Internet Security Despite Untrustworthy Agents and Components

Internet started some 25 years ago as a communication link between researchers. It was slow, unreliable and unsecure but nevertheless very efficient for its purpose. Nowadays, Internet plays an increasing role in the worldwide economy. Tens of millions of users and hundreds of thousands of companies rely on it for communication, marketing and commerce. This has been achieved by increasing Internet speed and reliability, but security has not grown at the same pace. Internet is an idol with feet of clay, which can collapse any day as a consequence of a resolute infowar attack launched by a terrorist, or a prank initiated by an irresponsible hacker. Such collapses already happened. In November 1988, Robert T. Morris Jr., a student from Cornell University, launched a "worm", i.e. a self-replicating-and-propagating program, which in a few hours was contaminating 10 per cent of the Internet computers and saturating all the Internet communication links [1]. Most of the Internet was unavalaible during several days. Very likely, this was not the purpose of the program, but just the consequence of a small bug in it. But it would be easy to design a similar program, deliberately devastating, aiming at the most populated Internet systems (Unix, Windows-NT, etc.). Such a worm could wreak much more havoc than the original Morris' worm. Another example happened recently. On July 17, 1997, a faulty routing database was distributed to the Internet Domain Servers (DNS) by Network Solutions, the company responsible for operating InterNIC [2]. InterNIC is administering the most popular domain names, such as ".com", ".net", ".edu", etc. Even if a new, correct database was uploaded four hours later, most Internet communications were disturbed for more than one day. Again, a similar deliberate attack would have cause much more damage than this accident fault. And the name service is not invulnerable to such attacks: one week earlier, AlterNIC, one of Network Solutions' opponents, "used a security flaw in many Internet computers to redirect Net users who tried to access "www.internic.net" to the AlterNIC site" [2]. These two examples demonstrate how vulnerable Internet is with respect to "denial of service" attacks. Such attacks are possible, relatively easy to implement, and none of the forecast Internet security improvements is able to prevent them. Other notorious vulnerabilities of today Internet are addressed by the future release of the Internet protocols, i.e. IPv6. For instance, address spoofing would be less easy; confidentiality and integrity of communications will be improved. Other embarrassment, such as mail or news flooding, can be reduced by a better policy and policy enforcement among the Internet Service Providers (ISPs). But even these improvements raise new questions on the trustworthiness of Internet agents.