Our lives are increasingly dependent on the internet. It’s hard to get any work done if the internet goes down. Yet the internet was designed more than 30 years ago and is showing signs of age. Recent attacks have exposed the ugly underbelly of the internet along with some flaws in the internet’s original design.
Critical internet services can be taken offline by straightforward attacks like the recent distributed denial of service (DDoS) attack on domain name system (DNS) servers. Further, in the current internet architecture, users implicitly trust certain hidden services and intermediaries like domain name servers and certificate authorities (CAs). These trust points can be exploited to trick users into connecting to malicious websites like the recent incident where a Turkish CA issued false security certificates for Google.
Further, the internet lacks a built-in identity and authentication mechanism. In the absence of such mechanisms, services and applications built on the internet have had to create custom identity systems. These services store personal data, including passwords, for their custom identity systems and often get hacked. Last year, Yahoo! admitted to losing information for 500 million people
Let’s take a step back and look at the early design decisions that led us to today.
Is the Internet Broken?
The internet was originally designed to keep all application-specific logic at the edges. The internet is a “dumb network,” it doesn’t know what data it delivers and just transfers packets from point A to point B. This principle of not keeping complexity in the network and pushing all complexity and logic to the edges is called the end-to-end design principle by internet pioneer David Clark; it’s the most important design principle that shaped internet’s architecture.
The original end-to-end principle that guided internet design for the past decades did not explicitly account for trust and security. David Clark and Marjory Blumenthal updated the end-to-end principle in a 2011 article. According to the updated principle, called the trust-to-trust principle, a new internet design should:
- Give the end user explicit control over trust decisions, and
- Move trust from the core of the network to the edges.
This movement of trust from the core of the network to the edges is also called decentralization and marks a shift in how the internet is evolving. A big part of that shift comes from the advent of open blockchain networks like Bitcoin, Ethereum, and Zcash.
Blockchain networks are open networks that store data logs, called blockchains. Blockchain data is stored redundantly on all computers connected to the network. Only new data can be appended to blockchains, and historic logs cannot be modified or tampered with. Every connected computer can verify that new data being written to logs obeys the rules of the open blockchain network’s consensus mechanism. All nodes on the network have the same view of the blockchain data. The core of the network only helps with communication between nodes; edge nodes (every end user’s connected computer) don’t need to trust the core for anything.
Let’s look at three specific problems with current internet infrastructure and ways that open blockchain networks might offer solutions: domain name system, public key infrastructure, and digital identity.
Case Study: Domain Name System
When users type in cnn.com in their browser, the Domain Name System (DNS) translates that human-readable name to an IP address and helps the user find the right server for CNN. ICANN, a non-profit organization, manages DNS and the root servers. These servers are a central point of trust and failure; they can be taken offline by DDoS attacks and mappings for domains can be changed by either forcing changes to the DNS servers or by spoofing replies from them.
In the early days of the internet, there was no concept of names for nodes (clients or servers) connected to the network. Every node had an IP address, and you could connect to that node by using the IP address as the identifier on the network. By convention, network administrators maintained “hosts.txt” files where they would map human-readable names to IP addresses. Over time, the manual system of syncing host files was replaced by DNS.
There is a fundamental computer science challenge with building naming systems. There are three properties we might want a name to have: the name is (1) unique (meaning there is no situation where two people can independently create and use a unique name like cnn.com), (2) human-readable (a name should look like “Paul” not “1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa”), and (3) decentralized (names should be chosen by users at the edges of the network and not on behalf of users by a central authority at the center). The computer science challenge is that, before blockchains, naming systems only allowed for any two of those three properties, never all three at the same time. This limitation is called Zooko’s Triangle. For example, public keys are unique and decentralized as users can generate them on their computers without talking to any central service but they are not human-readable. Twitter handles are human-readable and unique, but not decentralized because Twitter, the company, controls the namespace. Nicknames are human-readable and decentralized (users can choose any nickname for anyone) but are not unique.
