil Karn, as a member of the technical staff at Bellcore you were heavily involved in security, and now that you’re looking at wireless and radio-based solutions I would think that security is becoming increasingly important to you.
Karn: Yes. It’s critical. In fact I think it’s one of these enabling technologies. They would simply be things that people will not want to do over networks as easily intercepted as radio without some meaningful security. In fact I’m surprised at how much is done right now over cellular telephones over totally insecure channels. If people only knew how easy it was to intercept your telephone conversations, they would not talk about half as many things as they do now. But I think for a data network, it’s going to be actually crucial that we have some strong security.
Malamud: And so that would be the Clipper chip?
Karn: Absolutely not. That’s a whole subject in itself. I’m strongly opposed to Clipper or any notion of key escrow. I want—
Malamud: Could you describe briefly what it is about Clipper that you don’t like? What are they doing in Clipper that is so objectionable?
Karn: There are many reasons both practical and political as to why Clipper is a bad idea. I mean first of all, I don’t see any reason why I should be required to have my keys registered ahead of time and be told that I should simply trust the government that they will never violate my privacy without good cause. There’s ample of president over history to show that the government always abuses that kind of power. And I simply don’t think it’s appropriate in a free society.
But there are many practical problems also associated with the clipper chip. For example in my industry, in cellular telephony, low cost and high volume are the watchwords. And it’s simply not practical to take a device such as a hand-held cellular telephone and mandate that a sole-sourced hardware chip be put into this phone to do a function which could very easily be done in software with the spare cycles on the general-purpose processors already in that ship. So for all sorts of practical and philosophical reasons Clipper is simply a no-brainer. It is not going to get off the ground.
Malamud: Are there better ways of doing it?
Karn: Absolutely. In the real world, in the commercial world, we actually have plenty of usable techniques that we simply have to deploy. And if the government have not been standing in our way all along we would’ve deployed them by now. I’ve had some experience with this in watching the standards process within the digital cellular community and I saw the subtle pressures that the NSA exerted on the digital cellular industry to not put in meaningful privacy. If those pressures had not been there we probably would have it by now.
Malamud: So what would be meaningful privacy? What would be the techniques you would use?
Karn: Meaningful privacy in a digital cellular phone would mean end-to-end encryption or at least as end-to-end as you can make it. For a normal cellular user talking to an ordinary land telephone you would not be able to do true end-to-end encryption but you could at least protect the most vulnerable part of the link, which is the air link. That is the link between the cellular phone and the base station. The call over the landline portion would still of course be in the clear. That could be done right now using off-the-shelf technology. It’s simply not a problem. I would use some combination of RSA public key cryptography, Diffie-Hellman key exchange, and a good cipher implemented in the software, be it [indistinct] DES or multiple— [Karn is interrupted by music]
Malamud: RSA is a technology that’s widely acknowledged as being one of the strongest methods we have of securing our data and doing authentication and doing authentication and many of the other security aspects, but it’s taken a long time to get that out in the field. Do you have any ideas as to why we don’t have a kind of massive ubiquitous public key infrastructure in place?
Karn: Well we’re actually starting at one now, as much as the company that owns the RSA patent wouldn’t like to admit it’s, called PGP. That touches on what I personally think is the main reason why RSA has not become widespread. It’s because of the intellectual property issues. That combined with the fact that most people would rather bury their heads in sand about security or are not really willing to go out of the way to get it, I think those factors combined have resulted in RSA being not widely deployed.
Malamud: Well tell us about PGP. What is that?
Karn: PGP is Pretty Good Privacy. It’s a software package that was originally done by Phil Zimmerman in Boulder, Colorado as sort of a social statement. He wrote it as a freeware package and then gave it away, and it has since become very widespread all over the world.
Malamud: And is it based on RSA’s technology?
Karn: It’s a hybrid crypto system, which is what
Malamud: And PGP is being used.
Karn: PGP is being used worldwide. At the last count, the public key servers out on the net had over 2,000 keys registered, and it is growing daily.
Malamud: Are there intellectual property issues? Has this violated RSA right to their work?
Karn: I’m not a lawyer, I can’t comment on that. I can say that it’s been a controversial topic for several reasons. One is the intellectual property reasons. RSA claims that this violates their patents, however I can’t really talk to that because I’m not a lawyer.
