What is wrong with the Internet? [On the foundations of internet security, fundamental flaws, and the way forward] | Turing100@Persistent

1 © Copyright 2010 UNIKEN Inc. All rights reserved
Innovation Center
ProductBy
The Core Problem
What’s exactly wrong with the
internet?

2© Copyright 2012 UNIKEN Inc. All rights reserved
www.uniken.com
So what’s wrong with it!! Nothing!!!
• It’s cheap
• Anyone can use it (no permissions required for accessing it!)
• It’s available and pervasive (almost everywhere now)
• Anyone can create any website, put any content, on a server, with an IP
address with absolutely NO GOVERNMENT CONTROL!
• Its freedom and democracy at its best!
w w w. u n i k e n . c o m

www.uniken.com
The Internet Classification
www.uniken.com
Resources that
REQUIRE
Access Control
[Online Banking]
[www.bankofamerica.com]
Resources that DO
NOT require Access
Control
[News]
[www.cnn.com]
Users who want
privacy and identity
protection
Users who DO NOT
want privacy and
identity protection
Needs
Secure
Private
Communication
Does not need
Secure
Private
Communication

www.uniken.com

www.uniken.com
THE CORE PROBLEM
THE CURRENT INTERNET INFRASTRUCTURE CANNOT
GUARANTEE THAT THE USER IS CONNECTING TO THE
DESIRED AUTHENTIC SERVER AND THE SERVER IS TALKING
TO AN AUTHENTIC PRIVELEGED USER
IT AT BEST PROVIDES ENCRYPTION WITH NO GUARANTEE
ON IDENTITY OF PARTIES INVOLVED IN THE
COMMUNICATION!!!

www.uniken.com
Internet Evolution – A simplified view
[ARPANET]
TCP/IP
DNSRouters
TLS/SSL
BrowsersHTML
UDP
Web2.0
IPSEC
DNSSEC
Evolution
Digital
Certificates Tokens (OTP)
Site-Key

www.uniken.com
Customer PC
hosts
INTERNET
ISP DNS
Server
ISP
INTERNET
Certificate
Authority
Fraudster’s
MachineFraudster’s
Machine
Fraudster’s
Machine
Man-in-the-middle
Session Hijacking
Replay Attacks
Phishing
Pharming
Bank
Datacenter
Domain
Registrar
Registrar /
Other
DNS Server
Man-in-the-browser
Man-on-the-machine
Modem
The Result!

www.uniken.com
The Internet is being used for something that it was NOT
designed for in the first place (Online Banking, Online Share
trading, Enterprise Web-Applications, Mobile Internet
Banking! )
Its’ designers never claimed the Internet (i.e. the packet
switched network – TCP/IP/UDP) was meant for secure private
communications!!

www.uniken.com
The current application services delivery
model is inherently vulnerable from a security
standpoint [Download Browser (from any
source) -> Type URL -> Give Password -> Hope
for the best!]

www.uniken.com
URL (domain name) (and corresponding DNS
infrastructure) CANNOT be used as identity
elements (identity look-up stores)(!)

www.uniken.com
SSL/Digital Certificate based Identity/Trust
Model is broken and has failed to deliver on
its original promise (of providing identity to
enterprises) – since it is based on a flawed
trust model

www.uniken.com
Available end-user identity technologies are
not geared up to tackle the current attack
vectors (OTP 2FA /Biometric became obsolete
with the advent of MITM kind of attack
vectors)

www.uniken.com
The current Mutual Authentication based
protocols like IPSEC and the corresponding
applications IPSEC/VPN are not scalable (e.g.
Bank and Customers - Million end-points??)

www.uniken.com
End-Point Computing Environment is the new
threat frontier - What can AV do if the
processor cannot differentiate between an
authorized and unauthorized machine code(!)

www.uniken.com
WHAT IS A PRIVATE
(INTERNET)
APPLICATION
ECOSYSTEM?

