The Internet Has to Change for Security

Okay, so what need to change, and what attributes of the net (other than anonymity) would be altered?

The anonymity and non-attributability of the net...

Read the first source.

It's obvious what you want to change.  I want to know how you want to change it.

I disagree. The way the internet was built is a feature, not a bug, and those same aspects you want to eliminate are precisely the things that make it a powerful tool for freedom.

I don't know what Mr Ben-Israel is a professor of, but it's clearly not of networking, because this is completely wrong (and not in a way that could be explained as gross simplification for an interview). You can read what actually happens here.

Perhaps someone who doesn't even understand how the internet works is not in the best position to demand entirely redesigning it.

When someone is waging an attack, they don't do so directly from their own computers. They will typically use previously compromised systems as proxies. Thus the compromised system is the 'origin' of the traffic, and even if you did know who was sending it, you would gain exactly nothing because that compromised system is not going to helpfully log traffic from its commander (which would likely have been routed from any number of other proxies in exactly the same position). Ergo, this isn't something you can simply redesign. What Mr Ben-Israel seeks would require complete omniscience (total awareness and permanent memory) of all network traffic in the entire world, as well as knowledge of how that traffic was used at each node in the network.

That is exactly what should be done, and all that needs to be. If client systems were properly secured (least privilege, etc.), it would eliminate most methods of attack other than denial-of-service and social engineering.

He knows exactly what he's talking about. 

You can read a bit about him here: https://secdip.tau.ac.il/isaacbenisrael

"Perhaps someone who doesn't even understand how the internet works is not in the best position to demand entirely redesigning it."

I have the feeling that is a fundamentally inaccurate statement.

His resume consists of math, physics, philosophy, military intelligence/research, various administrative positions, and politics. None of those things are computer science.

This is what happens when smart people assume they know everything about everything and not just their fields of expertise. Don't fall for the old argument from authority fallacy.

His depiction of how networks function is not just wrong but deeply and fundamentally wrong. If they worked as he described, traffic would scale exponentially with the number of nodes and they would not function at any scale beyond the most local level.

And yet he heads the Blavatnik Interdisciplinary Cyber Research Center of Tel-Aviv University...go figure.

An administrative position, doc. Managing researchers does not a researcher make.

Maybe it's different in medicine, but elsewhere the folks in charge are pretty much never experts of the field (though they may have some distant past experience in it or something related)--they're experts of being in charge. And often even they themselves tend to confuse that distinction.

I trust what he has to say. One doesn't have to be an expert in computer science to understand what's wrong with the 'attributability' problem, and I'm pretty sure he has ready access to world class experts on the internet and its structure and function.

 As long as there are proxies, you'll never be able to rely on the source of a data packet.

Trust is all good and well, but we're not talking beliefs or subjectives here. He made statements of fact which are easily proven to be unequivocally wrong. So clearly he didn't avail himself of the experts he has access to when he did this interview.

This is a lot like all the law enforcement officials asserting that encryption should be illegal or the government should have a back door. They really don't understand what they are actually asking for--they just know that it makes their job difficult and they think it needs to change.

Mr. Ben-Israel is a military man, so true to that he wants the internet to change to make it easier to defeat the enemy (whoever that might be). That sounds great on paper if you don't mind the chilling effects to privacy and freedom (not a small thing those). And you can demand people be identified or licensed when making statements or sending messages online, as authoritarian countries are doing. But if you want to change the underlying design of computer networks so you can tell positively where traffic came from, in spite of the fact that it's going to be relayed indirectly? That just isn't possible, and anyone who actually understands how these things work would know that.

Which is why I agree it should be re-engineered...the consequences are all to apparent to keep it the way it is at present...but the back doors, etc. are the additional layer of insecurity done because of the attributability thing, in part.

Also...his rank was more a professional thing rather than a line officer thing. As for solutions, CEOs do the same...not just military.

I'll make it simple with an analogy.

Normal, direct traffic can be likened to corresponding via letter using pony express. The letter has the recipient and return address on it, so you know who sent it, and you can reply back to them, etc. There are other people involved with getting the letter from point to point (the pony riders), but they don't change the address on it.

Malicious traffic on the other hand, is akin to sending a coded letter to a middleman rather than the intended recipient. That person gets the envelope, and reads the coded message enclosed within giving directions to send a letter to someone else, then commits the sender's address to memory and destroys the coded letter before carrying out the directions (much like an old-time spy network). This process repeats any number of times. Finally, the target gets a malicious letter, and the return address on it is the last middleman. That recipient can know who sent them the letter but they can't know who started the whole chain of events. The evidence has been destroyed and the last middleman can't be made to confess, so even if you go after them you won't be able to find who ordered them to do it.

Unless the letters continue and you have access to observe patterns of behavior and work back to the source, the only way you could tell who was orchestrating things would be by directly observing the activities of everyone who could possibly be involved, and recording everything that transpired both in public and in private (since while you can correlate communications, you can't prove whether any given communication was the one without seeing the middleman decode it and reading it yourself). This is liable to be necessary in any case because there is no requirement for the orchestrator to use the same middlemen each time.

As you can hopefully understand, this is not an engineering problem. The sole solution to this 'problem' is total omniscience, because we're talking about knowing and controlling the behavior of people and the nodes on the network, not just how data is transferred among them.