The other issue is export controls. Our government still seem to think that only Americans know how to write C code from an algorithm description, which is of course blatantly idiotic. Nevertheless PGP has found its way out of the country. And as I understand it there’s currently a federal investigation in exactly how that happened.
Malamud: Are there ways that we can get that technology out of the current situation in which one company has it and there’s people out there with their own versions like PGP? I mean should should RSA patents be nationalized, for example?
Karn: Well… We’re getting into an area where I’m not really qualified to comment. I mean, I have my own personal opinions but they’re just that, just opinions.
Malamud: How important is the RSA public key technology to the Internet?
Karn: I think it’s vital. If we’re going to do meaningful security of any kind in a public context, some form of public key cryptography is absolutely essential. Not just RSA but Diffie-Hellman. Diffie-Hellman has not gotten as much attention as I think it should have because it’s an excellent way for distributing keys. For example in the secure IP arena, which I’m also working in, there’s really no practical way to distribute keys between arbitrary pairs of hosts other than through the use of public key cryptography.
Malamud: And why don’t we use Diffie-Hellman? Is that publicly available?
Karn: Diffie-Hellman is also protected by a patent, which is held by the same folks that hold the RSA patent, which is Public Key Partners in California.
Malamud: So there’s no way out.
Karn: There’s basically no way out when it comes to public key, that’s right. We have to deal with Public Key Partners.
Malamud: Now, with public key we’re looking at the ability to basically authenticate who is coming in—
Karn: That’s the complementary side to confidentiality. There are two aspect to cryptographic security. One is confidentiality, in other words keeping someone who’s watching my traffic from knowing what I’m saying. That’s one side. And then the flip side of that is authentication, proving to the person that I am talking to—intend to be talking to, that I am who I say I am. And they’re really complementary sides of the same thing.
Malamud: Are there other aspects to security? I can see authentication being very important at the service level. Someone’s telneting in or someone is sending mail. I can see the confidentiality being important at the data link or transport level. Are we also worried about security at the IP level, for example, spoofing an IP address?
Karn: Yes, yes. In fact that’s what the IP Security Working Group is working on right now. They’re focusing on a network layer security protocol that by definition would encrypt individual IP datagrams—encrypt and/or authenticate them, depending on how you have it configured. This would allow me to for example set up a security gateway at a typical company which has a firewall between their internal network and the outside world and allow their own people or any authorized user to puncture through that firewall and gain transparent connectivity to the inside subnet without having to reconfigure the firewall each time. And do it in such a way that other people would not be able to exploit that.
Malamud: So every single packet is authenticated?
Karn: Every single packet can be authenticated.
Malamud: Isn’t that rather inefficient?
Karn: Not necessarily. Again, there are hybrid crypto systems that can be used for authentication just as they’re used for confidentiality. The simple-minded thing would be to simply sign using RSA every packet that I send, but that would be infeasible. That’s simply too expensive in CPU type. So again what you would do is you would exchange…you would set up a shared secret between the two entities that wish to authenticate each other. And then they would use fast single-key schemes to actually sign each packet.
For example, let’s say I use Diffie-Hellman to establish a key shared by the two parties that wish to communicate. I would then use RSA to sign that key to make sure that the keys is authentic, has not been modified in flight. And then I could use MD5, the Message Digest algorithm, to actually sign individual packets, and that goes very very fast. MD5 can run at megabytes per second on most computers.
Malamud: Does this require us to change the IP implementation on every host and every router to accommodate this?
Karn: No. Another advantage of the IP-level security approach is that it is very modular. It can be implemented in an end system. An end system could insert an IP security header between IP and TCP, or UDP, whatever transfer protocol it’s using, but it doesn’t have to. It could also be done by an intermediate system acting on behalf of all the systems behind it. That intermediate system could encapsulate the packets sent by the end systems that are not security-aware. It could encapsulate them using one of the IP in IP encapsulation protocols and then protect that entire packet using the IP Security protocol, either by authenticating or encrypting it or both.
Malamud: So no matter what happens on the IP Next Generation controversy on whether it’s TUBA, or SIP, or one of those, is the work of the IP Security group going to be able to fit inside the next generation?