www.uniken.com
SIMPLIFY AND
SECURE
APPLICATION
ECOSYSTEM
CREATE A TECHNOLOGY ENABLED
SECURE SERVICE DELIVERY
PLATFORM TO ENABLE FASTER TIME
TO MARKET AND INCREASED COST
EFFICIENCIES
Device Channel Applications
EnterpriseEnd-User
On Premise
On Cloud
Desktop/Laptop
Smart Phone
Tablet
Internet/Intranet
Employees
Customers
Partners
ECOSYSTEM CONTEXT

www.uniken.com
PUBLIC (mobile) APP ECOSYSTEMS
Apple (iOS)
Blackberry
They are consumer centric and focus ONLY on
mobile devices and mobile Apps
While Apple and Blackberry ecosystems are
closed (controlled store and proprietary
devices) the rest are open
Enterprises obviously cant use these consumer
centric, platform dependent ecosystems for
distribution, access, control and security for
enterprise applications
[App Store +
(Proprietary) Devices]
Google (Android)
Windows
[App Store + OS]

www.uniken.com
Private Internet Circuits
18
Bank
Users
Bank
Users Bank
Users
Users
merchant
Users
eMail
Users
Social Networking
Users
merchant
Online Bank and its customers
Online Merchant and its customers
Online Collaboration tools (email, chat etc) and its
users
Social Networking Websites and its users
Online News Websites and its readers
Enterprises, their employees, their customers
and vendors
Online Government Services and its citizens

www.uniken.com
Features of a Private Internet Circuit
• Safety
– Before any communication begins between entities in a PIC, their respective identities are verified by
both entities
– All communication is confidential and tamper proof (encrypted)
• Privileged and Exclusive
– An entity (user, software etc) not having the PIC identity relative to a given online service and the PIC
access system on his/her device will not be able to access the Online Service in the PIC
• Moderated and Controlled
– A central PIC server will control and enable the online services available to all the users of the PIC
ecosystem
– The PIC Server will provision and broker identity relationships in real-time
• Open and Extensible
– Developers can create PIC compatible Online Services and register it with the Central PIC server for
distribution to the users of the PIC ecosystem
19

www.uniken.com
Private Internet (and Application) Ecosystem
Application Store
[Manage, Distribute]
User
Device Manager
[Manage, Control]
User Device Protection
Technology
Authentication
Infrastructure
Channel Security
Infrastructure
[Internet/Intranet]
Secure Application
Viewer
[Application Renderer]
Data Security
Technology
[Control, Protect]
Access Management
Technology
[Closed, Private]
PUBLIC INTERNET SERVICES (B2C)
ENTERPRISE APPLICATION SERVICES (B2B or B2E)
End-Point Container
Technology
[Security, Control]

www.uniken.com
PRIVATE [CLOSED] INTERNET
ECOSYSTEM
Private
Internet
Ecosystem
Identity
Device
Security
Data
Security
Channel
Security
Access
Management
Device
Management
App
Management
Identity Protection
Personal Online Identity is secured and protected
Closed and Private
Should not be accessible/visible from outside of the ecosystem
Platform, Device and Application Type Independent
Support Multiple OS’s, Laptops/Desktops/Mobiles/Tablets,
Web-Apps and Mobile Apps
Device, Application and Data Security
Application and Device Management

www.uniken.com
END-USER
REQUIREMENTS

www.uniken.com
How do I ?
Protect my login credentials of various critical websites (e.g. Online
Banking, Share Trading)
Protect from MITM/PHISHING and other sophisticated attacks
Protect my credit card/debit card information while doing ecommerce
transactions
Manage and Secure my personal Mobile Devices (e.g. Smart Phones,
Tablets and Latops)
Protect my personal data (e.g. contacts, files)

www.uniken.com
Multiple Platforms
Windows, iOS, Android,
Blackberry
Plethora of
Devices
Desktops, Laptops, Mobile
Phones, Tablets
Identity Clutter
Too Many Passwords
Sophisticated
Attacks
MITM/PHISHING/PHARMING
Sensitive Data
Personal Contacts, Financial data
Secure
Communication
Chat/File Transfer
eMoney Safety
Credit Card/Debit Card
Ecommerce Transaction Safety

www.uniken.com
CIO CHALLENGES

www.uniken.com
How do I ?
Protect Enterprise Data from leaking out
Quickly deploy and rapidly roll-out new enterprise application services
Manage and Secure Mobile Devices
Manage Enterprise Web-Apps and Mobile Apps
Provide Secure Remote Access to Enterprise Applications to partners and customers and not just employees
Protect enterprise information/applications from MITM/PHISHING and other sophisticated attacks
Protect Online and Offline Content
Provide Authentication to End-Users [2FA and 3FA]
Provide remote support to enterprise devices
Reduce the total cost of application infrastructure
And many more such critical security and application management requirements..

