Securing the “Internet of tomorrow”
Johan Bester - Principal
David Abt - Team Leader
Eric Archer - Consultant
Vulnerabilities in the “Internet of today”
The origination of the Internet was compellingly straightforward: a way for multiple computers to communicate on a single network, inspired by academic and military research in the 1980s. The Internet of today has revolutionised society with a myriad of use-cases at a scale and complexity virtually unimaginable to the early pioneers.
The Internet’s ever-changing intricacy is inadequately supported by the underlying infrastructure and protocols developed for its original purpose as a file sharing network. Its current architecture is inherently vulnerable to cybercriminals who exploit its weaknesses in numerous ways:
- Gaining unauthorised access to data and compromising confidentiality;
- Manipulating data being transferred and compromising data integrity;
- Overloading servers and routers, which compromises the availability of data; or
- Mimicking IP addresses on the Internet, compromising the authenticity of our online communications
Figure 1: Cost of cybersecurity attacks
In 2017 alone, these vulnerabilities lead to an estimated $1.17 trillion of damages globally:
Internet security is a $58 billion business globally. However, current solutions treat the symptoms of Internet fragility rather than its root cause. Looking ahead, enhanced computing capabilities will be coupled with even more sophisticated Internet use-cases. More data is being shared, exponentially, online. Paradoxically, the Internet’s intrinsic vulnerability will be further strained by technological advancements, many of which require better security to protect real-time, mission-critical data.
Beyond security, the Internet’s current architecture has scalability and efficiency issues. The proliferation of connected devices is a case in point. Every connected device has an IP address, which was a 32-bit number under IPv4. However, the explosion of mobile Internet led to the near depletion of 32-bit IPv4 addresses, which resulted in the deployment of a 128-bit addressing scheme (IPv6). This proliferation of available addresses has introduced new problems. Network infrastructure that was not designed to handle routing tables of this size, nor route packets at the required speeds, will struggle to coping with the pace at which new mobile devices come online. With ever-increasing mobile connectivity in emerging markets, as well as the inevitable dawn of the “Internet of everything”, the Internet’s scalability and efficiency will be further impeded.
Figure 2: Securing the “future Internet” will compound an already complex problem
What will the “Internet of tomorrow” look like?
Truly securing and future-proofing the Internet will require a complete overhaul of its architecture. Currently, there is no blueprint to rebuild what is arguably one of humankind’s greatest achievements. However, promising technologies are being developed to this end.
In today’s comparatively simple destination-based routing, packet headers contain the source and destination, while the path between is optimised for distance and other “best path” aspects. However, not all routers are aware of the entire network topology and then route data to their closest immediate neighbour, which may not be the most efficient path. Even when routers have visibility of the entire network topology, next hop decisions are made in isolation.
Software Defined Networking (SDN) technology and the Internet Architecture Scalability, Control, and Isolation on Next-Generation Networks (SCION) herald significant progress in optimising routing by separating control and data planes. Separated and centralised control enables a master controller to analyse data across an entire network and make accurate and intelligent routing decisions. The computational demands on routers within the system are also reduced. These effects become more pronounced the further the control extends, beyond a single autonomous system into broader routers. Centralisation gains extend beyond efficiency to security through features such as path control and threat isolation. For example, governments could control how their communication is routed, and malicious agents could be flagged.
Knowledge-Defined Networking (KDN) takes this concept further with the creation of a knowledge plane. The knowledge plane relies on machine learning and cognitive techniques to operate the network. The two key advantages of this are automation (recognise-act) and recommendation (recognise-explain-suggest), which will support data networks’ operation, optimisation and trouble-shooting. For example, threats could be autonomously detected, with routing adjusted accordingly.
Current device security was developed as an add-on to core Internet security and requires constant surveillance. To secure the Internet of tomorrow, device security will need to be a fundamental building block of the new architecture – no mean feat, considering the proliferation of connected devices (>100 billion) as the Internet of Things becomes a reality. Research from MobilityFirst, a Future Internet Architecture (FIA) project, suggests that cryptographically secure, unique identifier keys be assigned to each device connecting to the Internet. A receiver of data could check that the key assigned to the sender’s device is correct and reject the data if the key is incorrect. The cryptographic security of the keys will ensure that online attackers cannot easily mimic other users.
In addition to securing devices, cryptography could be used to secure content sent via the Internet. Named Data Networking (NDN) architecture makes use of such security measures. Unique keys are assigned to content via signatures, enabling receivers to validate the origin and integrity of data. The data itself also needs to be encrypted so that only the intended receiver can access it, with the data packet comparing the unique identifier of the receiver with the signature on the data request.
The combination of secure named content and centralised control could embed the functionality that Content Delivery Networks (CDNs) fulfil today as a foundational layer of the future Internet. NDN offers a routing scheme where interest packets are sent out for named network objects rather than locating content at a defined network endpoint. This results in content being retrieved from the closest destination by default. NDN further suggests that caches be deployed within routers to allow content storage. If a specific piece of content, like a movie, is requested once, it can be stored on the local network and distributed for all future requests, rather than being retrieved from the original source each time. The idea is consistent with edge computing, processing data near its source, and will drastically decrease pressure on operator aggregation and backbone networks.
How will the “Internet of tomorrow” be realised?
The inventors of the Internet would have struggled to conceptualise the definition of the Internet as we know it today. Equally, an exact understanding of the Internet of tomorrow is not yet within our grasp. The first key challenge to transforming the Internet will be reaching consensus among network equipment vendors, operators and governing bodies on future Internet architecture and associated standards. This is similar to GSM for mobile devices. However, there are several barriers to the adoption of a new Internet architecture at consumer, application and network operator layers:
- Consumer - need to adopt the new architecture at a device level. This is unlikely to be a major barrier to adoption as users are used to firmware and software updates;
- Application - developers must update their applications to be compatible with new routing protocols. For example, all applications worldwide linked to TCP/IP protocol need to be updated accordingly, like location APIs;
- Network - new protocols will initially be deployed as an overlay on TCP/IP, but over time network operators will be required to invest in the rollout of routers and servers compatible with the Internet’s new architecture.
Figure 3: Global traffic by network type
However, key stakeholders such as operators, equipment vendors and Internet Service Providers may not need to lose sleep over how to secure the future Internet. The key to its securitisation may in fact lie with major public cloud operators (e.g. Amazon, Microsoft, Facebook, Google, Tencent, Alibaba) that have a vested interest in securing their services. The dominance of these companies, that operate large scale private CDNs, can clearly be seen when reviewing global IP traffic forecasts by network type.
In 2017, Cisco estimated that more than 56% of global traffic was transported over CDNs and expects this to grow to 72% by 2022. The centralisation of the Internet towards these companies and the need for interoperability with their platforms might mean that the “how” is likely already in development deep within their labs.
While the dawn of the “Internet of tomorrow” is somewhat uncertain in timing, it is inevitable as the scale, efficiency and security that we require online exceeds the Internet’s current capabilities. As with its conception, where the driving purpose was a need for multiple computers to communicate on a single network, it could potentially be a new, killer use-case or application that will be the tipping point for widespread Internet architecture transformation and mass adoption. The commercialisation and monetisation thereof will be covered in our next feature.
© 2019 Delta Partners.