vol 9, issue 3

The Web at 25 – is it showing its age?

12 March 2014
By Edd Gent
Share |
Overcoming the weaknesses in the Web’s architecture will require

Overcoming the weaknesses in the Web’s architecture will require "significant investment" in the coming years

From humble beginnings as a means for physicists to share their data across the globe the World Wide Web has become the backbone of modern civilisation, but the inability of its creators to foresee its meteoric rise has resulted in shaky foundations.

When Web founder Sir Tim Berners-Lee first submitted his idea for a global information-sharing network 25 years ago today, while working at Swiss physics laboratory, Cern, the response from his boss was the brief: "Vague, but exciting."

Based on his earlier programme for storing information called Enquire, it was designed to allow physicists in universities and institutes around the world to work together by combining their knowledge in a web of hypertext documents.

But the potential of the network was quickly realised and by April 1993 the source code had been released free of charge along with a basic browser. By the end of the year there were more than 500 web servers, and by the end of 1994 there were 10,000 servers, 2,000 of them commercial serving  10 million users.

Today more than two-fifths of the world is online and there are an estimated 630 million websites, but despite the unprecedented adoption of the new technology its humble beginnings, in a time when the concept of hackers or running out of IP addresses were entirely alien, have resulted in an outdated and vulnerable architecture.

“It has been a huge success but it can’t go on the way it currently is,” said Dr Martyn Thomas, vice-president of the Royal Academy of Engineering and chair of the Institution of Engineering and Technology's IT Policy Panel. “The reason for that is because it has become part of the world’s critical infrastructure and it just isn’t engineered well enough to carry that responsibility.”

Significant investment

Vulnerabilities in the Web’s various protocols and architectural elements, let alone thousands of software components have created a situation where a “significant investment” into the Web’s infrastructure is needed to ensure the security of the system.

“If we’re going to build our whole civilisation on the Internet infrastructure then we better make the investment to make sure it operates properly,” said Thomas. He believes governments need to start investing similar amounts in the infrastructure of the virtual world as they do in the real world.

The first challenge is to bring about a widespread adoption of IP v6, the latest version of the Internet Protocol that routes traffic across the Internet, which was designed to address the depletion of the pool of unallocated IP addresses in the previous version – IP v4. Short term fixes such as the use of dynamic IP addresses are “a sticking plaster”, says Thomas.

But, while adoption of the new standard is slow and the Web faces an unprecedented tide of new internet connected devices with the rise machine-to-machine technology and the Internet of Things, capacity is still not Thomas’ major concern.

“My concern isn’t about robustness against volume. I think we can scale up the volume, we know the ways round the bottlenecks and we know where they are and we can reinforce those to provide extra capacity,” he said. “I’m concerned about protecting against people being malicious.”

He added: “As more and more transactions are going on on the web and affecting the real world, because they’re controlling autonomous vehicles or reporting health data back about whether someone’s about to have a heart attack, it’s going to be extremely important that all those transactions aren’t being interfered with maliciously.”

According to cyber security specialist Professor Alan Woodward, of the University of Surrey, in some ways the Web is a victim of its own success.

“A lot of the foundations laid down in those early days are in some ways coming back to bite us,” he said. “Of course, if you never imagined how big and complicated the building was going to be in the first place, you’re not going to have laid the best foundations.”

Protocol vulnerabilities

A rise of Distributed Reflection Denial of Service (DRDoS) targeting the Web’s Domain Name System (DNS) – the Web’s phonebook – and the Network Time Protocol (NTP) – used to synchronise clocks over a network – have highlighted some of these architectural vulnerabilities.

The attacks rely on IP spoofing, in which the source address for requests for information are set to that of the targeted victim so that all the replies flood the target, and target the DNS or NTP because the amount of data included in the answer is much greater than the amount in the question - 60 times greater with the DNS and 500 times greater with the NTP.

A DRDoS attack on the DNS servers of anti-spam service Spamhaus last year peaked at 300Gbps, but an attack on an unknown target exploiting the NTP vulnerability last month reached about 400 Gbps, according to cyber security firm Cloudflare.

