The Internet Measurement Conference Goes nl

SIDN was a proud sponsor of the 2019 ACM Internet Measurement Conference, which took place in Amsterdam. Talks covered our core research topics DNS, routing and IoT, including three contributions by SIDN Labs -- one of which received a Distinguished Paper Award.

The 2019 ACM Internet Measurement Conference took place in the beautiful Royal Tropical Institute (KIT) in the city of Amsterdam, with more than 230 attendees from academia and industry. Held annually since 2001, the IMC brings together industry and academic experts. For this year's edition, 39 papers were accepted, covering a broad range of topics, from ad networks to virus scanners. In this blog post, we focus on the research topics that are most relevant for SIDN Labs: DNS, routing, security and the IoT. For the full list of accepted papers, check out the conference website.

DNS: 7 accepted papers and still a hot topic

DNS seems to attract more and more attention from the research community, which shows that it’s still a relevant and critical component of the Internet and an interesting research field.

The recent discussion on encrypted DNS has been taken up by the research community and two papers reported efforts to measure the potential performance impact of “classical” DNS over TCP/UDP versus encrypted DNS over TLS and HTTPS (DoT and DoH). The researchers found some performance impact but no significant overhead. The deployment of both protocols is still low but is growing steadily.

Another topic that has been keeping the DNS community busy for years is the EDNS0 client-subnet (ECS) extension, which allows resolver operators to signal (parts) of their clients' IP addresses to name servers. Content delivery networks (CDNs), which use DNS for traffic engineering, are particularly reliant on this functionality. One study showed that many resolvers leak too many details about their clients; it also demonstrated that implementations of ECS are often buggy, leading to a significant performance penalty for some Internet users. The DNS was the focus of our contributions to the conference as well. My colleague Giovane presented his study on setting the right TTLs for DNS resource records. You can find more information in his recent blog post. He also co-authored a large scale study of DNS traffic data collected on recursive resolvers, whose many findings included the fact that the top 10 per cent of name servers handle about half of all traffic, indicating increased centralisation in the DNS.

Award for SIDN Labs

Our third contribution an independent analysis of the first ever DNSSEC Root KSK rollover, an event which had the potential to effectively take a quarter of Internet users offline. The project was a collaboration between six international research organisations and companies, led by SIDN Labs. While we concluded that the rollover was a success overall, we still found numerous worrying peculiarities, such as a very unexpected query increase of approaching 7 per cent of the total query load on the root servers. The jury of IMC considered our paper, entitled “Roll Roll Roll Your Root: A Comprehensive Analysis of the First Ever DNSSEC Root KSK Rollover” to be “well-executed” and “well-timed” and awarded us one of the two Distinguished Paper Awards.

Some of the author team of our paper “Roll Roll Roll your Root”, which received a Distinguished Paper Award.

Routing: securing the paths of the Internet

Another core protocol that seems to be enjoying a renaissance is the Border Gateway Protocol (BGP), especially since BGP hijacks and the security extension RPKI gained more attention. The paper “Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table” presented a machine-learning model that is able to automatically classify networks on the Internet that repeatedly hijack the prefixes of other networks on the Internet. The model enabled the team to detect hundreds of potentially misbehaving networks. This paper was recognised with the Conference's other Distinguished Paper Award. Congratulations! The results described above emphasise the need for RPKI: the resource public key infrastructure. RPKI allows network operators to state which IP addresses they announce, via which networks. Routers on the Internet can then verify the announcements and thus detect any hijacking of network prefixes by other networks. If such a hijack were successful, traffic could be redirected, e.g. to malicious websites.

A team including Taejoong Chung and Roland van Rijswijk-Deij, who also co-authored our award-winning paper, found that RPKI deployment is on the rise. Around 12 per cent of the announced IP space is now covered, and only a few misconfigurations remain. Another paper on BGP looked at its resilience, rather than its security. Anycast allows operators to announce a service from multiple locations and, if one location fails, clients can still reach the service through the other location. Anycast can be very effective but must be managed carefully. The paper “Taming Anycast in a Wild Internet” shows that, by carefully modifying BGP announcements, round trip times for some clients can be improved significantly. However, operators need to be aware that the modifications might affect other clients negatively.

Security and IoT: threats in different shapes and colours

Security still has the attention of researchers and almost half of this year's papers were again discussing different aspects of security.

A paper about the Internet of Things (IoT), which we at SIDN Labs are also trying to make a little more secure, received the Community Contribution Award for publishing the best data set. The authors tracked the behaviour of dozens of IoT devices and found that many interact with systems outside their jurisdictions, which might be potential privacy risks. Compromised IoT devices are often part of large botnets that are misused for distributed denial-of-service (DDoS) attacks. Nowadays, anyone can launch a DDoS attack by using Booter services that allow even people with no technical knowledge to attack school websites, game servers, or competitors for a few euros. Two papers analysed the effectiveness of efforts to take down such Booter services, and both showed that such abuse prevention remains a cat-and-mouse game. Surprisingly, one countermeasure that proved successful in limiting the use of Booters was to use Google ads to warn potential customers that such services are illegal and that their use will be punished.

Finally, the paper “Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs” analysed a popular countermeasure against DDoS attacks at Internet Exchange Points (IXP). Black-holing is used to filter unwanted traffic before it reaches the targeted network. The authors found that, while black-holing is widely used, it does not filter all attack traffic. The authors urge operators to consider implementing fine-grained filtering which would be more effective.

Wrapping up a successful IMC

What makes the IMC so special is the variety of the accepted papers. As well as DNS, BGP and security, there were interesting papers on topics such as congestion control, the advertising eco-system, web-decentralization, and many others. SIDN Labs was happy to sponsor, co-organise and attend IMC 19 and we’re already looking forward to next year's edition.