Unfortunately, it isn't that simple...not at all like a pony express...because the internet was designed to be virtually indestructible. What has to happen for security from these attackers is the ability to trace things back to the originators and that requires re-engineering. 

Look let's just leave this discussion as it (the re-engineering) won't happen due to vested interests, or until those vested interests are forced to change...

The redundancy argument isn't really germane--the point of the analogy was the issue of addressing vs proxies; the pony express bit was just to illustrate that it involves decentralized communication via intermediaries who can't read the content of the communications.

It's not an engineering issue, nor one that engineering can solve. It's not about vested interests either. The point is that it is simply impossible, for two big reasons among others:

- Attribution gets you nothing, because a person (and a computer) can always act on someone else's behalf, and you can't make them tell you that (especially if they don't even know they are doing it).

- Even knowing everyone that everyone communicates with gets you nothing, because you can't put the encryption genie back in the bottle. And there are plenty of ways to encrypt data without making it look like it's encrypted at all, so you can't just prohibit encryption and assume any encrypted traffic that remains is malicious.

These issues predate computers by millenia--these are the same techniques (proxies and secret/coded communication) used by criminals and spies for all of human history. So in essence, the problem you are trying to fix is humanity itself.

You're welcome to end the debate if you like, but lets not be disingenuous about what the problem that needs solved actually is.

The problem is attributability and accountability and the internet, i.e. the subject of the OP. Let's not try to obfuscate that. That DARPA designed it without anticipating malware, etc. is a fact. That's what needs fixing, and it can be and should be fixed. That isn't "fixing humanity". That's just fixing a product which has been exploited for crime and espionage, and there's absolutely nothing wrong in doing that. Nothing at all.

It won't happen, though, because of the power of the interested agencies, just as fixing software vulnerabilities isn't always in their interest...

Saying it doesn't make it so, doc. This is the same argument being made by the law enforcement folks. They insist there must be some way to hold bad actors to account, but they don't know what they're actually asking for because they don't understand how things actually work. It's like telling a homeless person that the only problem is they need to buy a house.

Any network traffic today can already be traced to its immediate source. Email (as given by Mr Ben-Israel) is a bad example because that's a disconnected one-way protocol, where there isn't actually a live connection end to end all at once (SMTP relays act as proxies, though they do add themselves to the headers as they pass a message on). It's also not used for attacks other than infected machines passing spam or infections on, and as such isn't really relevant to the concerns at issue. And there are many techniques already in use today for blocking emails originating from SMTP gateways which can't be trusted to verify their users (DKIM, etc.).

However, if someone access a website, or logs into a server, etc., the IP that traffic came from is right there in every single packet of that communication. It has to be in order to do two-way communication, after all. And ISPs already know what subscriber they've issued an IP to. This is how people get sued for peer-to-peer copyright infringement.

The problem is that in these cases where you have professional criminal activity going on, the immediate source is not the original source; you have nodes in the middle sending traffic on others' behalf. So even if a victim observes the traffic coming in, and sees where it is coming from, that tells them little of value unless the bad actor is a really low-level sort who doesn't even try to hide their tracks. And there is absolutely nothing you can do about that short of controlling or recording ALL communications AND what is done with them on individual nodes. Given we're not omniscient/omnipotent beings, that is impossible on its face.

This has nothing to do with the internet being redundant, or how TCP/IP works. So long as users or nodes on a network can act freely (impossible to prevent-people have free will and can write their own software) and communicate securely (impossible to prevent-you can't un-invent encryption, steganography, etc.), you cannot get what you want.

Except in this case...and in fact it should be for everyones' welfare. Much like a defective traffic light.

It's clear at this point you're not even reading a word I type. Asserting the impossible should be possible because it's in peoples' best interest doesn't make it any more true. No matter how many times you repeat the claim.

I sincerely hope you never get the totalitarian/surveillance state you're ignorantly wishing for (because that is the closest humans could ever get to solving the 'problem', and is exactly the solution that will be pushed if we try, and it still won't actually work). But I'm done trying to explain to you just what you're asking for.

Really, I think you've made your point ad-nauseam and any continuation is more "mine is bigger than yours is".

No need to continue with this.

Hehe, ah shit.  

I think those who created the Internet perfectly understood the danger of "someone" controlling the Internet. We should be very grateful for the freedom Internet has given to billions of people.

I think the title of this thread is very disturbing. Since when has giving up freedom for "security" been a good idea? Important systems like power production, aviation and others should always be offline anyway. Only a closed system is secure.

Internet is actually one of the few areas where I think governments, tech-corporations and ISPs are doing a good job. Internet in its current form is pretty much the only reason I am hopeful about the future of this world.

They understood how to make it virtually indestructible. They had no conception of malware nor of cybercrime since they did not exist. 

Since never. However no one would be giving up freedom. They would be giving up anonymity. We all would be gaining attributability. Cybercriminals know they are anonymous and can hide with the net being as it is at present. The correlate of freedom is responsibility. There is no responsibility with anonymity and without attributability. Freedom without responsibility is anarchy.

Wouldn't you feel better if criminals couldn't rob a bank by leaky code and never get caught? Wouldn't you sleep better if no one could steal your identity and be virtually certain of getting away with it?

 There is one way and one way only to solve the attributability problem, and that is to make every person uniquely identifiable to any computer.  Bio-tag, arm tattoo, universal surveillance - take your pick. 

Mark of the Beast, anyone?

and then some of us will unplug from the internet and go back to fidonet.