SIDN Labs: applied research for a more secure and resilient internet infrastructure

SIDN Labs is the research team of SIDN, the operator of the .nl country-code top-level domain (ccTLD). Our goal is to advance the operational security and resilience of end-to-end internet communications through (1) empirical, measurement-based research and (2) prototyping and evaluating new internet systems and tools.

Some example results

Examples of measurement studies that we have conducted include a detailed analysis of how resolvers in the Domain Name System (DNS) choose among multiple authoritative servers, which led SIDN’s operations team to switch .nl’s authoritative servers to anycast-only. We have also showed how different parts of the DNS infrastructure contribute to resilience against DDoS attacks, analysed the resilience of .nl from a routing perspective, the stability of the root server system and the levels of DNS abuse in gTLDs.

Amongst the datasets that we use for this type of work are ENTRADA for .nl (more than 1 trillion rows, updated every few minutes), DMAP for .nl (5.8 million data points, updated monthly) and OpenINTEL’s longitudinal data on the evolution of the DNS in .nl and other TLDs (3 trillion data points, updated daily). Our measurement studies are governed by a privacy framework, which we developed for ENTRADA but is now being used SIDN-wide.

Examples of our technology development work include our open-source ENTRADA system for storing and easily analysing large amounts of authoritative DNS traffic, our DMAP crawler for longitudinally measuring the security-related characteristics of large numbers of domain names, the Root Canary toolset for monitoring DNSSEC root key rollovers, and our open-source SPIN platform for protecting the internet and users against insecure IoT devices.

Five challenges, two research areas

Our research agenda consists of five research challenges, which we have grouped into two areas: core internet systems and internet evolution.

We identified the five challenges based on projects we carry out with our partners (e.g. peer research labs, universities and SIDN’s operational teams) and the communities we are involved in (e.g. IETF/IRTF, RIPE and ICANN). These interactions are an important part of our daily work and enable us to continually sharpen our focus and make sure we address relevant topics.

Core internet systems

The goal of our first research area is to empirically understand what factors drive the security and resilience of core internet systems such as the DNS and prototype novel technical mechanisms to improve it. The work is based on our vision of intelligent domain name registries and the concept of collaborative internet security.

We are concentrating on three challenges

  • Improving the operation of DNS infrastructures: how to enable DNS operators to better engineer their infrastructures, in particular to maximise security and resilience?
  • Reducing domain name abuse: how to enable registries, registrars, hosting providers and other stakeholders to protect internet users against actors that use domain names for malicious purposes, such as for fake web shops, DDoS-for-hire sites and coordinated phishing attacks?
  • Protecting the internet against large-scale incidents: how to protect the DNS and the wider internet against large-scale (coordinated) incidents, such as the massive DDoS attacks generated by 600,000-node strong IoT botnets and routing hijacks?

    Internet evolution

    Our second research area is the evolution of the internet, both in terms of how the internet evolves (deployment, protocols, architecture) and in terms of experimental non-IP inter-networking systems such as SCION, NDN, and RINA.

    Our two challenges are:

    • Experiment with and advance emerging inter-networks: how to advance inter-domain networking systems to best serve society’s demands for increased networked service security, resilience and transparency?
    • Understand the evolution of the internet: how to longitudinally measure, map and visualise various aspects of how the internet and its architecture evolves, for instance in terms of concentrations of power, the uptake of new protocols such as DNS-over-HTTPS, the adoption of Let’s Encrypt and the use of anti-DDoS services?

    Way of working

    Our way of working is to make our results available and useful for the wider internet community (e.g. DNS operators and universities) and apply them to the specific operational challenges facing SIDN. For example, we developed our SPIN open-source software as a building block for anyone to use in cybersecurity products or research and at the same time we’re working with SIDN’s product development team to get SPIN deployed on modem/router equipment.

    In terms of technology development, we hover in the middle of the nine-point Technology Readiness Level (TRL) scale, which is roughly between levels 3 and 7. We collaborate intensively with the research community (e.g. University of Twente, NLnet Labs, SURFnet, University of Amsterdam, Delft University of Technology and the University of Southern California) on basic research (TRLs 1-3), and with operational teams at SIDN and elsewhere on projects requiring production-level expertise (TRLs 7-9).

    SIDN Labs Team

    • Foto van Caspar Schutijser

      Caspar Schutijser

      Research engineer

    • Foto van Cristian Hesselman

      Cristian Hesselman

      Director SIDN Labs

    • Foto van Elmer Lastdrager

      Elmer Lastdrager

      Research engineer

    • Foto van Giovane Moura

      Giovane Moura

      Data Scientist

    • Foto van Jelte Jansen

      Jelte Jansen

      Research engineer

    • Foto van Maarten Wullink

      Maarten Wullink

      Research engineer

    • Foto van Marco Davids

      Marco Davids

      Research engineer

    • Foto van Moritz Müller

      Moritz Müller

      Research engineer

    • Foto van Thymen Wabeke

      Thymen Wabeke

      Research engineer