COMMENT
My microwave is just one of millions , even billions , of “ smart ”, connected devices that are out there ‘ listening ’ to the Internet and as dangerously trusting as the average toddler . Obviously , that ’ s a problem . But it ’ s more than just a concern , because “ trust ” – or to be more precise , the right kind of trust – is at the heart of a functioning internet or network .
The only way the Internet can properly function is when computers , software , devices and programmes can do things quickly , can communicate instantaneously , and can adapt immediately to changing inputs . That ’ s how the Internet works .
But my microwave ’ s brain is comprised of a simple , low-cost , low-security chip and operating system that use “ inherited ” trust , the primary and still dominant form of establishing trust across the Internet today . Basically this means that if you present me with an ID and password that match , I ’ m forced to trust you .
Hackers in the recent distributed denial of service ( DDoS ) attack against Dyn in the US exploited vulnerabilities in millions of IT systems and WiFi networks to steal IDs and passwords , then leverage the frailty of inherited trust to create the botnet used in the attack .
While we ’ ve already seen the risks inherent in Internet of Things ( IoT ) devices relying on inherited trust , what ’ s more concerning is that the system that controls the routing infrastructure that represents the backbone of the internet – BGP ( border
STEPHEN BRENNAN , SENIOR VICE PRESIDENT , CYBER NETWORK DEFENCE , DARKMATTER
gateway protocol ) and other dynamic routing protocols also use a similar idea of inherited trust .
It is clear we need to implement a new trust protocol . One of the concepts currently being developed is to shift from inherited trust to authenticated trust through public key infrastructure ( PKI ). Rather than inherit trust directly from an entity presenting a user name and password , we can use PKI , or in this case , routing PKI ( RPKI ). With RPKI , a trusted third-party confirms that the person , entity or device presenting itself is , in fact , who it says it is .
This would mean that the packets of data travelling across the internet that underpin the flow of video , text , sound , databases and documents could contain a certificate that could be validated using PKI infrastructure .
RPKI is a viable solution , though it relies on a centralised structure and cascading series of authentications flowing from a series of Certification
DRIVING THIS DUAL FOCUS IS THE PUBLIC CLOUD ’ S “ SHARED RESPONSIBILITY MODEL ,” IN WHICH SERVICE PROVIDERS AND ENTERPRISES DIVVY UP VARIOUS LEVELS OF PROTECTION ACROSS THE IT STACK . THESE RESPONSIBILITIES – AND THE REQUISITE SKILLS – VARY DEPENDING ON THE TYPE OF PUBLIC CLOUD SERVICE
24 INTELLIGENTCIO www . intelligentcio . com