Identities, Anonymity and Information Warfare

Abstract

We discuss the primarily role of anonymity and identity manipulation in information warfare. We contend that those who engage in information warfare have very similar goals as those involved in cyber-crime and cyber-terrorism. Today Internet-based commerce has become global, representing a significant component of the world market. Network-based personal communications services are rapidly becoming the method of choice for many nations. In fact many critical infrastructure components are managed and controlled remotely. Yet these various capabilities are usurped by cyber-warriors, terrorists, or other criminals. A number of networking issues contribute to the current state of Information Warfare. Historically, security capabilities (e.g., authentication, authorization, and confidentiality services) had not been considered a high priority in the original design of the critical Internet protocols still in use. Further complicating the security problem is the lack of consistency in name scheme adopted for network-related objects (hosts, applications, interfaces). Mapping of object names continues to be a trial-by-error exercise, which is frequently misused by malicious actors, as in the case of Address Resolution Protocol (ARP). Moreover, the lack of authentication facilitates the use of ICMPv4 (internet control message protocol version 4) and UDP (user datagram protocol) as protocols of choice for distributed denial-of-service (DDoS) attacks. Dynamically used transport protocol port numbers are now common: negating the effectiveness of classic firewall type packet filtering. Regrettably, mapping of device domain names to IP (internet protocol) addresses via DNS (domain name system) continues with no major efforts to prevent invalid updates or query responses. Many of the aforementioned protocols rely on data-origin authentication via secret key and message digests, yet, secret key management is non-existent. IEEE 802.1X, used in newer wireless networks, is routinely avoided for wired infrastructures. Although internet protocol security (IPsec) is widely available, it is rarely deployed beyond secure virtual private networks (VPNs), especially given that its availability in IPv4 is optional and usage optional with IPv4 and IPv6. Domain name system security (DNSSEC) has existed for over 10 years, yet serious discussion for its deployment is only now occurring. The standards for public key infrastructures (PKIs) and digital certificates are extensive but the majority of organizations find excuses to avoid its use and most PKI-enabled applications cannot even check for revoked certificates. In conclusion, we contend that given the security threats associated with current and future information warfare activities, the inter-networked global community should focus on more rapid implementation and deployment of the existing security mechanisms. As such, mandatory, robust authentication as well as several key network security services should be adopted. The necessary mechanisms already exist, now is the time for network administrators to recognize the need for prompt deployment of these capabilities as a proactive defense/mitigation against malicious attacks at reasonable level.