What problem are we trying to solve
One problem we are trying to solve is protecting our critical infrastructure by securing our communications.
One of the biggest threats to our financial and infrastructure systems over the next three years will be hostile elements leveraging cyber exploits to subvert these critical institutions. In order to protect our infrastructure in a hostile environment we need to continuously improve security. So does the Dark Web have anything we can use to help?
Deep Web vs Dark Web
We should start by differentiating misconceptions between the dark web and the deep web which are frequently confused.
The dark web is the encrypted network that exists between TOR servers (The Onion Routers) and their clients.
The deep web is the content of databases and other web services that are hidden from conventional search engines.
##What is NAT traversal (Punch Through)
NAT traversal - addresses a fundamental issue with network security that if I am behind a firewall which hides my internal address and does not allow inbound traffic and you are behind a similar firewall, how do we establish a connection to communicate directly. The old answer was that we relay all our conversations via a third party server.
If Skype had to relay all traffic it would face unmanageable network and server bills. So the clever solution is NAT Traversal where the middle server acts as an “introducer” setting up the original communication, but then uses a “feature” of IP routing to switch the endpoints from the server in the middle directly to the clients. This gives us client to client direct communications and effectively “punches through’ both of the client firewalls.
So far so good but the introducer server in the middle is still a point that can be attacked or imitated.
The potential with TOR is to use this network to replace the introducer, as is done with Ricochet IM (https://ricochet.im) which uses onion addresses (each client runs a hidden service) as a sort of static anonymous IP address and, because it's static, it is the user's identity too, in a p2p / serverless chat app. It works behind the firewall, and protects metadata.
Another approach to securing our critical comms can also be found in new IPV6 based projects such as CJDNS https://github.com/cjdelisle/cjdns
CJDNS implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues associated with existing networks.
Traditional networks require manual configuration of IP addresses. To get these addresses you must join an Internet Registry and file an application. CJDNS nodes generate their own addresses along with their keys. When two nodes find each other, they connect. When many nodes find one another, they form a network. General network architecture is of course needed to avoid bottlenecks, but once the nodes are put in the right places, they will discover their roles in the network.
Conclusion
Whatever the next generation solution we pick, one thing is very clear, protecting data in transit is essential for our industries and infrastructure. Our reliance on passwords has lulled us into a false sense of security. As the amount of data we swap increases, and the speed we swap data increases we need to think more like hackers and stop taking for-granted the status quo.