SIDN on campus
Our research department SIDN Labs works closely with a number of universities. And this week a new dimension is being added to that cooperation: Labs' Manager Cristian Hesselman is going to teach a new subject at the University of Twente. Here's what he has to say about teaching 'Security Services for the Internet of Things'.
Why has the university asked someone from SIDN to teach this course?
Cristian: "It's not unusual for people from SIDN to be invited to speak to students about subjects such as DNSSEC. However, it's usually a one-off lecture. This time a whole module is involved: Security services for the Internet of Things (IoT). It stems from SIDN Labs' development of SPIN (Security and Privacy for In-Home Networks), an open-source system for home networks. SPIN is intended to prevent insecure IoT devices being hijacked to mount DDoS attacks by tackling the problem at source. In other words, by automatically blocking any IoT device that sends or receives suspicious traffic. SPIN also lets end users see what IoT devices on their home networks are doing: what services they connect to, for example. When I told Professor Pras from the University of Twente (UT) about SPIN, he suggested developing this new module for his students. In the upcoming academic year, it'll run as a pilot. If it's a success, we'll repeat it in 2019. The plan was to start with a maximum of ten students. However, there was so much interest that we're actually going to have eighteen. There'll be eight sessions, including six interactive lectures and a practical. At the end, each student will submit a brief report. The report will have to include an explanation of how IoT devices behave in a network, in the form of a 'MUD-specification'. MUD is a methodology that the IETF is currently standardising and that we use in our SPIN prototype. The idea is to get students thinking about this kind of development. And maybe they'll come up with some good ideas for improving the MUD work."
Two joint research projects
Statistical Analysis of DNS Abuse in gTLDs (SADAG) We teamed up with TU Delft to study domain name abuse in generic top-level domains (gTLDs). The project revealed that, while spamming has shifted from legacy gTLDs (e.g. .com and .net) to the new gTLDs, the total volume of spam has remained largely unchanged. Read moreRecursives in the wild In partnership with researchers from the University of Southern California and the University of Twente, we investigated how DNS resolvers select authoritative name servers in practice. The results showed that it's ultimately unicast name servers that determine the maximum round-trip time for clients that are distant from the authoritatives, even if the clients are close to the TLD's anycast nodes. On the basis of that finding, we decided to phase out the unicast nodes for .nl and switch entirely to anycast. Read more
What's the benefit of this new form of collaboration for SIDN?
Cristian: "We want to play our part in make making .nl, the DNS and the wider internet more resilient and stable. The module that I'll be teaching will contribute to training the next generation of internet security experts. It'll also highlight the importance of the Internet of Things being secure. At the same time, we'll be profiling SIDN as an interesting place to complete your studies, to do a research project or an internship, or to go and work after you graduate. Assuring the future quality of the .nl domain depends on attracting the top talent. And the labour market is very competitive, so it pays to make an impression while people are still studying. In that sense, SIDN Labs is acting like SIDN's shop window."
How is the relationship with a university established?
Cristian: "The trick is to identify departments that are active in fields relevant to SIDN Labs. There needs to be something in it for both partners, with us focusing on the application side of things and the university on the scientific side. So, for example, we contribute practical experience and unique data, while the university contributes things such as new scientific insights and methodological knowledge."
How successful are such partnerships?
Cristian: "Increasingly, our projects are valuable both for the research community and for the operational community -- people such as DNS operators. Recently, for instance, we teamed up with the University of Twente and the University of Southern California to study how DNS resolvers select authoritative name servers. The findings were of real scientific value and formed the basis for a publication presented at a very influential conference. At the same time, they enabled SIDN's DNS management team to improve our DNS server infrastructure. And that translates into improved performance and availability."
What other university collaborations does SIDN have lined up?
Cristian: "In partnership with UT and NLnet Labs, we'll be doing more research into ways of making the DNS more resilient -- against DDoS attacks, for example. And with TU Delft we're going to look at the possibility of using a honeypot technique to map insecure IoT devices. Then we have a project lined up with the French registry Afnic and the Grenoble Alps University. That'll involve trying to develop software to distinguish between domain names that have been hacked and those registered specifically for abusive purposes. If we can do that, it'll make a big difference to our Support Department's workflow."