www.uniken.com
Multiple Platforms
Windows, iOS, Android,
Blackberry
Multiple User Types
Customers, Partners, Executive
Management, Employees
Plethora of
Devices
Desktops, Laptops, Mobile
Phones, Tablets
Identity Clutter
Too Many Passwords
Complex Enterprise
Application Landscape
On-Premise Web-Apps, Mobile Apps,
Hosted/Cloud Based Apps
Multiple Network
Types
Intranet and Internet
Shorter Cycles
Quick Development and Launch,
increasing business speed and
decreasing budgets!

www.uniken.com
THE REL-ID WIDGET
 Simple Client Side Software
that you download from
The REL-ID GATE on your
desktop/Laptop/Mobile
Phones/Tablets
 Configure your web-sites
on the REL-ID widget and
enter your private secure
internet world!
 The REL-ID Widget connects
to your configured web-
sites through the REL-ID
GATE (a cloud or on-
premise based Private
Internet Infrastructure)
Gate MyData
Connect MyCard
Settings Exit

www.uniken.com
VISUALS
(LAPTOPS/DESKTOPS)

www.uniken.com

www.uniken.com
Enter previously set Device
Pin

www.uniken.com

www.uniken.com
IB User Id will get
prepopulated

www.uniken.com
VISUALS
(MOBILE PHONES AND TABLETS)

www.uniken.com

www.uniken.com
REL-ID
Secure Client
App
Containers
Web-Apps are visible and
accessible only if they are
provisioned in REL-ID
GATETM
Desktop/Laptop REL-ID Widget
REL-ID Web App Viewer
(Micro-Web-Apps)
REL-ID Mobile APP Container
REL-ID Widget
securely connects to the
Web-Apps via R-PCC
REL-ID Web App-Viewer

www.uniken.com
REL-ID
GATE
REL-ID
GATE
App Management
Identity Management
Device Management
Authentication
(2FA/3FA)
Access Management
R-PCC* Over Intranet R-PCC* Over Internet
Secure
Channel
Enterprise Web-Apps
[Virtual Image]
Enterprise Mobile Apps
3rd Party Web-Apps
[Virtual Image]
3rd Party
Mobile Apps
Command Center
Secure
Channel
Employee
Partner
Customer
REL-ID Widget
(Secure Client
App Container)
Mobile Phones,
Tablets,
Desktops and
Laptops
*R-PCC:
REL-ID Private Communication Channel (Encrypted)
THE REL-ID ECOTM
Internet
Private
Data
Center

www.uniken.com
Network
REL-ID Private Communication Channel (R-PCC)
Mutually Authenticated Communication Handshake (MITM
Proof)
Encrypted Communication (optional), High-Speed and
Concurrent
Horizontally Scalable (Millions of End-Points)
Assets behind R-PCC are not visible to the Internet
and hence protected from various attacks
Requires zero admin privileges on end-user devices
Is created ON-DEMAND
Is agnostic to the underlying NETWORK (Internet or
Intranet)
RPCC Agent can be embedded in any third party application
stack (both software and firmware)
Application Application
REL-ID PCC
Agent
R-PCC (REL-ID Mutually Authenticated
and Encrypted Channel)
Internet or Intranet

www.uniken.com
Network
End-User Device
Laptop
Mobile Phone
Tablet
Desktop
REL-ID Secure Container
(Safe Zone)
REL-ID Secure (encrypted)
Data Zone
3rd Party
Browser
REL-ID Web-App
Viewer
Enterprise Apps
Desktop/Laptop/Mobile
REL-ID
Multi-Factor
Authentication
2FA/3FA
R-PCC Agent
R-PCC
REL-ID Secure Container Technology (R-SCT)
REL-ID Device Fingerprinting and
Binding
REL-ID
Device
Management
And Control
Module

What is wrong with the Internet? [On the foundations of internet security, fundamental flaws, and the way forward] | Turing100@Persistent

More Related Content

Similar to What is wrong with the Internet? [On the foundations of internet security, fundamental flaws, and the way forward] | Turing100@Persistent (20)

More from Persistent Systems Ltd. (17)

Recently uploaded (20)

What is wrong with the Internet? [On the foundations of internet security, fundamental flaws, and the way forward] | Turing100@Persistent