Don't secure the internet, it needs crime: Diffie

Creating a completely secure internet is not a practical way to solve our security problems and having it as a medium for crime might actually be better for society.
Written by Michael Lee, Contributor

While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet crime may be necessary.

Diffie, who spoke at the Australian Information Security Association's National Conference 2012 in Sydney this week, is better known for his contribution to the cryptography community by devising with Martin Hellman and Ralph Merkle the Diffie-Hellman public key exchange method.

He said that the security problems we face today aren't necessarily due to the unsecure nature of the internet, drawing a parallel to its reliability.

"I'm inclined to think that society needs crime."

He pointed out that reliability on the internet wasn't created by designing it into its bottom layer, stating that if it were, the cost to implement such a network would be substantial. Instead, he said that today's Internet Protocol is a cheap, unreliable way of communicating, and that when reliability is required, other protocols are introduced as needed.

"If you need reliability, you run something like TCP ... and you concentrate reliability where you need it. There's an analogy here with security," he said.

"I am rather inclined to think that a [completely] secure network is not adequate to serve our needs, and that's one of the reasons we don't have one. We put our needs above some notion of security."

Furthermore, Diffie said that by looking at the broader socio-economic picture, creating a completely secure internet could be a mistake.

"I'm inclined to think that society needs crime," he said, explaining that in the event of a crime taking place offline, such as a home robbery, it creates jobs for police, judges, lawyers, insurance companies.

"There's thousands of dollars worth of business here, while the crook only got 50 bucks!" he said.

"Clearly, crime has a much larger constituency than society would like to admit. I am conjecturing, therefore, that the internet also needs crime."

Diffie said that the internet would be a nicer place if people didn't spread malware, but that the real world does, to an extent, mirror the online world.

Diffie's argument for an unsecure internet doesn't necessarily mean that security can't be provided. He pointed to the World War I era, during which radio transmissions were completely open — yet, through cryptography, it was possible to send private messages.

"[Cryptography] turns all problems into key management problems. The security or insecurity is amplified to be the security or insecurity of gigabytes of traffic."

He said that cryptography essentially frees whatever information you are trying to transmit from the medium that it is being sent via, whether that is a satellite, a phone line, or an unsecure network like the internet.

However, cryptographic methods require keys to decipher the information, and, as such, Diffie said that the problem isn't in securing the network; it's in securing whatever system the keys reside on.

"It turns all problems into key management problems. The security or insecurity is amplified to be the security or insecurity of gigabytes of traffic."

And when it comes to secure computing, Diffie said that it has been done poorly.

"It seems to me that we have made less progress in secure computing than we have in cryptography."

He pointed out that many times, various organisations, both private and governmental, have gone down the wrong paths.

"People often propose building a separate internet. They vet the users, and they defend the end points, and both of those have costs that are linear in the number of people using it. That's not scalable."

He also criticised attempts to keep computing environments secure by writing code in-house.

"You can't write all of your own software. The US Air Force tried that. It finally gave it up in the '60s. It had its own compiler and things like that. It cost billions and it just wasn't sustainable."

To solve the issue, he said that there are two approaches, one of which involves limiting and reporting to the network what software is installed on a machine, hence allowing others to refuse connections if the software is not trusted.

"It limits the kind of damage that can be done to you, but you have a basic hold [from software vendors] that you have very little control of."

The other approach goes in the opposite direction, by concealing at the edge of the unsecure network what's installed on the end point.

"A computer built from the ground up to serve the interests of its user," he said.

"It would be a computer, it would be running Linux or something, but all the outside world could see was that. They couldn't see what information it has."

Editorial standards