Karn: It certainly should. It’s just another protocol that can be inserted between the network layer and transport layer. And there’s no reason at all why it should not be directly application to the next generation of IP protocols. We may have to be careful about field widths for addresses; other than that there’s no reason why it shouldn’t translate directly to the next generation.
Malamud: So we’ve looked at that security at a variety of levels, down at the data link, at the IP level. Are there other places that security needs to be built into the Internet protocols?
Karn: Well, so far the level that’s gotten the most attention for security has been the application layer. We have SNMP security, we have FTP security, we have telnet security and so forth. And it was from watching all that activity that I decided that maybe it was time to look at doing security at the IP layer. Because we’re really trying to do the same thing all over again each of the applications. And since we only have one IP, at least at the moment we only have one IP, we could think of using a single security service to protect all applications rather than having to reinvent a separate security service for every new application we come up with.
Now there are still places where application-level security is the right thing. For example in electronic mail. Electronic mail passes over links other than SMTP TCP/IP paths. That’s why you still need things like Privacy-Enhanced Mail and PGP to provide true end-to-end protection of electronic mail. But for those services that’re running directly on top of the Internet protocols, I think the Internet security approach is a very workable way to go.
Malamud: They say security is only as good as the weakest link. And it seems to me that ultimately we end up with the user typing in a password. Um…
Karn: That’s one way of doing it.
Malamud: Are there other ways to protect this very very edge of the Internet? Because obviously what we’re authenticating here is not the user but the software program on his computer.
Karn: That’s right. That’s right. Traditionally we’ve use passwords. That’s only one of several things that could be done. You can base authenticating, which is what you’re really doing with a password, on something you know or something you have, or combinations of the two. Something you know, obviously a password falls in that category. Something you have might be a smart card, for example. And you might think of combinations of the two where the smart card doesn’t work until you type in something you know like a PIN. So there are combinations of the two. There are other schemes which are a little more exotic that have to do with what you are, other words retinal scans and so forth, but I don’t think they’re really ready for prime time.
Malamud: How far away are we from seeing things like smart cards being used to get us into systems?
Karn: Uh, interesting question. Smart cards seem to’ve become much more popular in places like Europe than they have in the United States. It’s simply not taken off in the United States. And there’s actually a rather interesting reason for that. It has to do with the cost of telecommunications. One of the biggest advantages of public key crypto systems like RSA is that much of the authentication can be done offline. You can prove to me that you are who you say you are without me having to go to some central server to find out because you could hand me signed certificates that I can easily verify with information I already have.
In the United States, however, for applications such as credit card verification, telephone calls are so cheap in the United States compared to Europe that they figure it’s easier just to go ahead and give the guy a cheap plastic card and have him call into a database every time he makes a purchase to verify him. In Europe, however, communications is much more expensive. So RSA-type smart cards, or smart cards in general, become much more popular as a way of cutting down telecommunications costs.
Malamud: Should we be raising telephone rates in the US to promote security?
Karn: No, I don’t think so. Of course another factor is the fact that RSA is patented only within the United States. So the Europeans are free to use it without paying the royalties. That may be a secondary factor.
Malamud: This sounds like an area that maybe we could use some government involvement.
Karn: Well… I could argue the government’s already too involved in security and I would wish they would just get out of our way and let us apply the techniques that we already know.
Malamud: Well thank you very much. We’ve been talking to Phil Karn [music starts] and this has been Geek of the Week.
Karn: Great. [indistinct due to music]
Malamud: This is Internet Talk Radio, flame of the Internet. You’ve been listening to Geek of the Week. You may copy this program to any medium and change the encoding, but may not alter the data or sell the contents. To purchase an audio cassette of this program, send mail to radio@ora.com.
Support for Geek of the Week comes from Sun Microsystems. Sun, The Network is the Computer. Support for Geek of the Week also comes from O’Reilly & Associates, publishers of the Global Network Navigator, your online hypertext magazine. For more information, send email to info@gnn.com. Network connectivity for the Internet Multicasting Service is provided by MFS DataNet and by UUNET Technologies.
Executive producer for Geek of the Week is Martin Lucas. Production Manager is James Roland. Rick Dunbar and Curtis Generous are the sysadmins. This is Carl Malamud for the Internet Multicasting Service, town crier to the global village.