Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

Fixing the Internet

http://weblog.infoworld.com/securityadviser/archives/2008/05/fixing_the_inte.html


Long–time readers know that I often rant about how insecure the Internet is, and how few solutions will do anything to change that equation during the next 5 to 10 years. I've also recommended a handful of solutions over the years, and accepted the resulting criticism that goes along with proposing big ideas.

Privately, and not so privately in this column and other public forums, I've been proposing specific solutions to make the Internet significantly more secure during the next five years. If you know me personally, you would also know that other than my family, I think of nothing else but how to secure the Internet. I've been thinking about it since the early 1990s, every waking hour of every day. I think about it during my early morning workouts, in the shower, while stopped at stoplights, and while getting my haircut. It's no exaggeration, although it's more than a little embarrassing to admit that I spent my honeymoon thinking and writing about a possible solution. Thankfully, my lovely wife understands my quest. I truly think that, work-wise, I was put on this planet to make the Internet a more secure place to compute. Mentally, it defines who I think I am. If I fail to assist in this endeavor, in some measurable way, then I haven't met a major life goal.

Recently, two of my biggest ideas have independently ended up in other group's proposals and standards (neither group appears aware of my ideas). One was Microsoft's End-to-End Trust, announced a few weeks ago at the last RSA conference; and the other the recently announced Trusted Computing Group's IF-MAP standard. Although I've proposed very similar ideas, in this column and other online forums, only participating readers are aware of the early existence of my ideas (as compared to the newer initiatives).

It reinforced the notion that I'm not alone in my thinking, of course, and that many other individuals have the exact same ideas. What human good might happen if we shared and debated our ideas? In that spirit I've decided to release a formal whitepaper entitled Fixing the Internet: A Security Solution. It encompasses all my main ideas, including how to practically build on the ideas of End-to-End Trust and IF-MAP (which are both laudable solutions).

Here is a brief re-cap of the document: Any solution proposed to secure the Internet must be:
• Vendor Independent (Non-Proprietary)
• Using an Open and Transparent Process
• Voluntary Opt-In
• Performance Neutral
• With Least Service and End-User Interruption as Possible
• Driven by User and Vendor Self-Interests
As difficult and complex as this seems at first, it can be accomplished.

It will require two major Internet infrastructure changes. First, it will require a global, Internet security “dream team” to meet and solve the problems. There are many existing teams with brilliant members, but they are either not global in nature or do not focus on preventive, holistic Internet security defenses. This idea is perhaps the hardest to pull off, as neither individuals nor businesses want to commit to a many-month process for the common good if it does not have immediate, tangible benefits to their own competitive self-interests. Put another way, even I don’t have months to two years of my life to give up to the cause without someone footing the bill.

Second, it will require a new global Internet security infrastructure service to handle the dream team’s global initiatives. This idea is similar to an imagined cross between the global DNS infrastructure , a web services’ Universal Description Discovery and Integration, UDDI19 service, and the Trusted Computing Group’s new IF-MAP standard, applied globally. The new global Internet security infrastructure service should be DNS-like in that there would be fault-tolerant, distributed “root” servers dedicated to directing querying clients to the appropriate security service server(s). It would be UDDI-like in that each participating global, sub-root server would serve up IP addresses to the corresponding needed security services (and to advertise and publish such services). It would be IF-MAP-like in that the existing sub-root servers would allow participating members to report and respond in a global, holistic, multi-service manner.

If you are not familiar with IF-MAP, in a nutshell, the new Trusted Computing Group’s (www.trustedcomputingroup.org) IF-MAP standard allows participating devices to report security events and receive notifications from other security devices to be able to respond in a coordinated fashion.

For example, if a firewall notes an unauthorized outbound stream that it recognizes as a bot spam stream, the firewall can contact the IF-MAP service, which can then contact a policy server that contacts another service that shunts the offending device off the network. The Internet security service would be similar to IF-MAP in that it would allow the coordination (i.e. reporting, advertising, direction, and response) of multiple disparate services, but be global in scale. Currently, the IF-MAP standard focuses on coordination within a single control domain. The Internet security service would be available for global coordination and direction, and should be integrated with private IF-MAP devices. The global Internet security service would have to be resilient, fault-tolerant, and cryptographically sound.

Finally, the whitepaper suggests one possible solution under the previously laid out structure: The major underlying Internet security issue that is preventing a significant reduction in malicious behavior is the pervasiveness of default anonymity on the Internet. Because we can’t identify malicious hackers with a high degree of confidence we cannot identify or hold them accountable. Internet crime is high-yield and low risk. If the Internet’s model of default anonymity was replaced with default identity and integrity, the amount of maliciousness would significantly decrease.

I propose that every participating Internet component, hardware and software, be modified to provide increased identity and integrity assurance. Participating devices and users would provide improved levels of trust and be treated appropriately. All participating network traffic would be cryptographically tagged with a “trust level”, which could be evaluated and acted upon accordingly. Each participating security domain would be responsible for assuring the trust and labeling of its egress traffic and responsible for acting upon tagged ingress traffic (and be held accountable for its attestations).

That’s it. The whitepaper covers each of these issues, along with the motivations and explanations behind the ideas. I hope you’ll take the time to read it.

Not everyone will agree with what I have said, but I hope both sides, supporters and critics, will write back and participate. It’s easier to tear down a barn than it is to build one, but I know that there are several ways to make a barn, many styles of barns, and mine isn’t the only way. Even if I don’t have all the solutions, I want to provoke a dialog that starts a discussion about the real solutions to the Internet’s security problems. If you disagree with my ideas, I only ask that you propose your idea for fixing the Internet along with your criticism.