MUST READ: Don’t let NSA paranoia destroy your productivity

Topic: Browser

Discover

Do we need a new internet? No, but we do need more researchers.

Summary: The New York Times ran an article on a new academic research project whose goal is to redesign the Internet from scratch. The most valuable product that will come from this effort is not new technology, but formally trained security researchers.

Adam O'Donnell

By Adam O'Donnell for Zero Day |

The New York Times ran an article on a new academic research project whose goal is to redesign the Internet from scratch. The most valuable product that will come from this effort is not new technology, but formally trained security researchers. This past weekend the old gray lady ran an article by John Markoff about how a group of universities received a large grant to draw up a brand new Internet from scratch. The motivation for the work is, as the group claims, that the internet in its current state cannot be secured, and a new internet needs to be drawn up to support security from the start.

Hogwash.

The internet isn't insecure because the fundamental architecture is broken. The internet is insecure because people are using the internet using poorly secured systems and are willing to run any program they come across regardless of its purpose. This problem can't be solved on a protocol level without regulating what applications can be run and who is allowed to connect to each other, which risks stifling new technologies like peer to peer.

The biggest value that will come from this project is the production of any universities' primary output: new engineers and researchers. By allowing students to spend a few years thinking about what could be possible in security when they start with no constraints, they may come up with an innovation that can be bolted onto a current technology. When they graduate, they can either bring their research to market or train new engineers and researchers, allowing everyone to gain value from their grant.

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

21 comments
Log in or register to join the discussion

  • good luck!

    We can't get a new authenticated email protocol or ipv6 adopted and we are talking about a 'new internet'.....
    Linux Geek
    Reply Vote

  • very well stated

    and much agree with your point of view.

    There could be things put together that we already
    know something about, like both-ends-verified email,
    which would refuse spammers a sending point.

    I think it's possible to imagine an encapsulating
    download service which verifies against malware on
    everything, as download.com claims to on its postings.

    And, what we haven't imagined, but which a
    cryptographically strong fresh look might...

    Regards,
    Narr vi
    Narr vi
    Reply Vote

  • We may not need a new internet - but we do need new email.

    We may not need a completely new internet - but we [b]do[/b] need a completely new email system. The current email system is broken beyond belief, and even the best filters just aren't cutting it anymore. I'm completely amazed that we still have almost no encryption or digital signing on our email system, and we're still using reactive filters instead of trying to stop spam at the source.

    It's insane, our current email system. Completely insane.
    CobraA1
    Reply Vote

    • email isn't "broken beyond belief"

      the only real problem with SMTP or "email" today is that the sender can be easily faked in too many different ways. Solve the "I am who I say I am" problem and you've essentially fixed email.

      OpenID, Yahoo, and others have similar solutions on the table, but in typical fashion, no one can agree on just one and move forward from there.
      caspianhiro
      Reply Vote

  • EV SSL

    We as consumers will finally be able to trust content we choose... If ev ssl implementation is as secure and successful as it claims to be.
    pcguy777
    Reply Vote

  • The top 5 companies could make it happen

    We may not need a new internet but we do need to find out why ISPs allow the bulk spammers to exist. They have the means to block them, they have the means to introduce an authentication system that will neutralise them, but they do not. Why? Is there some benefit to them that we do not understand.

    When 90% of the email bandwidth is taken up by spam someone must be benefiting other than the spammers otherwise it would be stopped. government legislation is not the answer but corporate action by the largest corporations and the large ISPs might be.

    We know that the security product vendors make money out of it. We know that the spam filter specialists make money. We also know that the large corporations all the way down to the personal home user pays.

    Isn't it time to make it stop! I am sure that if Wal-Mart Stores, Exxon Mobil, Royal Dutch Shell, BP, Toyota Motor, Microsoft and Cisco said "we will not accept any email unless it comes from an authenticated source from August 2009" then it would happen by August 2009. Make it happen guys!
    GreyTech
    Reply Vote

  • Garbage!

    The present Internet is loaded with insecure ways of
    doing things.

    Relying on average users to operate in secure fashion
    is the height of idiocy.

