Author Archives: Mat Ford
Author Archives: Mat Ford
For many years we have produced a series of blog posts as a Rough Guide to each upcoming IETF meeting usually in the week prior to the meeting. The Rough Guides were intended to provide a snapshot of IETF activity of interest to the Internet Society because of programmatic activity that we were engaged in. They were also an opportunity to highlight the activities sponsored directly by the Internet Society that were happening adjacent to the upcoming IETF meeting.
Rough Guides were intended to help guide a non-specialist but technically minded audience to the hot topics and debates of interest at each upcoming IETF meeting with pointers to the agenda and remote participation possibilties. Originally intended to help spur meeting attendance by those interested in the key topics, they became a way to highlight important discussions taking place and ways to get involved in person or remotely.
As we are now less than a week away from the IETF 104 meeting in Prague it seemed like the right time to share an update regarding our plans for writing about IETF activity. We have decided to discontinue producing the Rough Guides. Instead, we will be helping to supply relevant, high-quality content Continue reading
How do we coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won’t survive for long as the network of networks grows ever larger. But it’s not just the technology, it’s also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create.
One such challenge is unwanted traffic, ranging from spam and other forms of messaging-related abuse to multi-gigabit distributed denial of service attacks. Numerous incident response efforts exist to mitigate the effects of these attacks. Some are focused on specific attack types, while others are closed analysis and sharing groups spanning many attack types.
We are helping to bring together operators, researchers, CSIRT team members, service providers, vendors, information sharing and analysis centre members to discuss approaches to coordinating attack response at Internet scale. The Internet Society is sponsoring a two-day “Coordinating Attack Response at Internet Scale (CARIS) Workshop” intended to help build bridges between the many communities working on attack response on the Internet and to foster dialogue about how we can better collaborate.
The workshop will take place on February 28 Continue reading
The third Applied Networking Research Workshop will take place on Monday, 16 July, during the IETF 102 meeting in Montreal, Quebec, Canada.
The full workshop program is now available online and includes sessions on TLS, routing, Internet infrastructure, congestion control, traffic engineering, and anonymous communications. The workshop will conclude with a poster session. Accepted papers will be made available at no charge via the Association for Computing Machinery (ACM) Digital Library in due course.
The ACM, IRTF & Internet Society Applied Networking Research Workshop 2018 is an academic workshop that provides a forum for researchers, vendors, network operators and the Internet standards community to present and discuss emerging results in applied networking research. It is sponsored by ACM SIGCOMM, the IRTF, and the Internet Society. The workshop is also generously supported by Comcast and Akamai.
This academic workshop is open to all; registration is free for IETF attendees and $150 USD otherwise. Registration information is available. Student travel grants are also available and the deadline to apply for these is 15 June 2017.
If you’re already planning to be in Montreal for IETF, check out the workshop program and consider registering for the ANRW 2018 to take in these great Continue reading
On the sixth anniversary of World IPv6 Launch, we’re sharing an updated report on the State of IPv6 Deployment in 2018. It really is staggering how far IPv6 deployment has progressed in six years. In mid-2012, Google measured less than 1% of users accessing their services over IPv6. Today that figure is getting close to 25%. Several major operators now deliver the majority of traffic from major content sources like Google, Akamai and Facebook over IPv6. Individual operators, like T-Mobile USA, have deployed IPv6-only networks for their subscribers.
Seven years ago, the Internet Society helped to organize World IPv6 Day, where thousands of ISPs and websites joined together for a successful, global-scale, 24-hour trial of IPv6. A year later, for World IPv6 Launch, major ISPs, home networking equipment manufacturers, and web companies around the world permanently enabled IPv6 for their products and services.
To help showcase the progress made in the six years since World IPv6 Launch we are sharing:
– an updated report on the State of IPv6 Deployment 2018
– an infographic that clearly shows the scale and scope of IPv6 deployment
– and a fun quiz for you to test and share your knowledge of the Continue reading
We’re excited to share news of the third edition of the Applied Networking Research Workshop (ANRW2018), which will take place in Montreal, Quebec, on Monday, July 16 at the venue of the Internet Engineering Task Force (IETF) 102 meeting. The workshop program already includes some great invited talks and the Call for Papers is open now, with a deadline of 20 April.
ANRW2018 will provide a forum for researchers, vendors, network operators and the Internet standards community to present and discuss emerging results in applied networking research. The workshop will also create a path for academics to transition research back into IETF standards and protocols, and for academics to find inspiration from topics and open problems addressed at the IETF. Accepted short papers will be published in the ACM Digital Library.
ANRW2018 particularly encourages the submission of results that could form the basis for future engineering work in the IETF, that could change operational Internet practices, that can help better specify Internet protocols, or that could influence further research and experimentation in the Internet Research Task Force (IRTF).
If you have some relevant work and would like to join us in Montreal for the workshop and maybe stick Continue reading
NDSS 2018 is in full swing in San Diego this week and a couple of papers that really grabbed my attention were both in the same session on Network Security and Cellular Networks yesterday.
Samuel Jero, a PhD student at Purdue University and past IRTF Applied Networking Research Prize Winner, presented a fascinating paper on “Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach”. Of the many protocols and algorithms that are in daily use on the Internet, some are more fundamental and important than others and it doesn’t get much more fundamental and important than TCP congestion control.
