The biggest threat to the Internet is the fact that it was never really designed. Instead, it evolved in fits and starts, thanks to various protocols that were cobbled together to fulfill the needs of the moment. Few of those protocols were designed with security in mind. Or if they were, they sported no more than was needed to keep out a nosy neighbor, not a malicious attacker.
The result is a welter of aging protocols susceptible to exploit on an Internet scale. Some of the attacks levied against these protocols have been mitigated with fixes, but it’s clear that the protocols themselves need more robust replacements. Here are six Internet protocols that could stand to be replaced sooner rather than later or are (mercifully) on the way out.
Have an idea for how the much-anticipated Internet of Things should operate? If the idea is good enough, Google may pay you to see it to fruition.
As part of a new effort to generate more Internet of Things technologies, Google is planning to issue a number of grants to facilitate pioneering research in this nascent field of computing.
“While the Internet of Things (IoT) conjures a vision of ‘anytime, any place’ connectivity for all things, the realization is complex given the need to work across interconnected and heterogeneous systems, and the special considerations needed for security, privacy, and safety,” co-wrote Google chief Internet evangelist Vint Cerf, in a blog post announcing the research program.
Researchers from Pittsburgh’s Carnegie Mellon University, Polytechnic University di Torino in Italy, and the research and development arm of Spain’s Telefónica Group have published a paper investigating the impacts of HTTPS use for industry and web users.
The paper, The Cost of the “S” in HTTPS PDF, was presented at ACM CoNEXT in Sydney, and suggests that while the use of HTTPS is increasing due to mounting security concerns, it could result in more latency online, greater battery drain for some connected devices, and the loss of in-network value-added services.
The paper asserts that HTTPS “does not come for free”, with the researchers saying that HTTPS “may introduce overhead in terms of infrastructure costs, communication latency, data usage, and energy consumption”.
The encryption offered by an HTTPS address may protect information from “man-in-the-middle” attacks, but that same functionality can hamper the application of “middlebox” network appliances, such as firewalls.
The Corporation for Education Network Initiatives in California (CENIC) has upgraded the core backbone of the California Research and Education Network (CalREN) to 100 gigabits per second (Gbps).
CalREN is a 3,800-mile advanced fiber optic network serving the California K-12 system, California Community Colleges, California State University, University of California, Caltech, Stanford, University of Southern California and other institutions. The network has three tiers: CalREN-DC for daily network use such as e-mail and Web browsing, CalREN-HPR for high performance research and CalREN-DX for network-based experimentation and development.
The CalREN-DC and CalREN-HPR tiers have been subject to growing demand from “researchers in data-intensive disciplines, ongoing connectivity upgrades for CENIC members, and connectivity for new members such as public libraries and arts and cultural institutions,” according to a news release from CENIC. The new 100-gigabit Layer 2 backbone will ensure that the institutions using CalREN-DC and CalREN-HPR will have sufficient bandwidth to support research and education in the state.
Today, Pacific Wave announced the completion of a 100-Gigabit connection for the Energy Sciences Network (ESnet), the high-speed computer network serving US Department of Energy (DOE) laboratories and scientific facilities. With the completion of this new connection in Sunnyvale, CA, ESnet has upgraded its peering capabilities to research networks in 40 countries throughout the Pacific Rim and beyond.
CSU Channel Islands is a member of CENIC, which in turn peers with the Pacific Wave network.
In 1989, Tim Berners-Lee, a software engineer, sat in his small office at CERN, the European Organization for Nuclear Research near Geneva and started work on a new system called the World Wide Web.On Wednesday, that project, now simply called the web, will celebrate its 25th anniversary, and Mr. Berners-Lee is looking ahead at the next 25.
Twitter crashed for “most users” Tuesday, in the longest and possibly largest outage for the company since its initial public offering.Twitter announced on its Status blog that the outage was caused by a planned change to its “core services,” which resulted in “unexpected complications that made Twitter unavailable for many users starting at 11:01 a.m.” Engineers spiked the planned change and service was fully recovered by 11:47 a.m. Pacific time.
As a pioneering Internet security researcher and a well-known skeptic about achieving truly secure systems, are you optimistic about efforts to build a more secure network? No, I’m not. I see two problems associated with this approach. First, any significant network that is developed will need to accommodate existing (legacy) systems in some manner, and be operated by some of the same people we have now — there is simply too much invested in legacy systems. This will lead to participating organizations continuing to make poor choices about their priorities for security (and privacy). Many security problems come about because of user error, misconfiguration, poor patching, indirect attacks, and a failure to properly prioritize and fund appropriate safeguards — it isn’t only the design of the networks. A new set of network protocols and connections will not address the full range of issues.
Google’s Project Loon, in which high-altitude balloons circle the globe using wind currents and solar power to provide WiFi connectivity to remote locations in developing markets, officially launched this past week, with balloons headed out around the world from a remote location in New Zealand. If you’re so inclined, there’s even a way to follow along online in real-time as winds blow these balloons at 25 mph along the 40th parallel in the Southern Hemisphere.