Go to the home pageDFINITY

How does the Internet Computer host tamperproof systems?

Today, people create enterprise IT systems and internet services using a legacy IT stack that is intrinsically insecure. They must first arrange hosting, typically using cloud services provided by Big Tech, and then create assemblies from their own software and configurations of legacy components such as web and database servers, which they must regularly patch to fix insecurities, and typically protect by firewalls, VPNs and other anti-intrusion systems. The problem is that these systems contain so many pathways that they cannot be made secure, and the security of the legacy IT stack cannot be fixed. The Internet Computer provides a completely different kind of environment that cannot be hacked or stopped, which does not depend upon Big Tech vendors, where systems can be created without legacy components such as databases, and software logic always runs as designed against the expected data.

Essentially this is possible because the Internet Computer is created by independent data centers around the world running a mathematically secure protocol to combine their computational capacity using advanced computer science, which creates a new kind of environment for building and hosting enterprise IT systems and internet services using a new kind of software that do not rely upon today’s legacy IT stack at all.

In traditional IT infrastructures, there are an almost unlimited number of locations where vulnerabilities might lurk, which hackers can potentially manipulate, either directly or indirectly. For example, traditional “SQL injection attacks” involve hackers using a company’s Web pages to submit malicious input that is fed via the receiving Web server to an internal database server to trick it into taking unwanted actions such as exporting malicious executable files onto the host server machine. Consequently, such traditional infrastructure must be surrounded by firewalls to restrict access, the contained systems monitored for out-of-scope behavior and their software expertly configured and then immediately patched when new security updates become available. The problem is that their massive complexity makes the task essentially impossible, which is reflected in the ever-growing number of security fails we see today. Arguably, no matter how many resources are expended, truly secure IT infrastructure cannot be created using today’s legacy IT stack.

The use of “stateful decentralized” protocols run amongst a network of independent parties to create a secure virtual platform provides a widely applicable solution, despite the underground origins of the approach. The first example of a platform created using such a protocol was Bitcoin, whose network creates a virtual ledger (the “state”) in cyberspace. This is tamperproof such that the bitcoins it hosts may only be moved by their current owners using cryptographic keys without any possibility that they might be moved otherwise. Clearly, the Bitcoin ledger does not depend upon any one person for its existence, let alone firewalls and security teams. The Internet Computer does not share any technology or workings with Bitcoin and has a very different purpose, but it also is formed by independent parties running a secure, stateful decentralized protocol, which here generates a secure virtual environment into which special software might be uploaded and run, together with all its data.

The virtual Internet Computer provides only the functionality necessary for the performance of its role, and there aren’t any additional pathways that can be exploited. Furthermore, within fault bounds the supporting network cannot be hacked as it is created using a mathematically secure “Byzantine Fault Tolerant” protocol. The platform provides for special “software canisters” to be uploaded into an unstoppable seamless virtual universe for software, where they can be addressed through their unique identities and functions they share called by users and other canisters that hold the required permissions.

The computational capacity of the Internet Computer derives from special “node” computes operated by independent data centers around the world, which run the Internet Computer Protocol (ICP) to securely combine their capacity. Internally, this protocol stripes uploaded software systems and their data across nodes run in different data centers to ensure there is sufficient redundancy to make them secure, unstoppable and ensure their data can never be lost. The protocol ensures that so long as a minimum proportion of the participating data centers are operating correctly, the Internet Computer will continue to operate without a hitch, even if a sizeable subset of the data centers involved are under the control of a single bad actor who may employ arbitrary tactics from going offline, to subverting the protocol and corrupting data. For example, if some uploaded software is striped across 28 data centers, then the protocol guarantees that it will continue working correctly even if up to 9 of data centers are controlled by a nefarious party that wants to break it. Given the way data centers are selected by the governance system and incentivized, it is extraordinarily that even one would behave this way, making the platform hackproof for practical purposes since the best hacker can’t make 2+2=5.

If you are wondering, software runs on the Internet Computer with similar security guarantees that “smart contracts” benefit from, such as those hosted on the Ethereum network. This means that when you install software on the Internet Computer, when your software is called, it is guaranteed to run only the instructions you created, against the expected associated data, which can only be modified by the correct execution of your instructions. There are no backdoors, and no ways to hijack or manipulate the system so that it does something other than what was intended. For example, in traditional IT systems, you might write your software to process data one way, then a malicious employee or hacker might gain unauthorized access to the database where it is kept and modify it in unintended ways. On the Internet Computer, there are no backdoors.

We see a world where enterprises gate access to IT systems on the Internet Computer using physical authentication devices such as YubiKeys, which also prevent employees sharing or guessing passwords. These enterprise systems on the Internet Computer will effectively be impenetrable and enterprises will be able to forget about firewalls, VPNs, and the expense and fallibility of IT security and administration teams who must constantly monitor, patch and configure IT infrastructure.

The Internet Computer is a new paradigm where there is security against tampering by default. Today, IT security professionals suffer the highest rates of stress, burnout and professional churn in the industry. The Internet Computer aims to fix that.

Expert Tip: Although the Internet Computer provides a tamperproof environment for a new kind of tamperproof software, a developer can inadvertently create “logic errors” in their own software. For example, if a developer creates a software canister with a “deleteMyData()” function that is publicly shared, say because she wanted an easy means to reset her data while she was developing and testing her software, and then uploads the canister to the Internet Computer without removing it, clearly if that function is discovered by a hacker they can simply call the function to delete the data in production, which is not what was intended even though the software is executing correctly. Dependencies can also cause problems. For example, if a canister depends upon another canister controlled by a malicious party for its functioning, then clearly it may also not work as intended. Finally, obviously if a hacker can insert his malicious code into a canister before it is uploaded to the Internet Computer, then it also will not behave as desired. But software always runs its low level instructions as expected and cannot be manipulated by a hacker gaining access to the underlying systems.

Go to the home page