TCP congestion control is what makes it possible for millions of autonomous devices and networks to seamlessly, and more-or-less fairly, share available bandwidth. Without it the network would literally collapse.
Attacks against congestion control to manipulate senders’ or receivers’ understanding of the state of the network have been known for some time. Jero and his co-authors Endadul Hoque, David Choffnes, Alan Mislove and Cristina Nita-Rotaru developed an approach using model-based testing to address the scalability challenges of previous work to automate the discovery of manipulation attacks against congestion control algorithms.
By building abstract models of several congestion Continue reading
Network and Distributed Systems Security (NDSS) Symposium is in full swing for its 25th anniversary year. As usual the NDSS program includes a really impressive array of great content on a wide range of topics. Prior to the main event there were four one-day workshops on themes related to the topic of NDSS: Binary Analysis Research, DNS Privacy, Usable Security, and the workshop I’d like to delve into here, Distributed IoT Security and Standards (DISS).
The DISS workshop received 29 submissions and accepted 12 papers. In an interesting twist on the usual scientific workshop format, the presented papers were all still in draft form and will now be revised based on the Q&A and offline discussions that took place as a result of the workshop. Revised papers will be published by the Internet Society in due course.
Introducing proceedings, co-chair Dirk Kutscher explained that it has become evident that the success of the Internet of Things (IoT) depends on sound and usable security and privacy. Device constraints, intermittent network connectivity, the scale of deployments, economic issues all combine to create an interesting and challenging environment for the research community to address.
A decentralised approach to IoT security Continue reading
A serious weakness in Wi-Fi security was made public earlier today. The Key Reinstallation Attack (KRACK) can break Wi-Fi encryption, opening your data up to eavesdropping. This, combined with issues in Linux and Android, make it possible for attackers to change websites you view. This is a serious problem for Wi-Fi Protected Access 2 (WPA2), a protocol used in millions of networks worldwide.
Luckily, the use of Transport Layer Security (TLS) is on the rise. Mozilla’s data shows that over 60% of pages loaded in Firefox use TLS. More and more companies are using encryption for all traffic and removing the ability to connect to unencrypted versions of their sites. When connecting to these sites, KRACK isn’t as big of a deal, because the data is encrypted before it’s sent across Wi-Fi. Even if WPA2 is broken, the data is still secure.
Unfortunately there are still millions of sites that don’t provide this security. Their users are vulnerable to eavesdropping, fake content, malware injection, and more. We need more companies and operators to use TLS and HTTP Strict Transport Security (HSTS) to mitigate the potential impact of KRACK.
Internet traffic exists in layers, which makes it possible to use more Continue reading
A serious weakness in Wi-Fi security was made public earlier today. The Key Reinstallation Attack (KRACK) can break Wi-Fi encryption, opening your data up to eavesdropping. This, combined with issues in Linux and Android, make it possible for attackers to change websites you view. This is a serious problem for Wi-Fi Protected Access 2 (WPA2), a protocol used in millions of networks worldwide.
Luckily, the use of Transport Layer Security (TLS) is on the rise. Mozilla’s data shows that over 60% of pages loaded in Firefox use TLS. More and more companies are using encryption for all traffic and removing the ability to connect to unencrypted versions of their sites. When connecting to these sites, KRACK isn’t as big of a deal, because the data is encrypted before it’s sent across Wi-Fi. Even if WPA2 is broken, the data is still secure.
Unfortunately there are still millions of sites that don’t provide this security. Their users are vulnerable to eavesdropping, fake content, malware injection, and more. We need more companies and operators to use TLS and HTTP Strict Transport Security (HSTS) to mitigate the potential impact of KRACK.
Internet traffic exists in layers, which makes it possible to use more Continue reading
As we rapidly approach the last Internet Engineering Task Force meeting for the year, we’re pleased to report that the final winners of the Applied Networking Research Prize (ANRP) for 2017 have been announced.
The ANRP awards for IETF 100 go to:
Paul Emmerich for developing the high-speed packet generator MoonGen.
Paul Emmerich, Sebastian Gallenmüller, Daniel Raumer, Florian Wohlfart, and Georg Carle, “MoonGen: A Scriptable High-Speed Packet Generator,” in Internet Measurement Conference (IMC) 2015, Tokyo, Japan, Oct. 2015.
Roland van Rijswijk-Deij for analysing the impact of elliptic curve cryptography on DNSSEC validation performance.
Roland van Rijswijk-Deij, Kaspar Hageman, Anna Sperotto and Aiko Pras, “The Performance Impact of Elliptic Curve Cryptography on DNSSEC Validation,” in IEEE/ACM Transactions on Networking, Volume 25, Issue 2, April 2017.
For the 2017 award period of the ANRP, 39 eligible nominations were received. Each submission was reviewed by several members of the selection committee according to a diverse set of criteria, including scientific excellence and substance, timeliness, relevance, and potential impact on the Internet. Based on this review, six submissions were awarded an Applied Networking Research Prize in 2017.
Paul and Roland will present their work at the IRTF Open Meeting during IETF 100 in Singapore. Continue reading