vol 9, issue 3

The Web at 25 – is it showing its age?

12 March 2014
By Edd Gent
Share |
Overcoming the weaknesses in the Web’s architecture will require

Overcoming the weaknesses in the Web’s architecture will require "significant investment" in the coming years

From humble beginnings as a means for physicists to share their data across the globe the World Wide Web has become the backbone of modern civilisation, but the inability of its creators to foresee its meteoric rise has resulted in shaky foundations.

When Web founder Sir Tim Berners-Lee first submitted his idea for a global information-sharing network 25 years ago today, while working at Swiss physics laboratory, Cern, the response from his boss was the brief: "Vague, but exciting."

Based on his earlier programme for storing information called Enquire, it was designed to allow physicists in universities and institutes around the world to work together by combining their knowledge in a web of hypertext documents.

But the potential of the network was quickly realised and by April 1993 the source code had been released free of charge along with a basic browser. By the end of the year there were more than 500 web servers, and by the end of 1994 there were 10,000 servers, 2,000 of them commercial serving  10 million users.

Today more than two-fifths of the world is online and there are an estimated 630 million websites, but despite the unprecedented adoption of the new technology its humble beginnings, in a time when the concept of hackers or running out of IP addresses were entirely alien, have resulted in an outdated and vulnerable architecture.

“It has been a huge success but it can’t go on the way it currently is,” said Dr Martyn Thomas, vice-president of the Royal Academy of Engineering and chair of the Institution of Engineering and Technology's IT Policy Panel. “The reason for that is because it has become part of the world’s critical infrastructure and it just isn’t engineered well enough to carry that responsibility.”

Significant investment

Vulnerabilities in the Web’s various protocols and architectural elements, let alone thousands of software components have created a situation where a “significant investment” into the Web’s infrastructure is needed to ensure the security of the system.

“If we’re going to build our whole civilisation on the Internet infrastructure then we better make the investment to make sure it operates properly,” said Thomas. He believes governments need to start investing similar amounts in the infrastructure of the virtual world as they do in the real world.

The first challenge is to bring about a widespread adoption of IP v6, the latest version of the Internet Protocol that routes traffic across the Internet, which was designed to address the depletion of the pool of unallocated IP addresses in the previous version – IP v4. Short term fixes such as the use of dynamic IP addresses are “a sticking plaster”, says Thomas.

But, while adoption of the new standard is slow and the Web faces an unprecedented tide of new internet connected devices with the rise machine-to-machine technology and the Internet of Things, capacity is still not Thomas’ major concern.

“My concern isn’t about robustness against volume. I think we can scale up the volume, we know the ways round the bottlenecks and we know where they are and we can reinforce those to provide extra capacity,” he said. “I’m concerned about protecting against people being malicious.”

He added: “As more and more transactions are going on on the web and affecting the real world, because they’re controlling autonomous vehicles or reporting health data back about whether someone’s about to have a heart attack, it’s going to be extremely important that all those transactions aren’t being interfered with maliciously.”

According to cyber security specialist Professor Alan Woodward, of the University of Surrey, in some ways the Web is a victim of its own success.

“A lot of the foundations laid down in those early days are in some ways coming back to bite us,” he said. “Of course, if you never imagined how big and complicated the building was going to be in the first place, you’re not going to have laid the best foundations.”

Protocol vulnerabilities

A rise of Distributed Reflection Denial of Service (DRDoS) targeting the Web’s Domain Name System (DNS) – the Web’s phonebook – and the Network Time Protocol (NTP) – used to synchronise clocks over a network – have highlighted some of these architectural vulnerabilities.

The attacks rely on IP spoofing, in which the source address for requests for information are set to that of the targeted victim so that all the replies flood the target, and target the DNS or NTP because the amount of data included in the answer is much greater than the amount in the question - 60 times greater with the DNS and 500 times greater with the NTP.

A DRDoS attack on the DNS servers of anti-spam service Spamhaus last year peaked at 300Gbps, but an attack on an unknown target exploiting the NTP vulnerability last month reached about 400 Gbps, according to cyber security firm Cloudflare.

Attacks targeting the DNS and NTP are fairly new, but Woodward points out that there are other obscure protocols built into the Web’s infrastructure waiting to be exploited – in particular those based upon User Datagram Protocol.

