4 Big Plans to Fix Internet Security

by  Fahmida Y. Rashid, InfoWorld

The Internet is all-encompassing. Between mobile devices and work computers, we live our lives on it — but our online existence has been tragically compromised by inadequate security. Any determined hacker can eavesdrop on what we say, impersonate us, and perform all manner of malicious activities.

Was the Internet built badly? No, but it was designed for a utopian world where you can trust people. When the fledgling Internet was populated by academics and researchers communicating with trusted parties, it didn’t matter that trust relationships weren’t well-implemented or communications weren’t secure by default. Today it matters very much, to the point where data breaches, identity theft, and other compromises have reached crisis levels.Inadequate security is endemic to the Internet, and solving this problem will require effective trust and security mechanisms.

1. Get real about traffic routing

One proposed solution is the Internet Society-led Mutually Agreed Norms for Routing Security, a framework of recommendations based on industry best practices in which member network operators commit to deploying security controls to guarantee incorrect router information does not propagate through their networks.

2. Strengthen digital certificate auditing and monitoring

A second approach is to fortify digital certificate auditing and monitoring via initiatives such as Google’s Certificate Transparency project for publicly monitoring and auditing SSL certificates for legitimacy, and the Domain Name System (DNS)-based Authentication of Named Entities protocol.

3. Tackle the malware problem once and for all

A third proposal seeks effective malware countermeasures, and one project at the University of Tulsa offers independent testing and review of malware-infected websites and operates a Data Sharing Program in which companies contribute and receive real-time data on Web-based malware.

4. Reinvent the Internet

A fourth security strategy proposed by PayPal’s Doug Crockford is to completely reinvent the Internet via an open source initiative called Seif, which would redo transport protocols, redesign the user interface, and eliminate passwords. One element of Seif involves replacing DNS addressing with a cryptographic key and an Internet Protocol address, HTTP with secure JSON over TCP, and HTML with a JavaScript-based application delivery system based on Node.js and Qt. Seif also features a mutual authentication scheme based on a public-key cryptographic framework.

Where we go from here

Trashing everything and starting all over again is not going to happen, so the only option is to make the current Internet harder to attack, Webb says. Instead of trying to fix everything at once, there should be smaller fixes to make it harder to misuse specific portions.

“When your house is on fire and you are waiting for the fire truck to come put water on the house, you save what you can, not walk off to look for a new house,” Webb says.  Read the full article.