The legend of network protocols (V): The shadow of a great power is hard to eliminate

Vinton Cerf's encounter with TCP/IP began in 1973. In his later recollections, he mentioned that it was not until 20 years later that he realized that the pioneering work he participated in was changing the world. What triggered this realization was the World Wide Web service launched by Netscape. "This meant that ordinary people could also use the Internet at will. I found that changes had really taken place."

However, just like the famous "two dark clouds theory" in the history of physics, just when Vinton Cerf and others were celebrating the greatness of the Internet, dark clouds had already arrived over the Internet, and it sent a strong security warning to people.

[[251019]]

(Photo source: Baotu.com)

First lesson on cyber security

In 1988, Robert Morris was still studying at Cornell University in the United States. At about 7 p.m. on November 2, driven by curiosity, he released a "worm" program he wrote on the Internet. For this program with only 99 lines of code, Morris originally wanted to use it to measure the scale of the Internet at that time. But what no one expected was that this small action almost destroyed the young Internet.

The accident was caused by Morris' programming error in the propagation mechanism of the "worm", which turned a potentially harmless intellectual exercise into a malicious denial of service attack - the out-of-control "worm" replicated itself at a high speed, crowding out the hard disk and memory space in the computer systems on the network, causing them to crash due to being overwhelmed. Because the "worm" occupied a large amount of system resources, it actually paralyzed the network, destroyed a large amount of data and information, and affected more than 10% of all networked computers at the time, with losses approaching $100 million.

The Morris worm shook the young Internet. It was the first computer virus in history to spread through the Internet, allowing early Internet operators and users to see the power of network attacks for the first time. To some extent, it also directly gave rise to the rise of the computer and network security industry. Obviously, this was a man-made disaster, but from a technical point of view, it was also an inevitable natural disaster. Only then did the designers of the Internet realize that they had made a serious mistake.

Founders ignore safety

There is one problem that Vinton Cerf and others have always regretted - they missed the consideration of network security from the very beginning! "If I could reinvent the Internet now, I would consider adding more protection measures from the beginning to eliminate negative things as much as possible from the background of the Internet rather than the terminal, but at that time, many protection methods had not yet been available." Vinton Cerf said.

Vinton Cerf's frustration was evident in his words. In fact, in the TCP/IP protocol he produced, the IP protocol itself did not provide any security features. But this cannot be blamed on him. After all, he could not get around the limitations of the times. At that time, most network connections occurred between universities and advanced research institutions. Network users and network operating environments were so simple that people naturally ignored network security issues.

In addition, from the perspective of technical engineering, this is also inevitable. From the perspective of functional logic, network protocols can be divided into communication protocols and security protocols. The former is responsible for communication capabilities and transmission efficiency, and the latter controls secure connections and secure transmissions during the communication process. At the beginning of network design, scientists who pioneered the world naturally focused on communication protocols, because this is the prerequisite for realizing networking functions. The first problem they faced was how to achieve interconnection between different computers and different networks, how to achieve normal data distribution, and let the data find the right path, find the door, and reach the designated location smoothly.

A greater outbreak of network security issues occurred during the later stage of commercial operation of the Internet, which was much longer than the founding actions of Vinton Cerf and others.

However, Vinton Cerf's views are not outdated. They represent people's expectations for future network security. Unlike in the past, people used firewalls, anti-virus and other means superimposed on the network and terminals to implement network protection. Instead, they hope to let the network protect itself, that is, to build the network's inherent security capabilities at the network protocol level, and then "eliminate negative things as much as possible" in the "backstage" of the Internet.

People have also done this, by improving or redesigning existing network security protocols, giving the network protocol family stronger security capabilities. These actions cover different levels of the seven-layer network in the OSI reference model. Of course, the unavoidable problem is that the network train is already running on the highway, and all remedial measures can only be completed at high speed, which undoubtedly increases the difficulty for people.

First mover path monopoly

In order to solve the problem of secure data transmission on TCP, Netscape Communications Corporation proposed the Secure Socket Layer (SSL) protocol (also known as socket security protocol) in 1994. Since the released SSL2 was not discussed with security experts outside Netscape, it was not considered comprehensively and had serious weaknesses. In 1995, Netscape released SSL3, which patched many vulnerabilities in the SSL2 protocol. After the release of SSL3, it received great attention from the industry. Later, the IETF established the Transport Layer Security (TLS) working group, designed TLS based on SSL3, and released TLS 1.0, TLS 1.1 and TLS 1.2 in 1999, 2006 and 2008 respectively, patching a large number of vulnerabilities in the design and implementation of the protocol.

