vol 9, issue 3

The Web at 25 – is it showing its age?

12 March 2014
By Edd Gent
Share |
Overcoming the weaknesses in the Web’s architecture will require

Overcoming the weaknesses in the Web’s architecture will require "significant investment" in the coming years

From humble beginnings as a means for physicists to share their data across the globe the World Wide Web has become the backbone of modern civilisation, but the inability of its creators to foresee its meteoric rise has resulted in shaky foundations.

When Web founder Sir Tim Berners-Lee first submitted his idea for a global information-sharing network 25 years ago today, while working at Swiss physics laboratory, Cern, the response from his boss was the brief: "Vague, but exciting."

Based on his earlier programme for storing information called Enquire, it was designed to allow physicists in universities and institutes around the world to work together by combining their knowledge in a web of hypertext documents.

But the potential of the network was quickly realised and by April 1993 the source code had been released free of charge along with a basic browser. By the end of the year there were more than 500 web servers, and by the end of 1994 there were 10,000 servers, 2,000 of them commercial serving  10 million users.

Today more than two-fifths of the world is online and there are an estimated 630 million websites, but despite the unprecedented adoption of the new technology its humble beginnings, in a time when the concept of hackers or running out of IP addresses were entirely alien, have resulted in an outdated and vulnerable architecture.

“It has been a huge success but it can’t go on the way it currently is,” said Dr Martyn Thomas, vice-president of the Royal Academy of Engineering and chair of the Institution of Engineering and Technology's IT Policy Panel. “The reason for that is because it has become part of the world’s critical infrastructure and it just isn’t engineered well enough to carry that responsibility.”

Significant investment

Vulnerabilities in the Web’s various protocols and architectural elements, let alone thousands of software components have created a situation where a “significant investment” into the Web’s infrastructure is needed to ensure the security of the system.

“If we’re going to build our whole civilisation on the Internet infrastructure then we better make the investment to make sure it operates properly,” said Thomas. He believes governments need to start investing similar amounts in the infrastructure of the virtual world as they do in the real world.

The first challenge is to bring about a widespread adoption of IP v6, the latest version of the Internet Protocol that routes traffic across the Internet, which was designed to address the depletion of the pool of unallocated IP addresses in the previous version – IP v4. Short term fixes such as the use of dynamic IP addresses are “a sticking plaster”, says Thomas.

But, while adoption of the new standard is slow and the Web faces an unprecedented tide of new internet connected devices with the rise machine-to-machine technology and the Internet of Things, capacity is still not Thomas’ major concern.

“My concern isn’t about robustness against volume. I think we can scale up the volume, we know the ways round the bottlenecks and we know where they are and we can reinforce those to provide extra capacity,” he said. “I’m concerned about protecting against people being malicious.”

He added: “As more and more transactions are going on on the web and affecting the real world, because they’re controlling autonomous vehicles or reporting health data back about whether someone’s about to have a heart attack, it’s going to be extremely important that all those transactions aren’t being interfered with maliciously.”

According to cyber security specialist Professor Alan Woodward, of the University of Surrey, in some ways the Web is a victim of its own success.

“A lot of the foundations laid down in those early days are in some ways coming back to bite us,” he said. “Of course, if you never imagined how big and complicated the building was going to be in the first place, you’re not going to have laid the best foundations.”

Protocol vulnerabilities

A rise of Distributed Reflection Denial of Service (DRDoS) targeting the Web’s Domain Name System (DNS) – the Web’s phonebook – and the Network Time Protocol (NTP) – used to synchronise clocks over a network – have highlighted some of these architectural vulnerabilities.

The attacks rely on IP spoofing, in which the source address for requests for information are set to that of the targeted victim so that all the replies flood the target, and target the DNS or NTP because the amount of data included in the answer is much greater than the amount in the question - 60 times greater with the DNS and 500 times greater with the NTP.

