Is building a more secure internet possible?

Every day we have constant reminders that we are under siege from security meltdowns

Our dangerous reliance on the 40-Year-Old internet infrastructure

Heartbleed, Ransomware and Shellshock are reminders that we face an uphill security battle. The protocols that underpin the modern Internet are now entering their fifth decade. In the 1970s, the Internet’s basic architecture was designed for performance; security was not yet a concern. From that time forward, programmers were tasked with incorporating security on their own into every line of code they wrote. One small mistake allows a hacker to get in. Threats like Heartbleed, Ransomware and Shellshock are constant reminders that we are under siege from security meltdowns that in the past few years have exploded in frequency and scope, often resulting from such hard-to-discover programming errors.

Working towards a solution?

Five years ago the U.S. government established the Defense Advanced Research Projects Agency (DARPA) to explore what the internet might look like if we could rebuild it from the ground up, with focus on improving security.

The program, called Clean Slate, designed to make machines more aware of their environment, included two components:

  • “Crash–short for Clean-Slate Design of Resilient, Adaptive, Secure Hosts – a multiyear project aimed at building systems that were much harder to break into, that could continue to fully function when they were breached and that could “heal themselves;” and
  • MRC–short for Mission-Oriented Resilient Clouds, which applied similar thinking to computer networking and cloud computing.”

A third component of Darpa, called Active Authentication, was later created to make machines more aware of their operator. More specifically, this program continues to explore ways that machines can learn to recognize human users by analyzing online behavior, e.g., a person’s typing pattern, rather than a password or a fingerprint.

Results to date

One promising result is a crash program called Clean Slate Trustworthy Secure Research and Development, nicknamed Custard by its creators. While not a full replacement of existing Internet infrastructure, it does offer a revolutionary system for identifying individuals who have permission to conduct specific operations, thereby keeping out the bad guys.

Custard has proven effective at preventing buffer overflows, a common cyber attack strategy. This common design flaw allows hackers to send a message that overwhelms a computer’s memory, causing the program to fail–which allows the attacker to infect an entire system with malicious code. Over the last year, Custard has generated growing interest from private companies, nonprofit organizations and academia.

Stop gap strategies can’t work much longer

Network architects understand that the fallback solution of pushing files out to the edge (of the hierarchically structured Internet) can’t meet demand much longer. Rapid growth in wirelessly communicated video and communication between devices/appliances require a new approach.

Besides greater security, a number of tech leaders believe we need to move towards a more mesh-like, less hierarchical Internet. More on that subject in a future blog post!