Impossible network technology

The Internet Protocol (IP) is the lingua franca for any modern network, and it also shapes both the risks and the architecture of applications and services that run on that network. IP is a client-server protocol; something is serving and something else wants to connect to that service. The server has to “listen” for incoming connections, and the client needs to find out where the server is and connect to it.?

Let’s run through a simple example: When you type in the name of a website you want to connect to, first the browser looks up the domain name, for example “bbc.com ,” and it uses the Domain Name System (DNS) to translate that address into an IP address. The browser then connects to the web server on that IP address on a well-known port number, most likely port 443. This begs the question, “What, exactly, is a port?” It's really just a number, like a door number on a building, where the server is always listening. The server’s open door gets your browser's request for information, and it serves up that information which is then displayed in your browser. Simple!

The problem, however, is that anyone on the Internet can connect to the web server without any authentication and then they can send requests. If those requests are for web pages, that’s fine, but what if they are requests that break or attack the web server? The web server has to deal with those requests as best it can. If an attack is successful, then perhaps the website goes down, or worse still, the data behind the website is stolen and sold on the dark web. The first time you know about this is when you get an apologetic letter from the company telling you your data has been stolen—and that they are sorry.

The Achilles’ heel here is that the server must answer non-authenticated connections and be vulnerable to anyone on the Internet. Our defense until now was to lock down access to the server with other layers of technology, like firewalls and virtual private networks. However, someone has to put in the work of trying to manage firewall rules, you have no idea which are the “good” IP addresses, and the VPN server itself has to have ports (like doors) open to the world. Bad actors have become experts at systematically scanning for these open ports and mounting attacks wherever they find them. As we like to say in tech circles, it’s turtles all the way down .?

Clearly, with the daily breaches we all know about (and the ones we do not), things have to change. We need to be able to provide services on the Internet, but only to those that we know. In other words, we need a cloaking device on the Internet that makes our services invisible to everyone except for people who are allowed to connect. And even then, only to people who have proved themselves to be known through the use of public key infrastructure (PKI). Above all, no ports should ever be open on servers housing data that is not encrypted. Additionally, the data must be encrypted with keys that the server never has access to.

?

If you think that sounds near impossible, you would be correct. Without a new network protocol and platform, it truly is impossible. Fortunately for us, all that is precisely what Atsign have been working on for the last five years as an open-source project; an open protocol that allows people, entities, and things to communicate privately and without open ports across the Internet, or, indeed, any IP network.

It sounds like something that the Klingons or Romulians could have developed - an Internet cloaking device. But in reality, it is a confluence of network engineers and software developers working together to solve a fifty-year-old problem using the best of the Internet system architectures that have stood the test of time—like DNS/PKI, containerization and orchestration—to build a resilient and Internet-scalable private messaging system. This system then can be used to build a control plane that can be used for pretty much any use case that requires privacy and security, using Zero Trust principles.

?

NoPorts is exactly that, using the Atsign's open-source SDK to allow TCP/IP connections to be made between clients and servers without open ports at either end, only after both client and server have been cryptographically authenticated. There are no “open doors” on servers or devices. Hackers can’t attack what they can’t find.

?

What is our biggest challenge? Assuring people, when they see the technology, that it is real! Then, once people understand what is going on it’s often disbelief that no one has ever done this in the past”.???

You too can have a cloaking device for your Internet services. Take a look at Atsign and NoPorts and switch on your Internet cloaking device!