A DRDoS attack on the DNS servers of anti-spam service Spamhaus last year peaked at 300Gbps, but an attack on an unknown target exploiting the NTP vulnerability last month reached about 400 Gbps, according to cyber security firm Cloudflare.

Attacks targeting the DNS and NTP are fairly new, but Woodward points out that there are other obscure protocols built into the Web’s infrastructure waiting to be exploited – in particular those based upon User Datagram Protocol.

“The big question everyone is asking is ‘what do you do’. Do you wrap it all up and start again? Or do you try to get it to evolve? And that opens the question where does it evolve to?” he said.

Adoption of IP v6 could help address the Web’s architectural frailties and guidance from the Internet Engineering Task Force in their document BCP38 explains how to configure systems to prevent IP spoofing, but as with most of the Web’s problems, a lack of technical expertise is not the issue, says Woodward.

“The solutions to the problems are out there and they have been for some time,” he said. “People for some reason are not aware of them. We are failing to raise the appropriate awareness of these things before they become real problems. It’s reactive rather than proactive. We have the opportunity to be proactive, but unfortunately somehow we are not managing to put the message across.”

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Electrical Design Engineer

    Oxford Instruments
    • Yatton, Bristol
    • Competitive salary plus excellent benefits

    We are looking for an electrical designer to join our engineering design team.

    • Recruiter: Oxford Instruments

    Apply for this job

  • Skilled Electrical Fitter

    • Bolton
    • Competitive Salary & Benefits

    What?s the opportunity?   The Electrical Fitter will carry out manufacturing and test tasks within the electrical department in accordance with product certification procedures, defined workmanship  ...

    • Recruiter: MBDA

    Apply for this job

  • Electrical Manufacturing Technician

    • Stevenage
    • Competitive Salary & Benefits

    What?s the opportunity?   As a qualified craftsman with experience in electrical manufacturing, the Manufacturing Technician will report to a Team Leader, receiving day to day ...

    • Recruiter: MBDA

    Apply for this job

  • Consultant Engineer (Electrical Power)

    BAE Systems
    • Cumbria, Barrow-In-Furness, England
    • Negotiable

    Consultant Engineer (Electrical Power) Would you like to play a key role in providing technical direction to the design of power systems on the Successor class submarines, which will replace the current Trident-equipped Vanguard class, currently in servic

    • Recruiter: BAE Systems

    Apply for this job

  • Electrician

    The Bristol Port Company
    • City of Bristol
    • C. £31,729 per annum plus supplements, benefits and overtime

    You’re a good team worker with a strong technical capacity – so bring your talents to a new role with one of the area’s leading employers.

    • Recruiter: The Bristol Port Company

    Apply for this job

  • Supply Restoration Team Manager (HV/SAP)

    • Oxford, Oxfordshire
    • Salary: £37,588 to £49,645 + Car (SSE8) Depending on skills and experience

    SSE is looking to recruit a Supply Restoration Team Manager to join our existing team in Oxford.

    • Recruiter: SSE

    Apply for this job

  • Electrical Technical Lead - Global Operations, Engineering & Laboratory

    Pfizer Ltd
    • Kent

    An exciting opportunity has arisen to join a dynamic team of professional engineers, supporting the development of novel drugs.

    • Recruiter: Pfizer Ltd

    Apply for this job

  • Supply Restoration Team Manager (HV/SAP)

    • Oxfordshire
    • Salary: £37,588 to £49,645 + Car (SSE8) Depending on skills and experience

    SSE is looking to recruit a Supply Restoration Team Manager into our office in Oxford.

    • Recruiter: SSE

    Apply for this job

  • Electronics & Control Systems Engineer

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Glasgow, Plymouth, Warrington
    • £ Competitive + Benefits

    We are seeking talented Electronics Engineers at all career levels.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

  • Control and Instrumentation Engineers

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Glasgow, Gloucester
    • £ Competitive + Benefits

    Frazer-Nash is currently embarking on a period of significant growth of our electrical, electronics, control and instrumentation capability.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T