SIDN Labs is the research team of SIDN, the operator of the .nl country-code top-level domain (ccTLD). Our goal is to advance the operational security and resilience of end-to-end internet communications through (1) empirical, measurement-based research and (2) prototyping and evaluating new internet systems and tools.
Some example results
Examples of measurement studies that we have conducted include a detailed analysis of how resolvers in the Domain Name System (DNS) choose among multiple authoritative servers, which led SIDN’s operations team to switch .nl’s authoritative servers to anycast-only. We have also showed how different parts of the DNS infrastructure contribute to resilience against DDoS attacks, analysed the resilience of .nl from a routing perspective, the stability of the root server system and the levels of DNS abuse in gTLDs.
Amongst the datasets that we use for this type of work are ENTRADA for .nl (more than 1 trillion rows, updated every few minutes), DMAP for .nl (5.8 million data points, updated monthly) and OpenINTEL’s longitudinal data on the evolution of the DNS in .nl and other TLDs (3 trillion data points, updated daily). Our measurement studies are governed by a privacy framework, which we developed for ENTRADA but is now being used SIDN-wide.
Examples of our technology development work include our open-source ENTRADA system for storing and easily analysing large amounts of authoritative DNS traffic, our DMAP crawler for longitudinally measuring the security-related characteristics of large numbers of domain names, the Root Canary toolset for monitoring DNSSEC root key rollovers, and our open-source SPIN platform for protecting the internet and users against insecure IoT devices.
Five challenges, two research areas
Our research agenda consists of five research challenges, which we have grouped into two areas: core internet systems and internet evolution.
We identified the five challenges based on projects we carry out with our partners (e.g. peer research labs, universities and SIDN’s operational teams) and the communities we are involved in (e.g. IETF/IRTF, RIPE and ICANN). These interactions are an important part of our daily work and enable us to continually sharpen our focus and make sure we address relevant topics.
Core internet systems
The goal of our first research area is to empirically understand what factors drive the security and resilience of core internet systems such as the DNS and prototype novel technical mechanisms to improve it. The work is based on our vision of intelligent domain name registries and the concept of collaborative internet security.
We are concentrating on three challenges
Improving the operation of DNS infrastructures: how to enable DNS operators to better engineer their infrastructures, in particular to maximise security and resilience?
Reducing domain name abuse: how to enable registries, registrars, hosting providers and other stakeholders to protect internet users against actors that use domain names for malicious purposes, such as for fake web shops, DDoS-for-hire sites and coordinated phishing attacks?
Protecting the internet against large-scale incidents: how to protect the DNS and the wider internet against large-scale (coordinated) incidents, such as the massive DDoS attacks generated by 600,000-node strong IoT botnets and routing hijacks?
Our second research area is the evolution of the internet, both in terms of how the internet evolves (deployment, protocols, architecture) and in terms of experimental non-IP inter-networking systems such as SCION, NDN, and RINA.
Our two challenges are:
Experiment with and advance emerging inter-networks: how to advance inter-domain networking systems to best serve society’s demands for increased networked service security, resilience and transparency?
Understand the evolution of the internet: how to longitudinally measure, map and visualisevarious aspects of how the internet and its architecture evolves, for instance in terms of concentrations of powerDNS-over-HTTPSadoption of Let’s Encryptuse of anti-DDoS services
Way of working
Our way of working is to make our results available and useful for the wider internet community (e.g. DNS operators and universities) and apply them to the specific operational challenges facing SIDN. For example, we developed our SPIN open-source software as a building block for anyone to use in cybersecurity products or research and at the same time we’re working with SIDN’s product development team to get SPIN deployed on modem/router equipment.
In terms of technology development, we hover in the middle of the nine-point Technology Readiness Level (TRL) scale, which is roughly between levels 3 and 7. We collaborate intensively with the research community (e.g. University of Twente, NLnet Labs, SURFnet, University of Amsterdam, Delft University of Technology and the University of Southern California) on basic research (TRLs 1-3), and with operational teams at SIDN and elsewhere on projects requiring production-level expertise (TRLs 7-9).
SIDN Labs Team
Mijn interesse gaat uit naar de veiligheid en privacy binnen het Internet of Things. Ik onderzoek manieren om thuisnetwerken veiliger te maken door het doen van (empirisch) onderzoek op het gebied van 'Usable Security’.
My job involves analysing data from our name servers. The detection of patterns and trends in the data is the starting point for making .nl more secure and more robust. The analysis results are also useful to the security industry, network communities, researchers and policy-makers.
My work mainly involves researching and contributing to new technologies, e.g. with a view to further enhancing SIDN's services. I develop prototypes and I provide technical and other advice to the rest of the organisation and the Dutch and international internet communities.
My focus is researching and advising on developments and concepts for technical improvements and innovations. I assess their relevance and impact for the Marketing, Communication and New Business team. I also look after the interests of SIDN and the local internet community within forums such as the IETF and RIPE.
I’m researching how we can make the DNS more resilient and secure by running large scale internet measurements. The results have a direct impact on operational decisions inside and outside of SIDN. I carry out this research in collaboration with the University of Twente while perusing my part-time PhD.
I'm investigating how machine learning can contribute to internet security and stability. Machine learning algorithms extract rules and patterns from large volumes of data. My work at SIDN Labs involves developing algorithms that can detect domain name abuses, for example.
If you have any questions or feedback, please contact one of our colleagues via email@example.com.