The Fundamental Flaw in TCP/IP: Connecting Everything

Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.

Jeff Hussey, President & CEO, Tempered Networks

May 17, 2017

5 Min Read

It probably seemed like science fiction back in 1962 when a scientist from MIT and the Advanced Research Projects Agency (ARPA) named J.C.R. Licklider proposed that the United States develop a "galactic network" of computers to talk to each other in the event of a military strike from the Soviet Union that could knock out our fragile copper wire-based telephone network.

More specifically, the idea was to enable military leaders throughout the country to communicate during a nuclear war. In that way, you could say that the Internet was created out of fear or even paranoia, which isn't really such an uncommon source of ingenuity.

A few years later, a top-secret project known as ARPANET brainstormed the idea of packet switching to break down data to be sent off to specific destinations. In short, this enabled data to be transmitted from end-to-end by computers, completely unreliant on the existing telephone network.

Finally, in 1969, the first word was officially communicated via packet switching from one machine to another, when a research lab computer at UCLA transmitted "LOGIN" to another research lab computer at Stanford. We can assume that uproarious applause and hand-shaking ensued immediately, but so did a massive crash of the entire network. Albeit very brief, communication was nonetheless successfully established and a nationwide technological victory was announced. ARPANET would subsequently evolve into something well-suited for global utilization known as the Internet, and the world has never been the same since.

The Trouble with Connecting Everything
All respect to Al Gore and others claiming individual responsibility aside, one single inventor cannot lay claim to the birth, growth, and evolution of one of the greatest inventions of all time — the Internet. Rather, it is an excellent example of superior innovation spawned from some of the truly great scientific and technological minds in the world — elite scientists from MIT, UCLA, Stanford, and other technological leaders with a clear and shared vision of a truly connected world. It was a collaborative effort that produced unprecedented levels of communication, massive leaps in technology, and a fair amount of trouble mixed in.

That fair amount of trouble comes from the architecture that runs the Internet itself. It's TCP/IP that has been the engine that makes the Internet go from its very inception, decades ago. The fundamental flaw in that engine's design is that it was invented with the idea of connecting everything. Unfortunately, when you connect everything, you invite hackers, cybercriminals, and even international espionage.

If it's true that fear or paranoia was used in a beneficial way to spark the creative concept of the Internet in the first place (and it is), perhaps we should use that same incentive to push technology in the direction of something better once again — something to properly address and eliminate that fear.

The fundamental flaw within TCP/IP is in its inherent openness, which consequently results in a lack of security. This openness is largely a by-product of the address-defined nature of TCP/IP. In layman's terms, the security problem arises because TCP/IP uses the address of a connected device to serve the dual purpose of identifying that device as well. This creates a network vulnerability that is very visible and spoofable to users of malicious intent all over the world. With identity being used simultaneously as a device's address, hackers can simply mock a valid IP address to gain access into your network, where they can steal data, disrupt service, and wreak large-scale technological havoc.

It's already happened numerous times, and has been well publicized often enough as well, but network intrusion can be disastrous. Do you want to be the IT manager saddled with the overall responsibility and recovery from a massive data breach, a significant loss-inducing service outage, or a larger-than-life mess to unravel before getting your network up to speed again? Undoubtedly, the answer is no, and that's why we need to properly address that concern (fear) by improving the engine that continues to fuel the modern-day Internet, over 30 years after its inception, when ARPANET adopted TCP/IP in January 1983.

Host Identity Protocol as the Solution
Don't get me wrong; TCP/IP isn't going anywhere. It's firmly rooted in the fabric of today's Internet communications. What we need to do, however, is address that fundamental flaw by moving from an ideology of "address"-defined networks to "identity"-defined networks that connect only provable identified devices or things. This brings us to the fairly recent invention of Host Identity Protocol (HIP).

HIP is an open Internet Engineering Task Force (IETF) standard designed to address the security hole within TCP/IP. By inserting a unique cryptographic identity (CID) into the communications stack (i.e., a Host Identity), HIP separates identity from the location of the host. Hosts can change their IP location, but retain their strong CID. By doing this, we're now able to secure network devices and vulnerable "things" with provable identities. And, because HIP hides the IP footprint of devices and networks, you're able to cloak them so bad actors or any untrusted devices cannot find them. 

HIP also introduces a new Host Identity Namespace (HIN), which is complementary to the current IP and DNS Namespaces. The HIN is what provides global host mobility and migration, overcoming many of the fragile and costly challenges associated with basing networking and security policies on public and private IP addresses.

HIP was originally used for military purposes, deployed within the defense and aerospace industry as a cost-efficient and scalable solution to safeguard sensitive communications in severe threat environments. It's also worth noting that HIP is compatible with IPv4 and IPv6 applications.

Now, the power and technological advantage provided by HIP for secure and flexible connectivity can be used effectively in your network as well. Combined with enterprise-class orchestration and built-in military-grade encryption, you can connect and cloak a single device, such as a laptop or robot, or up to thousands of ATMs, servers, or windmills — deployed anywhere in the world.

HIP enables a much-needed paradigm shift from connecting "everything" to connecting only "provable identities."

Related Content:

About the Author(s)

Jeff Hussey

President & CEO, Tempered Networks

Jeff Hussey is president and CEO of Tempered Networks. Hussey, the founder of F5 Networks, is an accomplished entrepreneur with a proven track record in the networking and security markets. He maintains several board positions across a variety of technology, non-profit and philanthropic organizations and currently is the chairman of the board for Carena and chairman and co-owner of Ecofiltro and PuraVidaCreateGood. Hussey also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights