Improving Technical Security 14 February 2014

The Danger of the New Internet Choke Points

Authors: Andrei Robachevsky, Christine Runnegar, Karen O’Donoghue and Mat Ford

The ongoing disclosures of pervasive surveillance of Internet users’ communications and data by national security agencies have prompted protocol designers, software and hardware vendors, as well as Internet service and content providers, to re-evaluate prevailing security and privacy threat models and to refocus on providing more effective security and confidentiality.

At IETF88, there was consensus to address pervasive monitoring as an attack and to consider the pervasive attack threat model when designing a protocol. One area of work currently being pursued by the IETF is the viability of more widespread encryption. While there are some who believe that widely deployed encryption with strong authentication should be used extensively, many others believe that there are practical obstacles to this approach including a general lack of reasonable tools and user understanding as to how to use the technology, plus significant obstacles to scaling infrastructure and services using existing technologies.

As a result, the discussion within the IETF has principally focused on opportunistic encryption and weak authentication. “Weak authentication” means cryptographically strong authentication between previously unknown parties without relying on trusted third parties. In certain contexts, and by using certain techniques, one can achieve the desired level of security (see, for instance, Arkko, Nikander. Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties, Security Protocols Workshop, volume 2845 of Lecture Notes in Computer Science, page 5-19. Springer, (2002)). “Opportunistic encryption” refers to encryption without authentication. It is a mode of protocol operation where the content of the communication is secure against passive surveillance, but there is no guarantee that the endpoints are reliably identified.

In this paper, we offer a complimentary analysis. We identify some of the components of the Internet architecture that provide attractive opportunities for wholesale monitoring and/or interception, and, therefore, represent architectural vulnerabilities, or choke points. We also suggest possible mitigation strategies and pose some of the questions that need to be considered if the Internet is to evolve to reduce such vulnerabilities. Finally, we identify some significant areas of tension or trade-offs, and we consider possible areas for additional efforts.

  • internetchokepoints thumbnail Download
  • internetchokepoints thumbnail Download

Related articles

Strengthening the Internet 10 October 2023

How to Talk to Your Manager About Memory Safety

Learn about memory safety, memory-safe languages, common bugs and vulnerabilities, and the reasons for memory safe language adoption and...

Building Trust 15 May 2019

Info Guide: 6 Ways “Lawful Access” Puts Everyone’s Security At Risk

What is encryption? Encryption is the process to scramble or hide information so it can only be read by...

Improving Technical Security 16 April 2019

Best Practices: Infrastructure Security

Optimize TLS implementation using information gleaned from public tools. This includes eliminating use of insecure ciphers and older, insecure...