, ,

The Internet’s Wild Ride: From Trust to Cybersecurity Threats

By Leonard Kleinrock
Co-authored by Paula Reinman

On March 31, 1976, Queen Elizabeth II sent the first e-mail to come from a head of state. With assistance from my colleague and fellow Marconi Prize winner, Peter Kirstein, who set up the Queen’s e-mail account with the username HME2 (Her Majesty, Elizabeth II), the Queen sent a message that would have made any techie proud about the Coral 66 compiler on the ARPANET.

While the Queen’s e-mail was a high-profile early indicator that non-scientists would eventually join the engineering elite on the Internet, the idea of interconnected computers and the first message between them had played out years earlier in 1969.

We Don’t Need Networking

When ARPANET started in 1969, most people were not interested in networking computers together. What seemed like a good idea to us was resisted by the scientific community, who felt that their computers were already 100 percent utilized and did not want to share capacity, and by businesses like AT&T, who thrived on voice revenue and had no idea how to monetize data.

The first two networked computers were installed at UCLA and Stanford Research Institute (SRI) in late 1969. Once we had two networked computers, we could evaluate the capability of networking. On October 29, 1969, I supervised a graduate student member of my UCLA software team, Charley Kline, as the first message was sent from the UCLA computer to the SRI computer over 300 miles to the North in our attempt to log in remotely. That first message, intended to be “login,” was truncated to “lo” when the SRI computer crashed after the first two letters. Thus, the first message over a packet network serendipitously turned out to be “lo”, as in “Lo and Behold.” We could not have asked for a more succinct, more powerful, or more prophetic message.

The fledgling network generated little publicity in those early days. In 1972, a public demonstration of ARPANET, staged by Bob Kahn, another Marconi Prize winner, attracted considerable attention. This demonstration opened people’s eyes to networked applications and demonstrated the power of the ARPANET.

From Collaboration to the Dark Side

By the late ‘80’s, as the NSFNET took over the backbone of the Internet, scientists and corporations saw value in networking and in the Internet for e-mail, file transfer and other applications to facilitate collaboration. The user interface was still unfriendly, to say the least, and consumers did not find it attractive until the early 90’s when the Internet became usable for the masses, thanks to the friendly graphical user interface offered by the emerging Web. And flock to it the masses did!

Along with this broadened constituency of users, another behavior emerged. The first computer worm was generated by a Cornell graduate student and appeared in 1988; we saw it and thought of it as a one-time abuse. Then, on April 12, 1994, the first broad-based spam attack occurred – a commercial advertisement that was an abuse of our research network and outraged the well-behaved research community. This ushered in never-before-imagined hostile actions and the dark side of the Internet was launched.

Today’s Serious Problems

Our world today is one in which the Internet supports huge social and economic benefits, yet one in which the dark side is pervasive. This dark side started out as a nuisance by hackers and advertisers and has now metastasized into a significant threat, with illegal actions perpetrated by nation-states and organized crime.

There are two issues of interest, both at the edge of the network, about which I’m particularly concerned:

Built-in network security – Because there was so much initial skepticism about networked computers and resource sharing, we built networking to be inclusive so that everyone could try it and experience the benefits. Our original design made it easy for people to join and relied on a trusted, shared, open and ethics-based culture. Sadly, after 20 years of good behavior, that culture has eroded. We now suffer from a lack of strong user authentication to prove that it is actually you when you are communicating, and strong file authentication to prove that what you got is what was sent.  We could have installed these two protections in the network initially, but they did not serve our purpose of openness and inclusiveness. These protections are far more difficult to implement today than they would have been at the outset.

Vulnerabilities in the Internet of Things – Devices for home security, entertainment, temperature control, etc., are being purchased and deployed by the hundreds of millions and most have very little, if any, security built in. Malicious users will be able to turn these devices on to see what’s happening in the homes of their owners, to lock and unlock doors and to see when occupants are away. They have the capability to exploit web-based connectivity to attack the civilian infrastructure and more. These devices are opening up a whole new set of threats that we’re only just beginning to see. We cannot ignore this issue.

Promising Developments

While these problems are complex, they are not intractable. There are several nascent efforts underway that show promise in making the Internet a safer place for all of us:

Xnet – Ray Sanders and I are developing a new approach to networking. Today’s two most commonly used forwarding approaches are: 1) a data packet network that is complex and offers flexible, asynchronous, best effort services with no guarantees; and 2) a traditional, and dying, voice circuit-based network that is synchronous, deterministic and simple, but not flexible. The new approach is called ‘Xnet.’ It takes the best of both old approaches to deliver a network that is very low cost, efficient, deterministic, low latency, dynamic and secure. An Xnet changes packet bursts into short packet connections, each of which lasts for the period existing between a connection’s source and destination packet bursts. A plurality of connections travels between an Xnet data source area and a data sink area where the data packets will exist. No source-destination information travels with the data stream, which adds an additional layer of security. The packet connections are disjoint, each with their own bandwidths, entry times and durations. At the destination, the packet connections are returned in scheduled packet bursts delivered to the data sinks. The packet connections exist in dual sub-connections with the packet headers and packet data being forwarded over disjoint paths. While we are early in development, we look for initial deployments in private corporate networks and greenfield networks.

Homomorphic encryption – This is a form of encryption that allows encrypted data to be processed by encrypted programs without the data itself or the program ever being exposed in the clear. The research in this area is moving ahead vigorously to provide the needed efficiency for practical use.

End user security hygiene – This is one of the most effective, but one of the most difficult, ways to overcome security concerns. From computer back-ups to password management applications that keep us from using the same relatively simple passwords for everything, the end user community must learn to take strong security hygiene measures to protect itself.

In retrospect, perhaps we should have designed stronger authentication capabilities into our original networking architecture and started using them when the need arose. In spite of these security issues, however, the value and applications of networked computing, and particularly of basic e-mail, prove themselves many times every single day.