Everyone who uses the Internet has heard the stories of compromised Pentagon computers, millions of stolen password, denial of service attacks and more. So what causes the Internet to be so insecure? This article attempts to shed light on the evolution of Internet security issues.
Genesis
American taxpayers paid for the development of the Internet under the large umbrella of the Department of Defense (DoD); more specifically the Defense Advanced Research Planning Agency or DARPA funded the necessary research at universities and private corporations. Our military had some very basic requirements at the time. Computers made by Company A needed to be able to exchange information with computers made by Company B. This requirement arose because Congress had mandated that DoD use a competitive bidding process for procurements to insure that the low bidder won the contract. Consequently, the DoD was home to every kind of computer made and none of them talked to each other. One other Internet design requirement imposed by the military was that the Internet should be robust enough to operate during wartime when many of the telephone lines that carried military communications (voice and data) could be bombed out of existence. As it turned out, this requirement for “survivability” meant that the technical architecture of the Internet needed to provide ways for data to be “dynamically rerouted” via whatever links were not bombed out to insure that the message eventually had the greatest chance of reaching the intended destination. As we will see later, this requirement imposed such unique design requirements that the military willingly traded off poor security for a higher probability of deliver.
Who Needs Security Anyway?
There was of course a great reason why the most powerful military in history willingly traded off security for survivability. Surprising, the answer was because transmission security was not really needed! This is because the military has long employed encryption capabilities on all of its communications links to prevent an enemy from intercepting transmissions. With encryption capabilities already in place the computers could effectively be “relieved” of the need for concern about security. This drove the design requirements of the Internet protocols, which are effectively the language used by the equipment within the Internet.
Internet Design
To understand why the Internet is so insecure you have to actually consider the rules of communication used between pieces of equipment. Actually, understanding just a few of the design choices goes a long way in understanding Internet security. Since the DoD was already using systems that scrambled up everything transmitted, the Internet Protocol design could be free to use the lowest overhead communication of all – namely “plain text.” Plain text protocol design essentially means that all of the communication rules are built around transmissions that anyone can simply read like today's newspaper. Without the encryption devices present, credit cards, email messages, entire file transfers, chat sessions and every other application exchange are as easy to read as today's newspaper. Of course, that doesn't apply to the DoD because their links employ encryption.
Another interesting design decision employed within the Internet protocols is best understood by the “survivability” requirement. Instead of sending all of the information via a “dedicated link” the Internet protocols chop the data up into small pieces which travel independently over whatever link is up and are put back together again in the proper order by the receiving system. Since it is possible during wartime for many different paths to be out of commission it was necessary to define timers that allowed incredibly long periods (in computer processing time) of time for each piece of information to arrive. Under conditions where security was not taken off the table as a requirement, protocol timers would be expected to be set in computer time, which is milliseconds. But if security is not a concern its possible to define timers that allow say 20 minutes to pass without the sender or receiver tearing down the connection. The consequence of this, however, is that a human hacker has all of the time in the world to manipulate the exchange of information so it really isn't even necessary to automate an attack because Internet systems will just “assume” the transmitter is operating under severely degraded conditions.
Really Open Systems
These two characteristics of the Internet, plain text transmissions and almost unlimited (in computer time) timers make the Internet incredibly insecure for anyone who is not using encryption on their transmissions. And since the Internet is an “open system” environment the documents that define the required protocol exchanges between any two applications are defined and published for everyone with an interest to read by the Internet Engineering Task Force (IETF). From a security perspective this is a bit like the Bank of America publishing the combination for all of its safes in the New York times but from an engineering perspective this greatly helps to rapidly deploy new Internet applications.
Shhhh...That's a Secret
Why do we hear about Pentagon computer break-ins if the military has encryption on all its systems? Ah, the truth is that not every computer used by the military has the level of sensitive information required to justify encryption protection. Even though the military, and most Federal Government agencies, view everything as “For Official Use Only” the truth is that someone breaking into a computer in the Press Release office in the Pentagon is not really going to obtain any secretive information anyway. Sometimes, such disclosed “break ins” are little more than a bureaucrat trying to justify a larger budget for the office.
Theft By Any Other Name
What about hacking account passwords at banks? Yes, that is legitimate theft of corporate property. In comparison, however, let's imagine a similar situation at the level of an individual. Let's say you visit Central Park in New York City and sit down on a bench and spent some time cleaning out your wallet. You decide a cup of coffee would be nice so you place your wallet down on the park bench and stroll leisurely across the street to a coffee shop. You buy the coffee and head back to the bench where you expect your wallet will still be sitting just where you left it and no one would dare even take a peek inside because its your personal property, right? Absurd? Yes, very! Consider then how the government has spent millions and millions of dollars building sophisticated monitoring systems over its Internet protocol networks and then voraciously prosecuted teenage kids who dared to take a peek at computer systems that had their data hanging out on the Internet for anyone who cared to read it. Well of course breaking into any computer should be illegal based on the morality that stealing is wrong but it seems that it should be equally wrong for billion dollar corporations and governments, both of which employ the highest educated computer experts possible, from putting their sensitive computers on the Internet in the first place. The hackers have been vilified as some type of genius level computer guru who thwarted the best security experts in the world when in fact they interacted with systems that were all too anxious to hand over any and all requests for information without even so much as a timer set on how fast the hacker should type!
Have Glue, Will Stick
Fortunately, industry came along many years later with add-on security tools that allow information such as credit card accounts to use lightweight quality encryption such as Secure Socket Layer (SSL), Transport Layer Security (TLS), and other capabilities that enabled electronic commerce to flourish on the Internet. Other than these features, however, the Internet still operates like the fully open system it was designed to be.
About the Author
Jason Canon has over 30 years experience in the computer industry and served as a voting member of the Federal Internetworking Requirements Panel.