Information protection issues related to the Future of the Internet:

        Four areas of particular concern today and for the future of
information protection in the Internet are; (1) the ability to audit and
trace activities to their source, (2) the ability to assure the integrity of
information entering, passing through, and coming out of this network, (3)
the ability to test and control the infrastructure so as to assure the
availability of services and propriety of configurations, and (4) the ability
to detect and properly respond to suspected and actual intrusions.

1) The ability to audit and trace activities to their source:

        Today's Internet and the current protocols for the next generation
        of the Internet have no provision for tracing information passing
        through the infrastructure.  As a result, (1) we have widescale IP
        address forgery, (2) we are often unable to trace an attack back to
        it's source, and (3) we cannot normally assure that information
        entering our facilities are from the sources they claim to be from.
        One option we now have is adding cryptographic countermeasures that
        are (1) not uniformly permitted due to export restrictions, (2)
        optional add-ins under today's protocol specification, (3) have
        high-cost, (4) reduce performance, (5) do not provide a mechanism
        for auditing, and (6) make tracing of some activities harder by
        obscuring the very information that could otherwise be used for
        tracability.

        To address these issues, research is required into how we can trace
        and audit activities without undue bandwidth and performance
        reduction.  With proper audit mechanisms, the sources of most
        detected attacks could be traced and people could be held accontable
        for their actions.

2) The ability to assure the integrity of information entering, passing
through, and coming out of this network:

        In today's Internet, there is effectively no integrity control.  As
        a result, we have (1) widescale email forgery, ongoing attacks
        against the integrity of servers and clients, (2) browser-based
        attacks that bypass firewalls and similar controls, (3) server
        attacks that succeed in corrupting information in federal agencies
        as well as throughout the private sector, (4) infrastructure attacks
        that have redirected routing at the very core of the Internet's
        domain name services, and (5) buffer overflow attacks that threaten
        almost every kind of system in use today.

        In order for the Internet to become truly viable for carying critical
        information during serious disruptive attacks, it is vital to provide
        the means to have assured integrity of critical pieces of information
        and of the infrastructure on which we depend.  Research is needed in
        order to find and test viable methods for attaining integrity without
        otherwise disrupting the operations of the Internet.

3) The ability to test and control the infrastructure so as to assure the
availability of services and propriety of configurations:

        In today's Internet, router misconfiguration, Domain Name Service
        errors, and protocol deficiencies cause large scale outages, poor
        performance, and unnecessarily high costs. Most large organizations
        with substantial Internet or intranet connectivity have employees
        spending much of their time in manually figuring out how to configure
        the infrastructure, manually entering configuration commands, and
        asking users to try things in order to determine what is working.

        Research is needed in order to find methods that will permit
        automated and efficient, analysis, configuration, and verification
        of infrastructure elements.  The results of such work will include
        reduced in network costs, increased efficiency, reduced downtime,
        and increased assurance of information infrastructure.

4) The ability to detect and properly respond to suspected and actual
intrusions:

        In today's Internet, intrusions go largely undetected, and response
        to detected intrusions are typically limited to beeping a person,
        sending email, shutting down access, or similar activities.  In
        addition to the well-known inability to detect many attacks and the
        reflexive control implications of these sorts of responses on those
        who use them, there are many unanswered questions in the field of
        intrusion detection and response that are not being addressed by
        current research or development efforts.

        Research is needed in order to identify the key issues in intrusion
        detection, to address the mathematical underpinnings of this field,
        to experiment with schemes that address differing organizational
        resuirements, and to tailor detection and response to the
        organization's work flow.

        In addition to the positive impact research in these areas will have
on information protection, they also contribute to stability, improved
performance, and lower cost of operation, and as such, have a positive
impact on the cost effectiveness of the Internet both for government and
private sector use.


---
Fred Cohen can be reached at tel:510-294-2087 fax:510-294-1225