    We need an Internet where both ISP's and users are
    fully identified by number. So bad behavior can be
    tracked down and eliminated. Doing so will not
    eliminate anonymity, but it will make it possible with
    a court order to identify rogue users.

    Redoing the Internet will make it easy to eliminate
    Spam, Trojans, viruses, etc.
    shanedr
    Reply Vote

    • An impossible dream?

      I'm afraid that there is a conflict between providing the functionality (programmability)that we are used to and being able to forsee all the ways that a new implementation might be compromised. The original article supporting more research is valid and can provide security improvements.
      dpbaird
      Reply Vote

      • Very Possible

        That doesn't change the fact our present
        Internet was designed as a link between
        government departments, each other and
        universities. Security was not a concern back
        then, it most certainly is now and the entire
        basic structure needs to be re-thought and then
        re-done.
        shanedr
        Reply Vote

        • Spot on

          Right-on, shanedr. This highlights the fundamental flaw of the current Internet -- security's an afterthought, bolted on rather than designed in. This can be easily seen by the many layers and add-ons that would not even need to exist in a secure design: firewalls, s/MIME, VPNs, SSL, SSH, DNSsec...

          Not to get into a religious flame war, but this is like the difference between Windows, whose roots lie in a single-user, non-authenticated, unprotected system (DOS), and UNIX (e.g. Mac OS X, BSD) and OpenVMS, where the concept of multitple users and protecting the kernel and each user was designed in from the beginning. Windows users still see the artifacts of early architectural decisions (ever install a program that doesn't know how to save and protect separate settings for different users?) This is the way it is with the Internet -- it was designed for universities to openly share thoughts, not transmit billions of dollars between financial institutions.

          I only bring this up to highlight the fact that architectural design decisions in the early phase of development will have long term ramifications in how a system's used way down the road.

          Now, if your business is built up on building and maintaining these "kludges", the idea of a new, architected, and properly designed Internet should be an anathema. Whatever these researchers come up with will probably be disparaged, ripped apart, and broken up into kludges that will be tacked onto the current Internet. Or as Adam O'Donnell said in his post, "new engineers and researchers... may come up with an innovation that can be bolted onto a current technology".

          And we'll all continue to suffer from the poor foundation, with people nonsensically spouting off on how the only broken part of the Internet is SMTP.
          dclhacker
          Reply Vote

  • Author doesn't know crap about IT security

    There is no security program or programs that can make
    your PC secure.
    I can walk thru your fire wall and around your anti
    virus, set up a rootkit you can't find.
    THATS WHY IT IS NOT SECURE.

    GERALD ANTHRO
    wieczor8
    Reply Vote

    • OMG .... ROFL

      Quote: <i>"I can walk thru your fire wall and around your anti
      virus, set up a rootkit you can't find."</i>
      Sure you can .... hehehehe !!!!
      ROFLMFAO !!!!
      What a frigging SCRIPT KITTY !!!!!
      RealPauper
      Reply Vote

      • ROFL???

        The fact that wieczor8 can even imagine words like "firewall", "antivirus", and "rootkit" shows how broken the fundamental security architecture of the Internet is.

        You can laugh all the way to your grave, but he's absolutely right.
        dclhacker
        Reply Vote

  • RE: Do we need a new internet? No, but we do need more researchers.

    The underlying protocols that drive Internetwork communication are serioulsy flawed. They were written with one concern, and one concern only. Get the packet routed to its destination.

    Authetication, authorization, accountability, confidentiality, integrity, none of these were addressed, or at least considered during the development effort. Some may argue that communication protocols are not the place to define such high level schemes. Maybe they are right. However, the lower the level that one considers and accomodates such concepts and adds hooks or support for them, the more robust these concepts will be while making use of these protocols.

    We need a new Internet. How different it looks from, operates and itneroperates with, the existing mess is open to definition.

    Just my 2?, collect the whole dime!
    Mad Mark
    MadMark
    Reply Vote

    • Right, there are two, related, problems

      Bingo, MadMark.

