Security Requirements of the Future Internet

1 Introduction

In information society, everybody should be able to do almost everything with help of computers. Every user group has its own needs which could also be opposite to each other. In this chapter I introduce needs of three user groups: enterprises, authorities and citizens (employees, customers).

2.1 Enterprises

In last few years, every enterprise has got own home pages in World Wide Web. Unfortunately, many of these WWW pages are poorly designed and there is nothing useful (not even a phone number of the switchboard). WWW page can also be more than just an advertisement of the enterprise. For example, there may be an order form for products or some useful application. Today, there is also enterprises that operate only on the Internet. These enterprises need some reliable method for charging for services.

Electronic mail has become an necessity to many employees and they want to check their mail in every places even in their spare time. Portable computers and other PDA type devices has become common. Chiefs and colleagues also assume that employee is reachable in the evening by electronic mail or by (enterprise's portable) phone. Electronic mail is also used for sending various kinds of documents that are previously sent by normal mail or fax. Usually, these documents are confidential.

Many of employees do work at home or during work trips. Their connections to the enterprise should be reliable and, in most cases, confidential. They also may need to use some application that operates in some server of the enterprise. This server should be secured for unauthorized use but it should be available for authorized users.

2.2 Authorities

Countries have two viewpoints to security: some of them want to have a possibility to watch over what their citizen do and other stand by strong cryptography and privacy of citizens. Difference can also be seen, for example, when European Union has tried to developed a pan-European method for digital signatures. Some countries support a tight regulation and the other emphasize the citizens' own responsibility. For example, Finland and Sweden represent latter viewpoint and Germany the first viewpoint.

In Finland, there is a project about electronic identification (Henkilön sähköinen tunnistaminen, HST)[1]. The electronic identification is based on a smart card and public key cryptography. With help of this system authorities may authenticate a citizen and documents can be signed and encrypted. This allows citizens to do business with authorities through the Internet. Most of authorities' services should be available by the year 2001 on the Internet [2]. Sweden has corresponding project about Secure Electronic Information in Society (SEIS) [3].

In Germany, a digital signature is juridically valid [4]. This allows user to, for example, sign a sales contract and send it through the Internet to the other peer. This contract is also valid juridically if possibly quarrel is taken to the court. This German system is based on strong public key cryptography and the keys are stored in a smart card. In the smart card, there is also a certificate that consists of user's name or pseudonym, public key and validity time. Trusted third party, Trust Center manages the keys and distributes the smart cards. The German system is also met for commercial use. It has been criticized too heavy and too expensive.

Official announcements are one important part of administration. Traditionally, all announcements can be seen in some civil service office (during eclipse of the moon). Now information can be put easily to authority's WWW page. For example, the city of Espoo has very good WWW pages that tells about city plan, timetable of fire inspections etc [5]. Nowadays, there Finnish legislation is available for all citizen in the Internet [6].

In an interview, professor Lawrence Lessig of Harvard University said that the current no-tax scenario for Internet transactions is clearly a temporary situation [7]. Taxation needs new technologies, for example use of digital certificates. It also need international agreement between countries and this may be even more difficult to reach than developing new technology.

When someone become ill or be injured in a trip, he/she does not usually get to his/her "own" doctor. This unknown doctor may need patient's medical information to treat the patient correctly. But putting personal medical records online might increase the risk of exposing private and sensitive information.

2.3 Citizens

For common citizen, privacy is important. For example, World-Wide Web makes automatic collection of data very easy and people does not know that. They just wonder where some spammer get their email address. Safety is also very important: Nobody should be able to present someone who he/she is not. Also other kind of cheating should not be easy. For example, most of today's services providers want to be sure that user is who he claims to be but user cannot be sure that the service is correct.

In design of new (and old) applications, design of usability should have more significant. Good user interface helps user to make right decisions. In his book, Edward Amoroso claims that usability and security are orthogonal [8]. It is also said that security is transparent when it is usable [9]. But how user can know if something is secure if he/she cannot see any (or just a little) difference to unsecured system? It depends on application how much user should know about security.

In future, "new" technology is widely used in common life (new is quoted because, in future, this technology may not be new anymore). Different applications needs different security services. Some of them do not need security at all and some are very dependent on good security services. In this chapter, I have collected all kinds of new applications.

Digital technology has become common with computers. Being digital allows users to deliver a signal with information added to correct errors. Error correction and data compression are two obvious reasons for digital information. Almost all data is in digital format nowadays. [10] Digital technology has created new possibilities: products and services can combine to entertainment electronics and computer networks. For example, Helsinki Television has changed (part of) its cable-TV network to duplex, and Internet connections can be taken through fast network [2].

Today, the Internet is used to transmit long distance phone calls. There is things that makes Internet more useful than traditional telephone network: new services can be added, for example, caller can click receiver's name in his/her phone book. In future, operators may charge calls not according the distance, but according additional services used by caller [11].

Enterprises can send their tax return form through net. This kind of applications need authentication. In future, Finnish citizens can authenticate themselves with Electronic Identification cards. Then useful things like voting might be done at home. The government can ask citizens' opinion to all kinds of things and, for example, old people can easily to participate to voting even in sparsely populated areas.

Doing business with commercial service sector's enterprises become easily. In Finland, for example, many banks has an "Internet bank". Customers can pay bills and check how much they have money in their bank accounts. There has also been several electronic money project but none of them has hit himself through yet. The Internet is used like other ordinary contact medium like telephone and the payment (and the delivery of the product) are preformed traditionally.

Video conferences are one application witch there have been talk about for a long time. This application need real time data transferring. When enterprises use video conference for business meeting, confidentiality is very important.

