TCP/IP is Broken: The 44-year-old problem plagues us today

By
Marc Kaplan

Why are networks today so complex, yet still vulnerable to hackers, beset by IP conflicts and often require armies of highly skilled workers to manage? Not long ago I decided to do some research to try and figure out where it all went wrong.

I’ve known for a long time, that the fundamental cause of network complexity is IP addressing, but where did the IP address come from and why was it created in the first place. To understand this, we have to go back to the original concept that spawned computer networking as we know it today. In the early 1960’s, fear of a nuclear war with the Soviet Union prompted a scientist named JCR Licklider, from MIT, to propose a network of computers that could stay connected in the event of a conflict. These internetworked computers would be more secure and robust than the standard phone and radio systems of the day.

Working with the Advanced Research Projects Agency (ARPA), Dr. Lickleider and his colleagues came up with the idea of using packet switching as an efficient way to parse data to send it from machine to machine. This method meant that computers could “talk” to one another over a dedicated wire. The idea of sending information from computer to computer, endpoint to endpoint is the original concept for the internet that we know today, but it still doesn’t explain why everything has become so complex.

With all of the work going on in secret, ARPANET was created as a testbed for many of the concepts and technologies that would enable efficient and reliable communications between two computers. In 1969, the team was finally able to send their first message via packet switching. From a computer in Los Angeles they sent a single word to a computer in Palo Alto, and kick-started the networking revolution that continues to this day.

Connecting two or more computers in a closed system like ARPANET was relatively straight forward, but as the network grew, the need for a better communications and routing protocol became apparent. In 1974, Vint Cerf and Bob Kahn published a paper, through the IEEE, that proposed a new internetworking protocol model that made communications among many machines easier and more reliable. The model they proposed became known as TCP/IP and laid the foundation for what would eventually become the Internet.

In 1980, IPv4 was released, setting the standard which still underlies almost every network in the world. IPv4, however still contains the fundamental flaw that was included in TCP/IP from the beginning. The IP address is used for both location and identity, making it inherently vulnerable to a myriad of attack vectors. And IPv4 had one other problem. The way the standard was developed, there are a finite number of IPv4 addresses available. I’m sure back in 1980, no one thought we would ever reach the point where there were 4.3 billion things needing IP addresses, but here we are.

To help relieve the pressure caused by a finite number of IPv4 addresses, IPv6 was developed and introduced in 1998. IPv6 was designed to be both compatible with IPv4 and to offer an almost infinite number of addresses for connected devices. This new standard addressed many the shortcomings in TCP/IP, specifically IPv4, but it did not fix the fundamental flaw of an IP address being used for both location and identity.

In a nutshell, what did I learn from researching the history of networking. Well, after over 50 years of development and evolution, we are left with a standard that was set back in the 1970’s as the foundation of today’s networks. When that standard ran out of addresses, it was not replaced, but another standard was approved that added to the complexity of how computers and devices talk to one another.

Throughout all of this, there has been one fundamental problem that was never addressed: the combination of location and identity in a single address. It makes everything more complex and vulnerable.

Vint Cerf was quoted saying, “If I could turn back time, I would go back and do a better job on trusted authentication and mobility, which we did a very poor job with and are paying for now, with additional hard work.”

When the father of the Internet says there is a problem, you know it’s time to do something.