The internet is characterized by a multitude of connected devices which communicate directly with each other. These connected devices run common operating systems and applications.
The TCP/IP protocol have not been designed with security in mind. Security concerns have risen as a result of malicious activity over the Internet. As it turns out the TCP/IP protocol along with the hosts connected to the internet are inherently susceptible to malicious attacks. This is due at least partly to the lack of secure design at their infrastructure, the operating systems using them as well as human factors such as weak passwords or phishing attacks.
The problems of internet security have been summed up by a hacker named The Lamb, who said: “There is no real safe, sacred ground on the internet. Whatever you do on the internet is an attack surface of some sort and is just something that you live with”.
The current situation today is described well by the above quote but the question is stated, is there something that can be done to create a safe sacred ground on the internet that completely removes attack surface from the internet? Is the attack surface really something we must live with?
One of the objects of the present disclosure is to show how a creation of such safe ground that completely removes internet attack surface can be accomplished, without modification to the internet keeping it as it is today.
In order to create a safe place on the internet to communicate with no internet attack surface, we will look to another network that is ubiquitously deployed and that is the electricity network. The electric network transmits electricity from the electric plant to each home spanning cities and countries. The electricity travels in alternating current—AC. However when a device connects to the electric AC network it has an AC/DC adapter.
The AC/DC adapter provides two things for the device. First it disconnects the device from the AC network making it unaware of the alternating current or other users of the network. Secondly it allows the device to draw power from the AC network.
We will look into using this AC/DC model for the internet and for allowing communication over the internet with no internet attack surface. We will call our current existing internet and the devices that connect to the internet as ac devices or ac. We will call the devices that have no internet attack surface as dc devices or dc. Since this disclosure has no relation to electricity, ac devices will be used throughout this disclosure for the internet connected devices while dc devices will be used throughout this disclosure as the isolated devices.
In this disclosure we will present a dc environment or dc domain for using and communicating over the internet with no internet attack surface. Removing attack surface from the internet includes several aspects put together as follows. A dc device may be connected to ac devices or ac internet using an ac/dc adapter. The ac/dc adapter has the roles of separating dc data from ac universe as well as the containment of dc data within the dc device. The ac/dc adapter is the starting point of the user dc environment. The ac/dc adapter only executes signed programs, preferable small programs with no OS. The signed program completely separates the dc device from the ac device as well as controls the dc device for loading its authenticated image and for rebooting it at various times. A booting reset of the dc device by the ac/dc adapter may take place at every application completion time so that no leftovers from a previous instance are left.
A user is able to interact with the dc device through a dc terminal. The dc terminal may use the ac device terminal, which may be referred to as the user internet connected device input/output interfaces, while maintaining the isolation of the dc device. The dc terminal may use an authenticating image presented to the user in order to authenticate the dc device to the user. The dc terminal and authentication image are explained in U.S. patent application Ser. No. 14/231,482 and Ser. No. 14/231,500 by the present inventor and are brought in their entirety here. These applications will be referred to in the present disclosure as the initial applications.
The removal of attack surface from the network or internet for a dc device is meant that the attack surface from the ac domain is halted at the ac/dc adapter which forms a separation or a barrier, between the domains as well as isolate each dc instance from other dc instances.
A dc device is able to communicate through the ac/dc adapter, with a dc server in the dc domain. This means that the dc device is able to communicate with the dc server over the internet with no internet attack surface. This may take place for example, by manufacturing the ac/dc adapter next to the dc server and pairing them to communicate in the dc domain.
This way a user may use the dc terminal to communicate with the dc server as well as with other dc devices of other users over the internet with no internet attack surface.
The uses for such a dc domain and its applications may be authentication with no need for passwords, sending email messages, chat, payments, purchases, cloud applications, document handling and sharing, file handling, medical devices, SMAC and so forth, all over the internet with no internet attack surface.
Specific cases for utilizing the dc domain may be digital wallet, IoT and smart vehicles, all communicating over the internet with no internet attack surface. Browsing the web on the dc as well as content sending and advertising in the dc domain is explained, taking place over the internet with no internet attack surface.
Also discussed are server frameworks in the dc domain. Such dc server frameworks may serve various requirements in the dc domain such as content and ad serving, document editing for single and multiple users, mail services, payment services, web browsing, anonymizers, web browsing and user authenticators, various database uses, digital voting as well as others.
Such services in the dc domain may be used for example using user applications or through the cloud using cloud storage and a cloud secure framework.
Such secure services may allow a user to view secure content, receive secure ads relevant to the secure contents, click on these secure ads to securely purchase and pay for the goods or services all within the dc universe, making the dc universe a full environment that is similar to the current ac universe but with no internet attack surface.
The advantages of using the dc device may include anonymity, securing content, securing ads serving, secure online document sharing, secure IoT, securing vehicle computing systems and communication, securing medical devices and SMAC and generally securing services over the internet. In addition to these, there is also the additional possibility of eliminating passwords, ending email spam, end of phishing, end of social engineering, end of the trust model and certificate authorities, controlling document and data such as being allowed to read/modify/send onwards/delete/notify originator of forwarding a document, mobile financial services, mobile payments, authentication, secure online document support also for multi users, anonymizing data access, working with CDN servers for supporting the dc domain for serving content etc.
The prevention of phishing, Trojans, malware, key loggers, screen capture and so forth in the dc domain is important in order to establish the isolated dc environment separately from the current ac environment. This means that setting key loggers and screen captures on the ac device will not affect the dc device.
The platforms that the dc environment can work on is not limited and includes PCs, mobiles. Tablets, smartphones, IoT, medical devices, vehicles, SMAC, cloud, server infrastructure, automobile etc., including communication among these devices directly.
Using the dc domain has the advantage of removing the trust model such as removing the need of certificate authorities issuing certificates for making secure connections over the internet.
There is thus a widely recognized need for isolating data in the manner described above which would work even when security of the ac, non-secure user machine has already been compromised and it would be highly advantageous to have such a method devoid of the above limitations.