Attacks targeting the DNS and NTP are fairly new, but Woodward points out that there are other obscure protocols built into the Web’s infrastructure waiting to be exploited – in particular those based upon User Datagram Protocol.

“The big question everyone is asking is ‘what do you do’. Do you wrap it all up and start again? Or do you try to get it to evolve? And that opens the question where does it evolve to?” he said.

Adoption of IP v6 could help address the Web’s architectural frailties and guidance from the Internet Engineering Task Force in their document BCP38 explains how to configure systems to prevent IP spoofing, but as with most of the Web’s problems, a lack of technical expertise is not the issue, says Woodward.

“The solutions to the problems are out there and they have been for some time,” he said. “People for some reason are not aware of them. We are failing to raise the appropriate awareness of these things before they become real problems. It’s reactive rather than proactive. We have the opportunity to be proactive, but unfortunately somehow we are not managing to put the message across.”

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1605

"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"

E&T jobs

  • Senior Development Engineer, Electronics

    Premium job

    Helmet Integrated Systems / Gentex Corporation
    • Letchworth Garden City, Hertfordshire
    • Competitive

    We are an innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new sol..

    • Recruiter: Helmet Integrated Systems / Gentex Corporation

    Apply for this job

  • Smart Grid Research Engineer

    Premium job

    University of Strathclyde
    • Cumbernauld, Glasgow
    • Grade: 6/7* £26,537 - £37,768*

    Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing

    • Recruiter: University of Strathclyde

    Apply for this job

  • Electrical Asset Specialist

    Affinity Water
    • Hatfield, Hertfordshire

    Responsible for updating and writing electrical engineering standards, approved codes of practice and safe systems of work

    • Recruiter: Affinity Water

    Apply for this job

  • Senior Electronics Engineer

    York Instruments
    • York, North Yorkshire

    Senior electronics engineer to work as part of a team developing an MEG imaging system; working with the engineering team and external contractors.

    • Recruiter: York Instruments

    Apply for this job

  • Manufacturing Engineer - Circuit Card Assembly

    MBDA
    • Lostock Junction
    • Competitive Salary & Benefits

    What’s the opportunity?   Manufacturing UK is an integral part of the Operations Directorate whose principal mission is to ensure that MBDA’s deliverable commitments are met...

    • Recruiter: MBDA

    Apply for this job

  • High Voltage Engineer

    Premium job

    Essex X-Ray & Medical Equipment
    • Great Dunmow, Essex

    This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.

    • Recruiter: Essex X-Ray & Medical Equipment

    Apply for this job

  • Team Leader - Flank Arrays

    BAE Systems
    • Barrow-In-Furness, Cumbria, England
    • Negotiable

    Team Leader - Flank Arrays Would you like to work in a unique role within the construction of the Astute Class submarines? We currently have a vacancy for a Team Leader - Flank Arrays at our site in Barrow-in-Furness. As a Team Leader - Flank Arrays, you

    • Recruiter: BAE Systems

    Apply for this job

  • Electronics and Software Engineer

    Copley Scientific Ltd
    • Nottingham
    • circa £35,000 per annum + bonus

    Develop new test equipment for the pharmaceutical industry. Good opportunities to grow and develop. Successful family-owned and managed business.

    • Recruiter: Copley Scientific Ltd

    Apply for this job

  • Bridge Test Facility Manager

    BAE Systems
    • Shropshire, Telford, England
    • Negotiable

    Bridge Test Facility ManagerWe currently have a vacancy for a Bridge Test Facility Manager at our site in Telford with our Land UK business.As the Bridge Test Facility Manager, you will be part of our Test & Trials team, working closely with the Mili

    • Recruiter: BAE Systems

    Apply for this job

  • Intelligent Transport Systems Engineer - Highways Technology

    Premium job

    Mott MacDonald
    • Birmingham, West Midlands

    Our transport technology team in Birmingham is currently growing a highly skilled and customer-focused team to...

    • Recruiter: Mott MacDonald

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T