Network trust and security in doubt

Switching off the PSTN and the uncertain future of SSL certificates is creating doubt over network security and trust, cyber security expert Bill Caelli argues.
Cyber security specialist, Bill Caelli.

Cyber security specialist, Bill Caelli.

The decommissioning of the public switched telephone network (PSTN) across Australia over the next few years could accelerate the deterioration of one of communication technology’s most valuable assets: Trust.

Speaking ahead of his presentation at the 2011 Computer Control Audit Security (CACS) conference in Brisbane, cyber security specialist, Bill Caelli, told Computerworld Australia that decommissioning the PSTN would result in faster speeds — but at the potential cost of trusted computing.

“We are about to move our total nation, through the NBN (National Broadband Network), to internet-based activity... Whereas in the past I trusted Telstra to give me a trusted connection, I now have to trust a broad range of who knows who to create the connection,” he said.

“The connection system itself has moved beyond the actual carrier to another level and we don’t know what the training, education, security and resilience of all those other internet service providers is; we don’t know how secure the DNS (domain name service) is.”

According to Caelli, the DNS-SEC security standard was developed to add authentication security for an element of trust, similar to the PSTN, into the DNS. However, the standard was ageing and received very low levels of adoption and implementation.

Exacerbating the issue, Caelli said, was the industry’s high reliance on Secure Socket Layer (SSL) certificates to provide security. However, the security of the certificates themselves were now in doubt.

“SSL certificates themselves depend on a root certificate which can be verified and digitally signed by an issuing authority,” he said.

“But as we have seen with DigiNotar in the Netherlands, that system has been broken by hackers and they can now issue fraudulent certificates.

“The issue is that the SSL system depends upon the trustworthiness of the people who issue them ... and with a broken system we now have a real problem on our hands."

Importantly, the number of sites issuing SSL certificates also meant that the number of certificates which now had to be checked posed a massive task. “The average browser now has one hell of a lot — a massive amount — of certificates to check whether or not they are now no longer valid,” Caelli said.

“SSL has become unwieldy. It just doesn’t scale.”

As a solution, Caelli called for an accelerated use of DNSSEC to provide authentication combined with the security capabilities embedded in internet protocol version six (IPv6).

“You combine DNS security, which gives us trust we are getting to the right place, and IPv6 with IPSEC, which gives us a confidential or encrypted channel, and we start to get a solution,” he said.

“The problem is that IPv6 is hardly in existence yet.

“If nothing much is happening in safety and security, then what is the role of government? The government absolutely needs to look at it.”

Caelli also pointed to a major need for security training among senior IT practitioners around the country, arguing that the level of understanding on issues around network security was generally low.

“Cloud computing will critically depend on the naming system to get to the right ‘you’ in the cloud,” he said.

“How many CIOs would be able to do a proper risk assessment on that?

“A recent survey in America showed 50 per cent of CIOs in the Fortune 1000 didn’t have a background in IT. They are lawyers as what they are mostly doing is administering outsourcing contracts.”

Caelli also pointed to a decline dedicated IT departments at universities and tertiary education institutions in response to falling student enrolments as a future network security issue.

Follow Tim Lohman on Twitter: @Tlohman

Follow Computerworld Australia on Twitter: @ComputerworldAU

More about: ACS, Bill, etwork, SEC, Socket, Telstra
References show all

Comments

1

Phil Collins

Tue 13/09/2011 - 15:40

1. Its not the NBN's fault.
2. Don't you think that supplying trust and secure services would be the bread and butter of any self-respecting telco in an NBN world?

2

B Rivers

Wed 14/09/2011 - 12:47

Well the thing is Bill we can see the person on the other end so until virtual reality develops to such an extent that it will facilitate an MitM we should be ok we just have to get luddites like you to get their head out of their arse and learn how to use video IM.
The real fools of course are the cell phone companies ripping off their users with inflated data charges they are playing themselves out of the game. The NBN could be a waste time if private wireless networks continue to develop, why pay when you can get it for free. We purchased a Telstra international broadband modem it worked in 2 cities out of 27 complete crap. We agreed to use their 1234 service they promised us 7 calls a week we got one in 12 months. Trust Telstra no thanks Bill they are charlatans.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: CACS 2011, cyber security, DigiNator, DNS, IPv6, networking, ssl
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/20/adawarefree/

Lavasoft Ad-Aware Free

Ad-Aware Free has long been one of the most popular spyware killers on the planet, and with good reason. It's simple to use, does an ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia