10 building blocks for securing the internet

Roger A Grimes looks at how the net could be made safer

During his keynote speech at RSA Conference 2011, Microsoft's corporate VP for trustworthy computing Scott Charney called for a more cooperative approach to securing computer endpoints. The proposal is a natural maturation of Microsoft's (my full-time employer) End-to-End Trust initiative to make the internet significantly safer as a whole. It closely follows the plans I have been recommending for years; I have even written a whitepaper on the subject. The most important point of this argument is that we could, today, make the internet a much safer place to compute. All the open-standard protocols required to significantly decrease malicious attackers and malware already exist. What is missing is the leadership and involvement from the politicians, organisations, and tech experts necessary to turn the vision into a reality. Several protocols already in existence could serve as a foundation for a more secure internet, which I will discuss in greater detail. They include:

  • Trusted Platform Module (TPM)
  • IP version 6 (IPv6)
  • Domain Name System Security Extensions (DNSSEC)
  • Security Assertion Markup Language (SAML)
  • OpenID
  • Open Authorisation (oAuth)
  • Multifactor authentication
  • WS-Security protocols
  • Interface for Metadata Access Points (IF-MAP)
  • Application-level security

Trusted Platform Module (TPM)

For the internet to be safer, all computing devices connecting to it need to be equipped with some kind of chip that ensures they are trustworthy prior to and throughout the boot process. The Trusted Computing Group's TPM, an open-standard physical chip, does just that and is already available in most enterprise-class PCs. A similar technology needs to make its way onto mobile devices, routers, switches, and all other computer hardware. IP version 6 (IPv6)

IPv6 is quickly becoming the replacement standard for the less-secure IPv4 for routing packets via the internet throughout the world. The standard is available on every popular operating system. It is turned on by default in every version of Windows since Vista and Server 2008. Unfortunately, only a few countries have widely adopted it, although that number is growing. In a related vein, the Internet's backbone Border Gateway Protocol (BGP) needs security improvement, but the core enhancements and pieces are ready to deploy. Domain Name System Security Extensions (DNSSEC)

After a decade of waiting, the IETF's (Internet Engineering Task Force) DNSSEC suite of specifications is finally starting to roll out, at least at the top-level domains. The lower-level domains and private DNS infrastructures will follow. DNSSEC offers answer integrity upon which participating clients can rely. DNS is involved in almost every internet scenario. If attackers are able to maliciously manipulate DNS, securing all reliant protocols becomes a lot more difficult. Fortunately, DNSSEC implementation is moving forward with or without the rest of the necessary parts joining in. Security Assertion Markup Language (SAML)

SAML is an XML-based protocol used to exchange security information between security domains. It is used by most of the protocols I cover below, including OpenID and oAuth, as well as multifactor authentication, all of which are becoming more common on the internet. OpenID

OpenID provides a decentralised method of sharing one or more web identities across multiple websites. Each OpenID is effectively an authentication information card for an individual user. OpenID cards are stored locally on each security principal's local device; users are free to make one or more cards (for general or specific use). Participating websites can choose to accept OpenID cards. Many of the popular proprietary shared web identities (such as Microsoft Live ID) have made themselves OpenID compatible. The benefit of OpenID is that it allows users to completely control their digital identities. However, individual cards probably don't scale well enough to make the Internet a thoroughly single sign-on environment. Open Authorisation (oAuth)

OAuth is a cross-boundary security authentication protocol that aims to fill in the more enterprise-class gaps that OpenID cannot cover. An evolving specification, oAuth is geared toward allowing security principals to seamlessly share content and services across security boundaries. It has strong support from many popular sites and services, including Twitter. It is also starting to earn its share of critics, who argue that the proposed version is less secure than the previous edition. Multifactor authentication

Smart cards, biometrics, and other multifactor authentication services are starting to gain acceptance across the internet – and not just for internal LANs. Google, Hotmail, and plenty of other services support out-of-band, one-time-password authentication strings sent to mobile devices. It has become uncommon to see a major bank website that only relies on user name and password. All of this makes the internet a safer place to compute. Web Services Security protocols

WS-Security protocols are a necessary next step to multifactor authentication. They provide a way to create reusable credentials with varying levels of assurance and trust that can be implemented across a wide range of websites and services, each with differing security needs. Subprotocols to WS-Security already exist: WS-Trust allows issuing, renewing, and validating of security tokens, especially between trusted security domains. WS-Federation allows participating security domains to accept authenticated identities from other security domains. WS-Policy is used by security domains to advertise what security policies various identities must meet to be accepted – for example, identity must be two-factor authenticated, can be anonymous, and so on. These WS-Security protocols are the underpinnings of a true globally secure internet. Interface for Metadata Access Points (IF-MAP)

Another Trusted Computing Group invention, the IF-MAP open specification [PDF] has the ability to essentially communicate state information about users, computers, and networks. Currently, IF-MAP protocol version 2.0 is being used. In my "Fix the Internet" whitepaper, I suggested creating a DNS-like security service that would notify everyone whenever a computer or network was no longer under the complete control of its authorised operator. Application-level security

The developer of a web service is ultimately responsible for its secure use. Every application should be securely written to work with reliable protocols and authentication methods. As it stands, the majority of internet compromises take advantage of application-level vulnerabilities, so there's a lot of work to do in this space. If the rest of the internet was properly secured using the protocols and specs discussed above, malicious hackers wouldn't have as much of a chance to get at application-level vulnerabilities and we'd be more likely to catch them. We have the technology

Whatever internet security standards emerge, they will likely include a combination of the aforementioned protocols and technologies. Ironically, this points to the fact that the protocols and technologies we need to secure the computing world are already available. All it would take to achieve this goal is for the right global consortium of technical and policymakers to sit down in a common room for a few weeks (or months) to decide on common services and trust values. The group would ultimately deliver the new official opt-in standards as internet security best practices that should be implemented by all participating vendors and service providers. Within a year or two, we would have a significantly more secure internet – one where we, our colleagues, and our loved ones could surf without the constant fear of malicious interference. How much faster and better would our entire computing Internet experience be if we didn't have to spend every second implementing a 100 disparate defences that won't work? Don't let anyone sell you on the idea that we have to live with the current state of internet insecurity or that it would take years to make it safer. We could do it right now. I am keeping my promise to repeat this call until the masses listen and take action.

Join the newsletter!

Error: Please check your email address.

Tags Security ID

Show Comments