      There are two problems here. One is that the core protocols (TCP, IP, and the cruft that support them, like BGP) are obsolete; the architecture was not complete in the first place and we're layering bandages over a weak foundation. That stuff is arcane, not obvious to end users, and crucial. IPv6 is a step in the wrong direction and should be abandoned.

      The second problem is in the upper layers, right up to the "wetware" that uses the net. It's true that nothing can protect against a determined user; you can get past a lot of security if you fool someone into installing something he shouldn't. But a lot of that can be controlled by smarter applications; Microsoft's mail and web apps are notorious virus vectors. A better low-layer foundation could certainly be useful if security becomes a more integrated function, but we also have to protect against users who click on attachments in spam. And we need new mail protocols that are less spam-friendly.
      fgoldstein
      Reply Vote

  • Whoever is thinking about a new internet needs to get a life.

    The internet works perfectly actually much better than a lot of our public transportation system. We are already wasting so much brain power on this dead horse. In fact people are trying to screw it up with more regulation when it is one of the only things that works well on this floating pile of rock called Earth. Get these scientists to work on trains. Vacuum frictionless trains. If I could think of it as a child then shame on you people for being DENSE.
    worldnick
    Reply Vote

    • You are only seeing the surface

      Nick, you do not know what is going on behind the scenes to keep up the illusion that the Internet works well. The fundamental flaws have been covered by Moore's Law, but they are getting ahead of it (router table explosion, for instance). Do not assume that just because it looks okay on the surface, that it is strong underneath. The Internet today is like the real estate market of 2006.
      fgoldstein
      Reply Vote

  • Current internet e-mail is fast on its way to the grave

    E-mail as we know it is almost dead. Soon a crisis will put the last nail in its coffin.

    When a better solution reaches the adoption tipping point, we'll be surprised at how fast the business world abandons SMTP and converts.

    It will be like IM in many ways -- authenticated senders, secure, multimedia. The only people still using the old system will be kids and other casual personal users.

    Reality check: The new e-mail will not be free, but it will eliminate spam.
    denisdubois
    Reply Vote

  • We already have Internet2 and the Darknet..

    so it's not like we need another one. Sounds like someone just
    got lucky writing grants to me.

    The only protocol that could really use an overhaul is email. I've
    thought of a couple ways that it could be spamless but they
    would require updates both to server and client apps. Older
    versions would have to be left behind.

    Otherwise, the current internet is plenty secure.. it's mainly just
    Microsoft products that aren't.
    Htalk
    Reply Vote

  • RE: Do we need a new internet? No, but we do need more researchers.

    Just an aside. The reason for a new internet is to make it able to support the vast amount of people, information and the way it is put together. If this is not addressed and made more standardized we will reach a point where the backups and the delays as well as security and viruses and all that go with them will reach a point that we are already seeing and will eventually cripple the current infrastructure. .
    Here is a further more professional answer from Technology Review an important source for information based on scientific observation.

    "Simply put, the Internet has no inherent security architecture -- nothing to stop viruses or spam or anything else. Protections like firewalls and anti-spam software are ad-dons, security patches in a digital arms race.

    The President's Information Technology Advisory Committee, a group stocked with a who's who of info-tech CEOs and academic researchers, says the situation is bad and getting worse. "Today, the threat clearly is growing," the council wrote in a report issued in early 2005. "Most indicators and studies of the frequency, impact, scope, and cost of cyber security incidents -- among both organizations and individuals -- point to continuously increasing levels and varieties of attacks."

    And we haven't even seen a real act of cyber terror, the "digital Pearl Harbor" memorably predicted by former White House counter terrorism czar Richard Clarke in 2000 (see "A Tangle of Wires"). Consider the nation's electrical grid: it relies on continuous network-based communications between power plants and grid managers to maintain a balance between production and demand. A well-placed attack could trigger a costly blackout that would cripple part of the country.

    The conclusion of the advisory council's report could not have been starker: "The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects."

    here is the link. Please note that there is a follow up article indicated at the end of the first article and it is even more exacting in it's answers.
    Hope this help[s clear up the doubts you may have as to what the real story is and what it means to you and me.

    http://www.technologyreview.com/InfoTech/wtr_16051,258,p1.html
    bkrsrb
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close