“The big question everyone is asking is ‘what do you do’. Do you wrap it all up and start again? Or do you try to get it to evolve? And that opens the question where does it evolve to?” he said.

Adoption of IP v6 could help address the Web’s architectural frailties and guidance from the Internet Engineering Task Force in their document BCP38 explains how to configure systems to prevent IP spoofing, but as with most of the Web’s problems, a lack of technical expertise is not the issue, says Woodward.

“The solutions to the problems are out there and they have been for some time,” he said. “People for some reason are not aware of them. We are failing to raise the appropriate awareness of these things before they become real problems. It’s reactive rather than proactive. We have the opportunity to be proactive, but unfortunately somehow we are not managing to put the message across.”

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Chair in Integrated Sensor Technology

    The University of Edinburgh
    • Edinburgh, City of Edinburgh

    The University of Edinburgh is one of the world’s top 20 institutions of higher education.....

    • Recruiter: The University of Edinburgh

    Apply for this job

  • Principal Electrical Engineer - Power

    BAE Systems
    • Bristol, England / Cumbria, Barrow-In-Furness, England
    • Negotiable

    Principal Electrical Engineer - Power Join our Electrical Power team and help design the self-contained generation and distribution system for the Successor submarine - a new generation of submarine designed to carry the UK's independent nuclear deterrent

    • Recruiter: BAE Systems

    Apply for this job

  • Operations Supervisor (Mechanical/Electrical/Instrumentation)

    National Grid
    • England, Cambridgeshire
    • £33000 - £39000 per annum

    Operations Supervisor - (Mechanical/Electrical/Instrumentation) Salary: Circa £33k - 39k dependant on experience + vehicle and great additional benefits (share scheme, pension, potential bonus).Location: Wisbech - Cambridgeshire We currently have an excit

    • Recruiter: National Grid

    Apply for this job

  • Lead NDT Trainer

    BAE Systems
    • England, Lancashire
    • Competitive package

    Would you like to be involved with training UK and international teams in Non Destructive Inspection (NDI) to support the in service fleet (Typhoon Tornado, and Hawk)?

    • Recruiter: BAE Systems

    Apply for this job

  • Systems Design - Emerging Portfolio

    MBDA
    • Bristol
    • Competitive Salary & Benefits

    What?s the opportunity?   There are fantastic opportunities in Systems Design for engineers to work within Future Systems. These are highly visible, fast paced roles, in...

    • Recruiter: MBDA

    Apply for this job

  • Metering Engineer

    Department for Business, Innovation and Skills
    • Teddington, United Kingdom
    • £24,109 - £27,961 plus EO Electronics PE of £8,090.00

    We are now looking for a Metering Engineer to deliver RD’s In-Service Testing (IST) scheme for gas and electricity meters.

    • Recruiter: Department for Business, Innovation and Skills

    Apply for this job

  • Head of Operational Estates

    Premium job

    The Shrewsbury and Telford Hospital NHS Trust
    • Shrewsbury, Shropshire
    • £46,625 to £57,640 per annum

    As an experienced Estates Manager, you will play a key role in helping to shape the future of the Estates service.

    • Recruiter: The Shrewsbury and Telford Hospital NHS Trust

    Apply for this job

  • Engineering Project Manager - Electrical & Automation

    Nestle
    • York, North Yorkshire
    • c£45,000 + Car Allowance + Bonus + Excellent Benefits

    Nestlé Product Technology Centre in York currently has an excellent opportunity for an Engineering Project Manager

    • Recruiter: Nestle

    Apply for this job

  • Assistant Professor (Tenure Track) of Smart Building Solutions

    Premium job

    ETH Zurich
    • Zurich, Canton of Zürich (CH)

    The successful candidate is expected to develop a strong and visible research programme in the area of control and diagnostics of building systems

    • Recruiter: ETH Zurich

    Apply for this job

  • Process Controls Leader

    Premium job

    Phillips 66
    • Humber Refinery, South Killingholme, North Lincolnshire DN40 3DW
    • £60k - 75k plus extensive Compensation and benefits package, dependent upon experience

    Experienced Process Control Leader providing leadership and technical support for Oil Refinery. Extensive Compensation and benefits package.

    • Recruiter: Phillips 66

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T