megan.kruse

Author Archives: megan.kruse

Time Synchronization, Security, and Trust

Time is something that is often overlooked or taken for granted, but the accuracy and reliability of time is critical to our lives and must be protected. Time is a core concept underlying nearly all physical and virtual systems. Distributed computer systems, key to many functions inherent in our daily lives, rely on accurate and reliable time, yet we rarely stop and think about how that time is constructed and represented. Accurate and reliable time is needed to determine when an event occurs, in what order a particular sequence of events occurs, or when to schedule an event that is to occur at a particular time in the future.

Karen O'Donoghue

Google leaked prefixes – and knocked Japan off the Internet

Last Friday, 25 August, a routing incident caused large-scale internet disruption. It hit Japanese users the hardest, slowing or blocking access to websites and online services for dozens of Japanese companies.

What happened is that Google accidentally leaked BGP prefixes it learned from peering relationships, essentially becoming a transit provider instead of simply exchanging traffic between two networks and their customers. This also exposed some internal traffic engineering that caused many of these prefixes to get de-aggregated and therefore raised their probability of getting accepted elsewhere.

Andrei Robachevsky

NDSS Highlights the Best in Internet Security Research

The nonstop news about Internet security vulnerabilities and incidents could lead one to despair for the future of the Internet. However, what often does not make the news is all the quality research that contributes ultimately to a more secure, private, and trustworthy Internet. Quality academic research that is open and easily accessible is one of our best long-term investments in a truly open and trustable Internet.

Karen O'Donoghue

A New Hippocratic Oath: “First, do no harm… to me or my healthcare data”

I was recently invited to contribute a paper on personal data in the healthcare context to a journal on the Privacy and Security of Medical Information published by Springer-Nature. The paper, “Trust and ethical data handling in the healthcare context” examines the issues associated with healthcare data in terms of ethics, privacy, and trust, and makes recommendations about what we, as individuals, should ask for and expect from the organisations we entrust with our most sensitive personal data.

It's a topical subject, from an Internet Society perspective, because the Internet appears to offer some attractive solutions to pressing problems that confront people and governments, around the globe.

Robin Wilton

Rough Guide to IETF 99: A Sampling of Encryption-Related Activities

Encryption is once again a hot topic, and there’s much to discuss at IETF 99 this week in Prague. This time the hottest action will definitely be in the Transport Layer Security (TLS) working group. TLS is considering everything from privacy implications for TLS1.3 to how to reduce handshake latency. As mentioned in previous Rough Guide blogs on the topic, the working group is busy on the completion of the TLS 1.3 specification. It has completed working group last call, and the working group is addressing the comments received during that process. Draft 21 was released on 3 July in anticipation of this week’s discussion.

Karen O'Donoghue

ISOC Rough Guide to IETF 99: Internet Infrastructure Resilience

IETF 99 is next week in Prague, and I’d like to take a moment to discuss some of the interesting things happening there related to Internet infrastructure resilience in this installment of the Rough Guide to IETF 99.

Simple solutions sometimes have a huge impact. Like a simple requirement that “routes are neither imported nor exported unless specifically enabled by configuration”, as specified in an Internet draft “Default EBGP Route Propagation Behavior Without Policies”. The draft is submitted to IESG and expected to be published as a Standards Track RFC soon.

Andrei Robachevsky

Rough Guide to IETF 99: Internet of Things

The Internet of Things (IoT) is a buzzword around the Internet industry and the broader technology and innovation business. We are often asked what the IETF is doing in relation to IoT and in this short post I'd like to highlight some of the relevant sessions scheduled during the upcoming IETF 99 meeting in Prague. Check out the IETF Journal IoT Category or the Internet Society's IoT page for more details about many of these topics.

Mat Ford

Rough Guide to IETF 99: Back to Prague

Time to get ready for IETF 99! Starting a week from today, on Sunday, 16 July, the Internet Engineering Task Force will be in Prague, Czech Republic, where about 1000 engineers will spend a week discussing the latest issues in open standards and protocols. As usual, the agenda is packed, and the Internet Society is providing a ‘Rough Guide’ to the IETF via a series of blog posts all this week on topics of mutual interest:

Mr. Olaf Kolkman

There is No Perimeter in IoT Security

The Internet of Things (IoT) is not just a device connected to the Internet - it is a complex, rapidly evolving system. To understand the implications, analyse risks, and come up with effective security solutions we need to look ahead and take into account other components, such as Big Data and Artificial Intelligence (AI).

Andrei Robachevsky

Using the Collaborative Security Approach to Address Internet of Things Security Challenges

Two years ago, our “Collaborative Security Approach” proposed a way of tackling Internet security issues based on the fundamental properties of the Internet and the voluntary cooperation and collaboration that’s been prominent throughout the Internet's history. In this post, let us look at each of the five key Collaborative Security characteristics as they apply to security of the Internet of Things (IoT).

Andrei Robachevsky

TIIME to Pay Attention to Identity

My colleague Robin Wilton and I participated in the recent Trust and Internet Identity Meeting Europe (TIIME) in Vienna, Austria, co-sponsored by the Internet Society and organized by long-time notable identeratus Rainer Hörbe.

This meeting brought together approximately 100 people who are engaged in advancing the state of the art and strengthening trust around online identity. Structured as an “unconference,” it was up to the attendees to set the agenda and lead the sessions. As you can see from the session list the meeting covered a lot of ground.

Mr. Steve Olshansky