‹ Back
Improving Technical Security 14 February 2014

The Danger of the New Internet Choke Points

The ongoing disclosures of pervasive surveillance of Internet users’ communications and data by national security agencies have prompted protocol designers, software and hardware vendors, as well as Internet service and content providers, to re-evaluate prevailing security and privacy threat models and to refocus on providing more effective security and confidentiality.

At IETF88, there was consensus to address pervasive monitoring as an attack and to consider the pervasive attack threat model when designing a protocol. One area of work currently being pursued by the IETF is the viability of more widespread encryption. While there are some who believe that widely deployed encryption with strong authentication should be used extensively, many others believe that there are practical obstacles to this approach including a general lack of reasonable tools and user understanding as to how to use the technology, plus significant obstacles to scaling infrastructure and services using existing technologies.

As a result, the discussion within the IETF has principally focused on opportunistic encryption and weak authentication. “Weak authentication” means cryptographically strong authentication between previously unknown parties without relying on trusted third parties. In certain contexts, and by using certain techniques, one can achieve the desired level of security (see, for instance, Arkko, Nikander. Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties, Security Protocols Workshop, volume 2845 of Lecture Notes in Computer Science, page 5-19. Springer, (2002)). “Opportunistic encryption” refers to encryption without authentication. It is a mode of protocol operation where the content of the communication is secure against passive surveillance, but there is no guarantee that the endpoints are reliably identified.

In this paper, we offer a complimentary analysis. We identify some of the components of the Internet architecture that provide attractive opportunities for wholesale monitoring and/or interception, and, therefore, represent architectural vulnerabilities, or choke points. We also suggest possible mitigation strategies and pose some of the questions that need to be considered if the Internet is to evolve to reduce such vulnerabilities. Finally, we identify some significant areas of tension or trade-offs, and we consider possible areas for additional efforts.

Share it online

The Danger of the New Internet Choke Points

‹ Back

Related articles

Internet Society Submission to the U.N. Special Rapporteur on the Protection and Promotion of the Right to Freedom of Expression and Opinion Regarding the Use of Encryption and Anonymity in Digital Communications
Human Rights12 February 2015

Internet Society Submission to the U.N. Special Rapporteur on the Protection and Promotion of the Right to Freedom of Expression and Opinion Regarding the Use of Encryption and Anonymity in Digital Communications

DATE: 10 FEBRUARY 2015 Introduction The Internet Society welcomes the opportunity to contribute to the report that will be prepared...

Call for submissions by the UN Special Rapporteur on Freedom of Expression
Human Rights4 November 2016

Call for submissions by the UN Special Rapporteur on Freedom of Expression

Study on freedom of expression and the telecommunications and internet access sector Internet Society submission 1 November 2016 Question addressed:...

A policy framework for an open and trusted Internet
Building Trust22 June 2016

A policy framework for an open and trusted Internet

This policy framework provides an approach for addressing the complexities of building trust in an open environment such as the Internet.

Join the conversation with Internet Society members around the world