This fact tells us that security is relative. The work of patching protocol vulnerabilities will not be completed just because you have spent ten years on it. In the future, there will still be extended version numbers to mark the emerging vulnerabilities. Why is this so? An important reason is that we cannot predict the future, just like Vinton Cerf could not realize the security issues of IP. This is the limitation of history.

Since the early 1990s, some standard organizations have successively carried out security research projects for the data link layer and IP layer, and formulated some general security protocols, whose purpose is to make up for the security defects of the IP protocol. Then they are applied to various networks. However, these security protocols developed with great difficulty have often become security black holes in today's application scenarios.

Here, we need to briefly review the historical evolution of network security thinking. Initially, the design idea of ​​network security protocols was based on the security concept of a master-slave structure, which assumed that the network was completely trustworthy to users, that is, people who make calls on their mobile phones would unconditionally trust the base station. As long as the base station confirms the legitimacy of the mobile phone, the two can establish a connection for communication, and the mobile phone does not need to confirm the legitimacy of the base station. This logic is called one-way authentication. Wi-Fi's WEP security mechanism is one of the products of this logic.

This security logic design is in line with the reality of that pioneering era - at that time, base stations were still communication equipment with extremely high technical and price barriers, which were difficult for ordinary individuals to obtain, and its owners (telecom operators) could be completely equated with natural honest people. But the situation is very different today. The cost of base stations is getting lower and lower, and you can carry it on a backpack and walk around the market. It is also because of this that network security issues such as fake base stations and "middlemen" frequently break out.

Under security pressure, Wi-Fi adopted 802.1x in a major security upgrade. Although its security mechanism has achieved the evolution from one-way authentication to quasi-two-way authentication, unfortunately, this evolution to two-way authentication is not thorough. In October 2017, WPA2, the highest security mechanism in the Wi-Fi security protocol, was declared cracked. Subsequently, the Wi-Fi Alliance urgently released WPA3 at the CES exhibition in the United States in January 2018, and announced the final completion of the WPA3 protocol in June of the same year. However, in terms of technology, WPA3 did not change the authentication architecture of Wi-Fi. While continuing to use the past insecure architecture, WPA3 still cannot solve security issues such as man-in-the-middle attacks.

The Wi-Fi camp's adherence to the security technology path is not out of sentiment, but from the consideration of continued market monopoly. In the face of a huge market that has already been successful, Wi-Fi can only go one way to the end. Of course, in the case of its own obvious defects, Wi-Fi's sensitivity and vigilance towards competitors are interpreted to the extreme. And Wi-Fi has indeed used its own actions to tell its opponents what the world is like. At this time, the government's hand will appear again, but this time it will go to the opposite side.

It is difficult for latecomers to break the chess game

HiperLAN in Europe is one of the early wireless LAN technologies. As a contemporary competitor of the US technical solution (IEEE802.11 series, commonly known as Wi-Fi network), it was successfully fooled by the US to the US-controlled standards organization IEEE for standardization. In the end, the technical solution led by US companies unexpectedly became the official standard. HiperLAN was fooled and dragged to death. Another representative of wireless LAN protocol technology, my country's WAPI, also encountered difficulties under the intervention of the US, and its industrialization and commercialization process were greatly disturbed, but its experience was more ups and downs (this anecdote is well known and will not be repeated). Everything is under control. In an internal document of IEEE in 2003, it was pointed out that wars must be fought one by one, and WAPI is the next one (HiperLan is the previous one).

The battle of technical routes in the field of wireless LAN is just the tip of the iceberg of network protocol wars. The secret war hidden under the iceberg is even more exciting. As mentioned above, more and more network security protocols are designed and applied, but the embarrassing thing is that many security protocols are found to have loopholes when they are just launched. However, there is a specific existence, that is, you have not discovered its loopholes until someone appears, such as American Edward Snowden.

In June 2013, Edward Snowden, a former CIA employee, disclosed the US "Prism Project", one of the important information of which is that the US realizes network information monitoring by controlling the formulation of international standards, and the US National Security Agency (NSA) has secretly operated security standards to become international standards. Subsequent information revealed shows that the US government has spent decades developing and improving the network security protocol technology and standard system that it can control, including 802.1x, IEEE 802.11i and other security protocol standards, in order to safeguard its national network security interests. More details include the use of deliberately created network security protocol loopholes in its standards to conduct large-scale global network monitoring and network attacks. The currently available information shows that as early as 1986, the US National Security Agency (NSA) began to intervene in the "development" of network security protocols.

An insecure "network security protocol" is more destructive, very hidden, and more difficult to detect and eliminate. The industry has a vivid metaphor for this: poisonous seeds are more terrible than poisonous bread! Currently, there is a consensus in the industry that the security issues of network protocol technology are becoming a major disaster area for network security.

The emergence of "Prism Gate" directly led to the collapse of the foundation of global network trust. In a 2015 ISO/IEC standard discussion, Norwegian experts clearly pointed out that "we have a very clear consensus that the SIMON and SPECK algorithms should not be included in ISO 29192-2. This conclusion is based on the following facts: these algorithms were proposed by the NSA, and we do not trust the NSA to propose security standards in good faith." We don't need to understand the technical details, we can naturally smell the doubts in the air from this statement.

The reason why Americans put so much thought into it is that network protocols are too important. Protocols are rules, and network protocols are the rules of the network. They are presented in various standards and specification texts in a complex and huge volume, and are implanted in chips, operating systems, and various network information devices, products/equipment with network information functions, penetrating into the complete upstream and downstream industrial chain, and distributed in every corner of the network. It is the so-called "no protocol, no network". The network security protocol is a basic component of the network protocol. It is not only the cornerstone of network security, but also the key area for the evolution and development of the current network protocol.

It is hard to overstate the impact of network protocols on the overall direction of the industry. From this, we can understand why the Americans are so aggressive in pursuing WAPI. In addition to the strong intervention between 2003 and 2004, WAPI has appeared in almost every government report in the United States. The latest statement on WAPI was a White House report released in June 2018, where they classified WAPI as a "strategic industry" - after 15 years, they finally spoke their mind.

Objectively speaking, the United States has made important contributions to the development of network protocol technology, and this pattern has not changed to this day. However, when its technical capabilities became extremely asymmetric with other countries, driven by unregulated capabilities and influence, the Internet became a tool for the United States to spy on and threaten other countries. In this situation, people may think of the young Internet in the 1970s and 1980s, when a group of scientists and business promoters were like a group of young men in white clothes, and everything was rising and swaying in vigor and high spirits...

Since the butterfly ARPANET flapped its wings, mankind has come a long way in the past half century. Starting with four interconnected mainframes on the west coast of the United States, people gradually connected local area networks scattered around the world, and eventually turned the world into a global village. The Internet has created inestimable long-term value for mankind. In the foreseeable future, it will continue to connect everything, and its legend will continue for a long time. The legendary stories of network protocols, which are the inside and outside of it, will also be staged simultaneously. They will continue to gather human wisdom, be compatible with history, integrate the present, and embrace the future. They are constantly being created, evolved, and innovated, and together with the individuals, enterprises, industries, and countries involved, they will be assembled into a great epic of human technological innovation.

References:

• Uncovering the family history of data center network protocols
• Internet Mystery 9: Without ARPANET, there would be no Internet
• Baidu Encyclopedia TCP/IP Protocol
• Basic concepts and classification of networks
• ARPANET: A legend born out of the "Cold War" Author: Liu Yang Published: 2012-05-17 Source: Global Finance
• Looking back at the predecessor of the Internet - "ARPANET"
• TCP/IP protocol Wikipedia/Baidu Encyclopedia
• Technology History: TCP/IP Protocol That Changed the World
• The Importance of TCP/IP Protocol from the Development of Computers and Computer Networks Chen Zhongwei
• The role and significance of network security protocols in computer communication technology
• Analysis of the role of network security protocols in computer communication technology
• The Tragedy of Xerox Translated by Yang Tao, Global Finance
• Wired Magazine article "TCP/IP designer Kahn's first "communion" with the Internet"
• Computer Networks (5th Edition)
• A brief history of the Internet
• Read the articles of senior computer experts
• Baidu Encyclopedia: BSD
• The Future of IPv6
• Chapter 9 Network Security Protocol (https://wenku.baidu.com/view/cd6d092b647d27284b7351ec.html)

(End of serialization)