One network to rule them all (benignly)

Internet Society launches toolkit to safeguard open, secure network of networks

US non-profit the Internet Society has launched a toolkit aimed at helping policymakers align regulatory and technical proposals with its vision of an open, secure, and globally accessible internet.

The Internet Impact Assessment Toolkit sets out how new laws and technologies should be applied to protect, rather than undermine, five foundational pillars that characterize “the network of networks”.

TLS success story

One of these cornerstones is an open architecture of interoperable, reusable building blocks.

The “well-defined layered services” flowing from this principle have enabled the TLS protocol to provide “a defined security service to any application”, according to a paper published to accompany the toolkit.

The protocol’s ubiquitous adoption has “eliminated the need to invent this mechanism from scratch” and “delivers greater security at lower costs”, according to the Internet Society’s ‘Internet Way of Networking’.

By contrast, efforts to “reinvent security rather than use standard building blocks” have often resulted “in security compromises and breaches”.

YOU MIGHT ALSO LIKE HTTP request smuggling: HTTP/2 opens a new attack tunnel

However, some security products can flout the toolkit’s prescriptions, claims the Internet Society.

Firewalls and other ‘middleboxes’ – such as load balancers, address translators, and security scanners – can “disrupt the layered model” if they result in two end nodes not “directly communicating over an underlying network layer”.

By contrast, “well-designed middleboxes minimize the interruption to the internet’s layered model by helping [to] preserve end-to-end communications”.

While the paper champions the existing distributed routing model as providing “global reach, resilience, and optimized connectivity”, it does concede security-related downsides to the absence of a central routing authority.

“Without enforcement of a common policy, both human error and deliberate malice can result in interruptions to connectivity and security issues such as spying on internet traffic or impersonating an organization,” it says.

However, the paper contends that collaborative approaches to solving routing challenges have been broadly successful by leveraging “peer pressure and community action”.

Country-wide intranets

The status quo of a free and open internet is increasingly being undermined by the efforts of authoritarian governments to control their citizens’ information diets.

For instance, Belarus president Alexander Lukashenko was recently alleged to have cut off Belarussians’ internet access amid street protests following his disputed re-election.

Russia, meanwhile, is said to have taken steps to towards emulating Iran and China in creating a government-controlled, “gigantic intranet” that is walled off from the global internet.

The upshot of such moves is a less open, resilient, and dynamic “Splinternet”, said the Internet Society in a press release on Wednesday (September 9).

Read more of the latest network security news

The Internet Society’s toolkit warns against regulatory actions that hold internet intermediaries such as ISPs, content delivery networks, and domain name registries responsible for the actions of their users.

“Ill-informed regulation can drastically alter the internet’s fundamental architecture and harm the ecosystem that supports it,” said Joseph Lorenzo Hall, senior vice president for a strong internet at the Internet Society.

The toolkit also criticizes the Trump administration’s ‘Clean Network program’, announced last month to bar “untrusted” technology vendors from participation in the country’s digital infrastructure. (China has since launched an equivalent program.)

This is part of a trend of governments encroaching on parts of the internet’s infrastructure to try and solve social and political problems through technical means, Hall said.

Toolkit 101

‘The Internet Way of Networking’ sets out five properties that are critical to achieving “a universally accessible, decentralized and open” internet:

  • Accessible infrastructure with a common protocol that facilitates unrestricted, global connectivity
  • Open architecture of interoperable, reusable building blocks
  • Decentralized management and a single, distributed routing system to foster growth of local networks
  • Universal global identifiers for consistent addressability
  • Technology-neutral, general-purpose network that removes barriers to innovation

“The internet’s ability to support the world through a global pandemic is an example of the Internet Way of Networking at its finest,” said Hall.

“Governments didn’t need to do anything to facilitate this massive global pivot in how humanity works, learns and socializes. The internet just works – and it works thanks to the principles that underpin its success.”

The Internet Society was founded in 1992 by internet pioneers Vint Cerf and Bob Kahn with a mission to make the internet “open, globally-connected, secure, and trustworthy”.

The Daily Swig has contacted The Internet Society for further comment and will update the article if and when we hear back.

READ MORE Difficult-to-execute attack could break TLS encryption in rare circumstances