In future home, there may be a wireless access network. Every equipment can be controlled through network. This kind of network need good authentication and access control methods. The network has to have some way to separate neighbor’s and owner's equipment. Owner may want to choose who can access to his/her services and to charge for these services, like printing.

Convergence in computer area is word of this day. Telecommunication and datacommunication are combining. This can be seen in Internet telephone and data transmission in the telephone network. Other area of convergence is mobile and wired networks. There are both kind of networks for transport both speech (telephone) and data. Third area of convergence is computer science and computer communication. [15]

In this chapter, some wireless solution for Internet are briefly introduced.

5.1 Wireless Local Area Networks (WLAN)

Standard 802.11 of the Institute of Electrical and Electronics Engineers (IEEE) is developed for Wireless Local Area Networks (WLAN). WLAN is similar to the Ethernet Standard. WLAN is a physical layer standard that specifies the modulation and signaling for transmission of data through radio frequencies [16].

WLAN supports secure registration and authentication. It also offers encryption of transmitted data frames. Both of these are defined in the standard.

5.2 Mobile IP

RFC 2002 introduces IP Mobility Support [17]. Mobile IP allows transparent routing of IP datagrams to mobile nodes in the Internet. The mobile computing environment is potentially very different from the ordinary environment. Mobile computers may be connected to the network via wireless links. Such links are particularly vulnerable to passive eavesdropping and active replay attacks [17].

The Internet Protocol (IP) provides a connectionless, unreliable and best-effort packet delivery service. The IP does not provide protection against eavesdropping, man-in-the-middle attacks of other kind of threats. Internet Engineering Task Force (IETF) has standardized several protocols for protect information and connections in the Internet. In this section, I present some of them briefly: IPSEC, ISAKMP, IKE and PKI. Next figure shows the connections between these protocols. IP, IPSEC and UDP take care of connections and session security, ISAKMP take care of authentication and IKE inside it take care of key exchange. DNS is a repository for keys and certificates. Simple Public Key Infrastructure (SPKI) manages trust and take care of policy management.

Figure 1. Protocol Stack

A Security Policy defines security principals of an organization. Security Policy can be completed with security guidelines. According to the Security Policy a Security Association (SA) is chosen to protect a connection. A SA is a set of parameters of some security protocol, with other words, the Security Association defines how this protocol is used. A Security Parameter Index is an unique identifier for Security Association.

Next sections briefly introduce some of figure's protocols and what kind of security services these protocols offer.

6.1 IP Security Protocol (IPSEC)

IP Security Protocol (IPSEC) is a network layer protocol that provides authentication, integrity and confidentiality security services [18]. It does not provide non-repudiation or protection against traffic analysis or denial of services attacks.

IPSEC has two parts: Authentication Header (AH)[19] and Encapsulating Security Payload (ESP) [20]. The Authentication Header provides integrity and authentication for IP datagrams. Security Association defines what kind of authentication method, for example a signature, is used. The Encapsulating Security Payload provides integrity and confidentiality. All data after ESP is encrypted. Both these method can also be used together.

IPSEC require a key management protocol. IETF has standardized Internet Security Association and Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) for this purpose.

6.2 Internet Security Association and Key Management Protocol (ISAKMP)

The ISAKMP Protocol is defined in RFC 2408. It is a protocol framework that combines the security concepts of authentication, key management, and security associations to establish the required security for government, commercial and private communications on the Internet [21]. ISAKMP defines 13 payloads and five exchanges for exchanging information that is needed in establishment of secure communication. It does not enforce of using, for example, some specific key exchange algorithm, but there is an Internet Key Exchange (IKE) [22] protocol that can be used for key exchange with ISAKMP.

Every ISAKMP message begins with Initiator's and Responder's Cookie. The Cookie makes protection against denial of service attack easier to handle [21]. ISAKMP combines authentication, key exchange and security association exchanges. This prevent connection hijacking and man-in-the-middle attack. New Security Associations need a new cookie. This protect system against replay attacks. If something abnormal occurs, ISAKMP notifies the other party and returns to idle state.

6.3 Public Key Infrastructure (PKI)

In public key cryptography, there is two keys: a public key and a secret key. In many systems, a same key pair can be used for encrypting/decrypting and signing of information. In a large network where people want to communicate confidentially with each other, public key cryptography is better than secret key cryptography because they need less keys and key distribution is more easy.

A public key infrastructure (PKI) is a system where public keys are presented in a defined way. Digital certificates can then combine some information to the keys. A PKI also defines processes to check that a certificate is valid, and to revocate and expire a certificate.

A PKI and a suitable certificate repository can together provide a foundation for managing trust and policy information in the form of digital certificates, even for a large distributed system with numerous interacting entities [23].

6.4 Problems

I think that hardest part in security area is users. Users do things that developers never think they do. Users does not understand what developers are thinked when they make applications and developers does not understand what their application's users want. They did not have shared language. Average user does not often even want to know security things. Too many warnings make user numb. On the other hand, user should know something about security.

The user groups of the Internet is growing that brings new kinds of people to use new applications. These new applications and their users have new kind of security requirements. IETF has defined six security requirements but they are lacking, at least, authorization and quality of service.

Internet is a global thing. Countries have different vision for using this global Internet. This global nature of Internet should be take into account when politicians decide and agree on things that touch security in their own countries.

There are many good solutions for make the Internet Secure but very much is leaved on the hands of the developers. For example, the ISAKMP protocol is very complicated because it is actually a framework. Traditionally, all kind of design is not very user friendly. To build the information society, one important part is awareness of security needs of users and applications.