vol 9, issue 3

The Web at 25 – is it showing its age?

12 March 2014
By Edd Gent
Share |
Overcoming the weaknesses in the Web’s architecture will require

Overcoming the weaknesses in the Web’s architecture will require "significant investment" in the coming years

From humble beginnings as a means for physicists to share their data across the globe the World Wide Web has become the backbone of modern civilisation, but the inability of its creators to foresee its meteoric rise has resulted in shaky foundations.

When Web founder Sir Tim Berners-Lee first submitted his idea for a global information-sharing network 25 years ago today, while working at Swiss physics laboratory, Cern, the response from his boss was the brief: "Vague, but exciting."

Based on his earlier programme for storing information called Enquire, it was designed to allow physicists in universities and institutes around the world to work together by combining their knowledge in a web of hypertext documents.

But the potential of the network was quickly realised and by April 1993 the source code had been released free of charge along with a basic browser. By the end of the year there were more than 500 web servers, and by the end of 1994 there were 10,000 servers, 2,000 of them commercial serving  10 million users.

Today more than two-fifths of the world is online and there are an estimated 630 million websites, but despite the unprecedented adoption of the new technology its humble beginnings, in a time when the concept of hackers or running out of IP addresses were entirely alien, have resulted in an outdated and vulnerable architecture.

“It has been a huge success but it can’t go on the way it currently is,” said Dr Martyn Thomas, vice-president of the Royal Academy of Engineering and chair of the Institution of Engineering and Technology's IT Policy Panel. “The reason for that is because it has become part of the world’s critical infrastructure and it just isn’t engineered well enough to carry that responsibility.”

Significant investment

Vulnerabilities in the Web’s various protocols and architectural elements, let alone thousands of software components have created a situation where a “significant investment” into the Web’s infrastructure is needed to ensure the security of the system.

“If we’re going to build our whole civilisation on the Internet infrastructure then we better make the investment to make sure it operates properly,” said Thomas. He believes governments need to start investing similar amounts in the infrastructure of the virtual world as they do in the real world.

The first challenge is to bring about a widespread adoption of IP v6, the latest version of the Internet Protocol that routes traffic across the Internet, which was designed to address the depletion of the pool of unallocated IP addresses in the previous version – IP v4. Short term fixes such as the use of dynamic IP addresses are “a sticking plaster”, says Thomas.

But, while adoption of the new standard is slow and the Web faces an unprecedented tide of new internet connected devices with the rise machine-to-machine technology and the Internet of Things, capacity is still not Thomas’ major concern.

“My concern isn’t about robustness against volume. I think we can scale up the volume, we know the ways round the bottlenecks and we know where they are and we can reinforce those to provide extra capacity,” he said. “I’m concerned about protecting against people being malicious.”

He added: “As more and more transactions are going on on the web and affecting the real world, because they’re controlling autonomous vehicles or reporting health data back about whether someone’s about to have a heart attack, it’s going to be extremely important that all those transactions aren’t being interfered with maliciously.”

According to cyber security specialist Professor Alan Woodward, of the University of Surrey, in some ways the Web is a victim of its own success.

“A lot of the foundations laid down in those early days are in some ways coming back to bite us,” he said. “Of course, if you never imagined how big and complicated the building was going to be in the first place, you’re not going to have laid the best foundations.”

Protocol vulnerabilities

A rise of Distributed Reflection Denial of Service (DRDoS) targeting the Web’s Domain Name System (DNS) – the Web’s phonebook – and the Network Time Protocol (NTP) – used to synchronise clocks over a network – have highlighted some of these architectural vulnerabilities.

The attacks rely on IP spoofing, in which the source address for requests for information are set to that of the targeted victim so that all the replies flood the target, and target the DNS or NTP because the amount of data included in the answer is much greater than the amount in the question - 60 times greater with the DNS and 500 times greater with the NTP.

A DRDoS attack on the DNS servers of anti-spam service Spamhaus last year peaked at 300Gbps, but an attack on an unknown target exploiting the NTP vulnerability last month reached about 400 Gbps, according to cyber security firm Cloudflare.

Attacks targeting the DNS and NTP are fairly new, but Woodward points out that there are other obscure protocols built into the Web’s infrastructure waiting to be exploited – in particular those based upon User Datagram Protocol.

“The big question everyone is asking is ‘what do you do’. Do you wrap it all up and start again? Or do you try to get it to evolve? And that opens the question where does it evolve to?” he said.

Adoption of IP v6 could help address the Web’s architectural frailties and guidance from the Internet Engineering Task Force in their document BCP38 explains how to configure systems to prevent IP spoofing, but as with most of the Web’s problems, a lack of technical expertise is not the issue, says Woodward.

“The solutions to the problems are out there and they have been for some time,” he said. “People for some reason are not aware of them. We are failing to raise the appropriate awareness of these things before they become real problems. It’s reactive rather than proactive. We have the opportunity to be proactive, but unfortunately somehow we are not managing to put the message across.”

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1604

"Should the UK's engineers be in or out of Europe? The IET sets out its official position on the EU referendum this week - will you agree?"


E&T jobs

  • Solutions Engineer

    Bristol Water
    • United Kingdom
    • £41,000 - 49,000

    We serve a population of over one million people and all the associated businesses in an area of 1,000 square miles centered on Bristol.

    • Recruiter: Bristol Water

    Apply for this job

  • Senior Mechanical Engineer

    Bristol Water
    • United Kingdom
    • £41,000 - 49,000

    We serve a population of over one million people and all the associated businesses in an area of 1,000 square miles centered on Bristol.

    • Recruiter: Bristol Water

    Apply for this job

  • Software Renewals Manager

    BAE Systems
    • Preston, Lancashire, England
    • Negotiable

    Software Renewals Manager Would you like to work in a resourceful and developing role within IT Services? We currently have a vacancy for a Software Renewals Manager at our site in Preston Channel Way. As a Software Renewals Manager, you will be responsi

    • Recruiter: BAE Systems

    Apply for this job

  • Technical Manager

    Aggregate Industries
    • Hulland Ward, Ashbourne
    • Attractive salary plus comprehensive benefits

    A key Technical Manager role driving product improvement and compliance with Aggregate Industries, market leader in Construction Solutions.

    • Recruiter: Aggregate Industries

    Apply for this job

  • Field Application Engineer

    • Madrid

    Responsible for giving product presentations to the customer describing how Intel products provide the optimum solution to their application.

    • Recruiter: Intel

    Apply for this job

  • Engineers and Scientists

    European Patent Office
    • Munich and The Hague
    • See job description

    We are looking for Engineers and scientists in various technical fields for our locations in Munich and The Hague.

    • Recruiter: European Patent Office

    Apply for this job

  • Director of Product Management

    EMS Recruitment Group
    • West Yorkshire
    • Circa £70,000 PA + car allowance, excellent benefits including lucrative bonus scheme

    Our client is the undoubted world leader in their field. A highly innovative and progressive specialist electro-mechanical product manufacturer....

    • Recruiter: EMS Recruitment Group

    Apply for this job

  • Electrical Engineer

    Premium job

    Scottish Prison Service
    • Edinburgh, City of Edinburgh
    • £40,654 to £48,579 plus annual supplement of £10,000

    Build Your Engineering Career. The Scottish Prison Service (SPS) is an Agency of the Scottish Government, working in partnership.....

    • Recruiter: Scottish Prison Service

    Apply for this job

  • Sales Electronics Engineer

    Premium job

    Precision Microdrives
    • London (Greater)
    • £25,000 - £30,000 starting salary, inclusive of on-target commissions.

    Precision Microdrives (PMD) is a fast growing technology company that designs, produces and trades miniature electro-mechanical mechanisms

    • Recruiter: Precision Microdrives

    Apply for this job

  • Installation and Commissioning Engineer

    Premium job

    Crest Solutions
    • Corby
    • Competitive

    You will be involved in installation, commissioning & servicing of printing and machine vision related solutions.

    • Recruiter: Crest Solutions

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T