Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

4 big plans to fix internet security

Fahmida Y. Rashid | May 16, 2016
Internet security is in crisis. These four proposals offer tangible solutions -- including one scheme to change the Internet's workings from top to bottom.

With Certificate Transparency, Google hopes to tackle wrongly issued certificates, maliciously acquired certificates, rogue CAs, and other threats. Google certainly has technology on its side, but it has to convince users that this is the right approach.

DNS-based Authentication of Named Entities (DANE) is another attempt to solve the man-in-the-middle problem with SSL. The DANE protocol reinforces the point that a sound technology solution doesn’t automatically win users. DANE pins SSL sessions to the domain name system’s security layer DNSSEC.

While DANE successfully blocks man-in-the-middle attacks against SSL and other protocols, it is haunted by the specter of state surveillance. DANE relies on DNSSEC, and since governments typically owns DNS for top-level domains, there is concern about trusting federal authorities to run the security layer. Adopting DANE means governments would have the kind of access certificate authorities currently wield -- and that makes users understandably uneasy.

Despite any misgivings users may have about trusting Google, the company has moved forward with Certificate Transparency. It even recently launched a parallel service, Google Submariner, which lists certificate authorities that are no longer trusted.

3. Tackle the malware problem once and for all

Almost a decade ago Harvard University’s Berkman Center for Internet & Society launched StopBadware, a joint effort with tech companies such as Google, Mozilla, and PayPal to experiment with strategies to combat malicious software.

In 2010 Harvard spun off the project as a stand-alone nonprofit. StopBadware analyzed badware -- malware and spyware alike -- to provide removal information and to educate users on how to prevent recurring infections. Users and webmasters can look up URLs, IPs, and ASNs, as well as report malicious URLs. Technology companies, independent security researchers, and academic researchers collaborated with StopBadware to share data about different threats.

The high overhead costs of running a nonprofit took a toll, and the project moved to the University of Tulsa under the auspices of Dr. Tyler Moore, the Tandy Assistant Professor of Cyber Security and Information Assurance. The project still offers independent testing and review of websites infected with malware and runs a Data Sharing Program in which companies contribute and receive real-time data on Web-based malware. Development is underway on a tool to provide more targeted advice to webmasters based upon the type of compromise they have experienced. A beta is expected by the early fall.

But even if a project successfully addresses a security problem, it still has to deal with the practical realities of how to fund its operations.

4. Reinvent the Internet

Then there’s the idea that the Internet should be replaced with a better, more secure alternative.

Doug Crockford, currently a senior JavaScript architect at PayPal and one of the driving forces behind JSON, has proposed Seif: an open source project that reinvents all aspects of the Internet. He wants to redo transport protocols, redesign the user interface, and throw away passwords. In short, Crockford wants to create a security-focused application platform to transform the Internet.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.