Access control changes a must for future, safe Internet, Vint Cerf says

Access control changes a must for future, safe Internet, Vint Cerf says

Summary: Essay provides insights from "father of Internet" on future of Web.

SHARE:

Vint Cerf, one of the fathers of the Internet, is watching his baby evolve and he sees a bright future awash in a sea of data, devices and ubiquitous connectivity, but a darker side foreshadows wholesale changes needed in access controls and privacy hardened by hardware-reinforced security.

"We must cope with the fact that the Internet is not always a safe place," said Cerf, known for his development work in the early days of the Internet some 40 years ago. "Not everyone with access to the Internet has other users’ best interests at heart."

Cerf's view of the future, more observation than prediction, is contained in the latest issue of the Internet Protocol Journal.

In his 3,700-word essay, Cerf looks at the landscape of a future world where every imaginable appliance is “smart,” connected to the network, and location-aware. And he looks at how this future Internet might shape business, science, and education.

But he also calls out vulnerabilities inherent in software as an Achilles' Heel. The bugs that fuel today's sinister side of the Internet. "What might the future hold in terms of making the Internet a safer and more secure place in which to operate?" he asks.

"It is clear that simple usernames and passwords are inadequate to the task of protecting against unauthorized access and that multifactor and perhaps also biometric means are going to be needed to accomplish the desired effect," Cerf wrote.  

His essay comes at a time when the theft of user credentials from online sites, including service providers, retailers and game sites, is at an all-time high. Just last week, hackers made off with 1.8 million passwords from Canonical's Ubuntu Forums. The company gave Forum participants the all-too-familiar advice to change passwords on all the sites they visit.

"Purely software attempts to cope with confidentiality, privacy, access control, and the like will give way to hardware-reinforced security," Cerf said. "Digitally signed Basic Input/ Output System (BIOS), for example, is already a feature of some new chipsets. Some form of trusted computing platform will be needed as the future unfolds and as online and offline hazards proliferate."

Cerf said in today's Internet, enforcement of abuses that occur across international boarders  is complicated.

"Ultimately, we will have to reach some conclusions domestically and internationally as to which behaviors will be tolerated and which will not, and what the consequences of abusive behavior will be. We will continue to debate these problems well into the future."

He also said what's needed is a balancing of tensions between "law enforcement and the desire of citizens for privacy and freedom of action." He theorized a Cyber Fire Department to handle attacks and instances of malware out breaks, and that cause-and-origin investigations will have to determine if law enforcement needs to be involved.

And he said "new models of compensation and access control [to digital assets] will be needed in decades ahead."

It was not all warnings, however. He lauded the expansion of the Internet address space via IPv6, even while calling out its slow uptake. He said "sensor networks, Internet-enabled appliances, and increasing application of artificial intelligence will transform the Internet landscape in ways that seem impossible to imagine."

He talked about the OpenFlow concept, hierarchical and abstracting mechanisms for managing hundreds of billions of devices, a common sensory environment beyond human senses, changes in how education is paid for and delivered, preserving digital bits, and an information universe.

Cerf concluded that the future Internet will be immersed in information subject to analysis and management. 

"While we have new tools with which to think, it will be demanded of us that we use them to distinguish sound information from unsound, propaganda from truth, and wisdom from folly," he said.

Topics: Next Generation Networks, Security

About

John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion