COMMENT
My microwave is just one of millions, even billions, of“ smart”, connected devices that are out there‘ listening’ to the Internet and as dangerously trusting as the average toddler. Obviously, that’ s a problem. But it’ s more than just a concern, because“ trust” – or to be more precise, the right kind of trust – is at the heart of a functioning internet or network.
The only way the Internet can properly function is when computers, software, devices and programmes can do things quickly, can communicate instantaneously, and can adapt immediately to changing inputs. That’ s how the Internet works.
But my microwave’ s brain is comprised of a simple, low-cost, low-security chip and operating system that use“ inherited” trust, the primary and still dominant form of establishing trust across the Internet today. Basically this means that if you present me with an ID and password that match, I’ m forced to trust you.
Hackers in the recent distributed denial of service( DDoS) attack against Dyn in the US exploited vulnerabilities in millions of IT systems and WiFi networks to steal IDs and passwords, then leverage the frailty of inherited trust to create the botnet used in the attack.
While we’ ve already seen the risks inherent in Internet of Things( IoT) devices relying on inherited trust, what’ s more concerning is that the system that controls the routing infrastructure that represents the backbone of the internet – BGP( border
STEPHEN BRENNAN, SENIOR VICE PRESIDENT, CYBER NETWORK DEFENCE, DARKMATTER
gateway protocol) and other dynamic routing protocols also use a similar idea of inherited trust.
It is clear we need to implement a new trust protocol. One of the concepts currently being developed is to shift from inherited trust to authenticated trust through public key infrastructure( PKI). Rather than inherit trust directly from an entity presenting a user name and password, we can use PKI, or in this case, routing PKI( RPKI). With RPKI, a trusted third-party confirms that the person, entity or device presenting itself is, in fact, who it says it is.
This would mean that the packets of data travelling across the internet that underpin the flow of video, text, sound, databases and documents could contain a certificate that could be validated using PKI infrastructure.
RPKI is a viable solution, though it relies on a centralised structure and cascading series of authentications flowing from a series of Certification
DRIVING THIS DUAL FOCUS IS THE PUBLIC CLOUD’ S“ SHARED RESPONSIBILITY MODEL,” IN WHICH SERVICE PROVIDERS AND ENTERPRISES DIVVY UP VARIOUS LEVELS OF PROTECTION ACROSS THE IT STACK. THESE RESPONSIBILITIES – AND THE REQUISITE SKILLS – VARY DEPENDING ON THE TYPE OF PUBLIC CLOUD SERVICE
24 INTELLIGENTCIO www. intelligentcio. com