Blockchains square Zooko’s triangle, and for the first time it is possible to have human-meaningful names that are unique without using any centralized service.
There are several naming systems built using blockchains, like Blockstack, Namecoin, and BitShares. These naming systems make name registration decentralized, and no third party can take away ownership of domains from users. Users trust their personal computers, or servers that they run, instead of relying on remote DNS servers, significantly reducing the attack vector of DDoS. Blockchain-based naming can fix current serious problems with DNS. However, for now, much like other cryptocurrency projects, there are challenges around usability and wide-spread deployment of these new systems.
Case Study: Public-key Infrastructure
Digital certificates for websites are the foundational building block of internet security. When users see the “green lock sign,” they feel that they’re on a secure connection. In the background, their browser is checking the digital certificate of the website. What the “green lock sign” really means is that some Certificate Authority, like Verisign, issued a digital certificate to a website and the website has that certificate. The Certificate Authority can issue “malicious” certificates that impersonate businesses and websites without their permission and users would end up trusting the malicious certificates—a real problem that has happened several times in recent history (e.g., Turktrust, a Turkish CA, issued malicious certificates for Google.com).
A blockchain can be used as a global distribution mechanism for public keys and digital certificates. Since blockchains are extremely hard to tamper with and everyone sees the same information on blockchains, it would be impractical for an attacker to alter a certificate after it is issued or present incorrect information to only a subset of users. Also, a blockchain-based public-key infrastructure doesn’t have any central points of control or failure, (i.e., there are no central CAs that can be compromised to attack the system).
Current production systems like Blockstack or Namecoin, already provide public key associations with domain names and all domains, by default, get certificates. While efforts like Let’s Encrypt are reducing the cost of obtaining digital certificates and encouraging more websites to enable secure connections, a vast majority of the internet still runs on insecure connections. If the domain name system is built using a blockchain, then there is no option to run websites without security certificates and security is on by default.
Case Study: Digital Identity
Once users have established a secure connection to a website like Facebook.com they then login to websites with the custom digital identity that they created on that website (a username and a password). This model, along with advances in cloud computing, pushes all complexity and user data to the remote cloud and user devices exist as “dumb screens.” This is a full departure from the end-to-end design where user devices were meant to handle all complexity and logic.
Currently, there is no concept of a universal identity for internet users. Every time users create custom identities and data they’re getting locked into data silos (e.g. you have an identity that is understood by Facebook and data that Facebook stores), but you have separate identities and data with other data silos like Yahoo! or Google. This leads to centralized data and the data silos inevitably get hacked sooner or later (e.g., the recent hack of 500 million Yahoo! users).
Blockchains release users from these data silos by enabling them to login in a more secure way without the need to create new identities on new websites and without using any passwords. Blockchain-based identity systems, like Blockstack and uPort, enable users to control a unique identity recorded on the blockchain that can be recognized by any site, rather than a username and password combo that can only be recognized by the site that had you create an account.
Users can log in to websites by proving ownership of their identity. (Under the hood, users prove ownership of their identity by cryptographically signing a challenge from the website.) Since users can re-use their username and identity at any website, there is no need to create new accounts at new websites or use centralized login services like Facebook or Twitter login.
Conclusion
The problems with DNS, public-key infrastructure and custom identity systems are a direct result of trusting intermediaries and remote services. In a new secure internet, users should not trust anything on the network other than their machines. Blockchains enable this move from an end-to-end design to a trust-to-trust design for internet’s architecture, and, if executed correctly, this can be the single biggest upgrade that the internet infrastructure has ever seen. Given the current security issues of the internet, we desperately need this upgrade.
Muneeb Ali co-founded Blockstack, a new decentralized internet where users control their data and apps run without remote servers. He is a distributed systems PhD from Princeton and gives guest lectures on cloud computing and advanced operating systems there.