VPN Articles and News

Top Internet Body Urges Developers To Enable Encryption By Default

Thursday, December 11th, 2014

The Internet Architecture Board (IAB), the body that oversees the implementation of internet’s standards, has urged designers and developers of internet’s security protocols to enable encryption by default. The recommendation comes at a time when a lot of governments as well as tech companies are under scrutiny for their surveillance and data collection practices and the awareness regarding online privacy is at an all-time high. If the recommendations of IAB are implemented, it will mark a seismic shift in the way things function on the internet.

The internet, as we know it today, was conceptualized as an open network rather than a secure one so it is no surprise to see that it is increasingly being used as a launchpad for sophisticated cyber attacks. While high value target sites such as banks and ecommerce portals have already protected themselves by encrypting the traffic flowing through their servers, a lot of information websites are still not using any security measures to protect their infrastructure. And although a lot of content providers have embraced security measures (including encryption) in the last few years, the underlying foundation of the World Wide Web remains weak and vulnerable to attacks. IAB hopes that incorporating encryption right from the design phase would help to negate the imperfections of the current internet standards and protect online users from surveillance and security threats.

While noting that the scope and capabilities of internet based attacks have grown manifold in the last few years, IAB said that it now believes that encryption should be the norm on the internet. The body advised protocol designers and developers to deploy encryption throughout the protocol stack since not doing so could expose internet based communications to all kinds of security threats. IAB also encouraged service providers and network operators to permit encrypted traffic and encrypt communications flowing through their networks.

While encryption would protect service providers and users from security attacks, it can also lead to some unintended consequences. For instance, it could allow malware creators to drop dangerous programs on networks without getting noticed. Switching to encrypted traffic would also require a major overhaul of the current security infrastructure since a vast majority of security systems deployed today are simply not capable of dealing with encrypted traffic. The use of encryption would also make it difficult for network administrators to monitor enterprise networks and enforce security policies.

While acknowledging the challenges faced by organizations and service providers in deploying encryption, IAB chairman Russ Housley said that the move would help to restore the trust in the internet. He also added that although switching to encryption would require a lot of time and may lead to breakdowns or outages, recent examples of content delivery networks, messaging platforms and internet based applications moving to encrypted systems suggests that the move is not entirely unfeasible. Housley also admitted that as of now, there are no solutions available regarding deployment of security systems and enforcement of policies for encrypted traffic but added that IAB is ready to work towards new approaches that would address the challenges faced by the affected parties and make encrypted internet traffic a reality.

December 11, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 7 =