Last year’s revelations about the US government’s surveillance of online traffic were a wake-up call to provide better protection of user privacy and confidentiality — including the regular use of end-to-end cryptography at multiple levels in the protocol architecture. Vint Cerf, IEEE Fellow and vice president and chief Internet evangelist for Google, says that’s only the first step — an important caution from someone whose word is considered guru wisdom. Widely known as one of the “Fathers of the Internet,” Cerf is co-designer of the TCP/IP protocols and the Internet architecture. In his role at Google, he is responsible for identifying new enabling technologies to support the development of advanced Internet-based products and services.
In a recent article for IEEE Internet Computing, entitled “Unfinished Business,” Cerf writes that the use of all layers of security, including Transport Layer Security at the TCP and UDP layers or the Hypertext Transport Layer (HTTPS), should be re-evaluated to provide stronger protection. Furthermore, he writes, using public-key methods and cryptographic certificates doesn’t guarantee safe transmission of data because man in the middle (MitM) attacks have intercepted both the sending and receiving protocols, and certificate authorities have been compromised. For details on these and other important exposures and potential remedies he discusses, read the full article on the IEEE Computer Society’s website. Resource Links: