SIDN Labs' joint projects

We work with highly regarded partners.

SIDN Labs often carries out joint projects, working with highly regarded partners, such as TNO, Delft University of Technology, the University of Twente and NLnet labs. A number of key projects are described below.

SIDN Labs' joint projects

Project Public-private Actions Against Botnets:

Establishing the Legal Boundaries (BotLeg)

The overall aim of BotLeg is to enhance legal clarity for stakeholders and the legitimacy of effective public-private anti-botnet activities, so as to promote lawful and legitimate anti-botnet operations. The objectives are to investigate the legal limits and the scope for public-private anti-botnet activities, to raise awareness amongst stakeholders of the legal scope for effective anti-botnet activities, and to develop guidelines and codes of conduct that clarify and establish the boundaries of anti-botnet operations in different sectors.

Lead time                      1 December 2014 till 1 December 2018
Partners Universiteit Tilburg (TILT), SURFnet, Vereniging Abuse Information Exchange,
LeaseWeb, Politie Nederland (Team High-tech Crime)
Funders SURFnet, Vereniging Abuse Information Exchange, LeaseWeb, Politie Nederland,
Nederlandse Organisatie voor Wetenschappelijk Onderzoek (NWO)
Main researcher Karine e Silva (TILT)

SIDN Labs contact person

Cristian Hesselman (SIDN Labs)


Project: Self-managing Anycast Networks for the DNS (SAND)

The key concept in the project is that of a SAND-based anycast network, which is a DNS anycast network that consists of geographically distributed virtual machines rather than hardware nodes. A SAND-based network is self-managing in that it continuously monitors itself and autonomously adjusts itself in terms of numbers of virtual machines and their network-topological location. The project has two main objectives. The first objective is the development of a graph theoretical approach for optimal placement of virtualised DNS anycast nodes, given the internet topology and relevant operational performance and cost parameters. The result is a SAND 'node placement graph', which is a description of the SAND-based anycast network for a specific snapshot of the internet's state. The second objective of the project is to design, develop and evaluate the SAND system, which adds self-management capabilities to existing DNS anycast services. The three responsibilities of the SAND system are: (i) to monitor the pivotal performance parameters of the DNS anycast services, (ii) to continuously and dynamically recalculate node placement graphs, and (iii) to dynamically instantiate new anycast nodes in the form of virtual machines, using the node placement graphs and the capabilities of parties that are capable of hosting nodes. As a result of the self-managing capabilities of SAND-based anycast networks, we expect that the project's impact will consist of (i) improved performance for internet users in terms of DNS response times and DDoS resilience and (ii) lower management costs for DNS anycast operators.

Lead time                          1 November 2014 till 1 November 2016
Partners Universiteit Twente, NLnet Labs en SIDN
Funders SIDN en NLnet Labs
Main researcher Dr. Ricardo de Oliveira Schmidt (Universiteit Twente)
SIDN Labs contact person Cristian Hesselman (SIDN Labs)
Website http://www.sand-project.nl/


Project: The Open INTernet Evolution Library (OpenINTEL)

The goal of the OpenINTEL project is to set up and manage the OpenINTEL platform, which will measure the evolution of the internet based on active and continuous DNS measurements. We opted for a DNS-based approach because tracking the evolution of the global internet at the IP level is virtually impossible because of the vast amounts of traffic and huge number of network nodes involved. Current approaches to DNS metrics rely largely on passive measurement. While that yields good results in certain spaces (e.g. security forensics), it does not paint a reliable picture of the DNS over time, because the data gathering methodology means that researchers have no control over the data collection frequency or the selection of domains for data collection. OpenINTEL is a scaled-up version of the dnsjedi platform designed and implemented by the University of Twente and SURFnet. The OpenINTEL platform will be a high-performance analysis infrastructure for the DNS, based on the Hadoop tool chain and will enable the efficient storage, analysis and sharing of measured data.

Lead time 1 Augustus 2015 till 1 Augustus 2018
Partners Universiteit Twente, SURFnet en SIDN
Funders Universiteit Twente, SURFnet en SIDN
Main researcher Roland van Rijswijk-Deij (Universiteit Twente en SURFnet)
SIDN Labs contact person Cristian Hesselman (SIDN Labs)
Website http://www.openintel.nl/


Project: REMEDI3S for TLDs (REMEDI3S-TLD)

The goal of REMEDI3S-TLD is to develop security metrics for top-level domains (TLDs) and to measure their operational values using DNS query data and other data sources, such as botnet and phishing feeds. The work is based on a model that distinguishes three types of security metrics, each at a different level of abstraction. The top level involves the security metrics of an entire TLD such as .nl, .com or .amsterdam. Examples of these metrics include the number of botnet contaminations in the TLD and the number of phishing attacks and their 'success rate'. In this project, we think of a TLD as the set of domain names that end with '.tld', which includes the websites and other servers that are reachable through those domain names. The relevant stakeholders at this level are users, registrants and website owners. The second level of the model is a refinement of the TLD level and consists of security metrics for market players within the TLD. These are internet infrastructure providers, such as the TLD's registry, registrars, hosting providers, and the DNS services of ISPs. Examples of security metrics at this level include concentration of malicious domains across players and their up-times. The third level is a breakdown of the second level and involves security metrics for the network resources managed by each of the players, such as autonomous systems, resolvers, and name servers. Because we focus on the security metrics of TLDs, our model excludes client machines. Examples of security metrics at the network level are the number of open resolvers in an autonomous system, the number of misbehaving resolvers (resolver reputation), and the number of name servers of a particular player that run DNS software with known vulnerabilities or that do not yet support DNSSEC.

Lead time 1 May 2014 till 1 May 2016
Partners Technische Universiteit Delft en SIDN (voor het REMEDI3S-project: Universiteit Delft, SIDN en NCSC)
Funders SIDN (voor het REMEDI3S-project: Technische Universiteit Delft, SIDN, NCSC en NWO)
Main researcher Dr. Maciej KorczyƄski (Universiteit Delft)
SIDN Labs contact person Maarten Wullink (SIDN Labs)


Project: Enhanced Top-level Domain Resilience through Advanced Data Analysis (ENTRADA)

The goal of the ENTRADA project is to further increase the security and stability of .nl, the DNS and the internet at large through advanced data analysis algorithms that automatically detect threats and anomalies in .nl-related network traffic, in particular in DNS traffic. The objective of the ENTRADA project is to develop and evaluate the ENTRADA platform, a high-performance data streaming warehouse that enables data analysis applications and services. Important requirements include that the platform is able to quickly search through and analyse large sets of DNS data, that it can be easily extended with traffic from new DNS name servers and other data sources, that it is designed for node failure and that it builds on open source components as much as possible in order to quickly incorporate new developments in this fast moving field of R&D. Another key requirement is that the platform includes mechanisms to strike a balance between the privacy of .nl users on the one hand and the contribution of ENTRADA applications to the security and stability of .nl on the other.

Lead time 1 January 2014 till 1 January 2016
Partners Non
Funders SIDN (internal project)
Main researcher Maarten Wullink (SIDN Labs)
SIDN Labs contact person Maarten Wullink (SIDN Labs)
Website http://stats.sidnlabs.nl/


Project Security Intelligence for Top-level Domain Operators (SITO)

Like the domains within any TLD, .nl domains can be abused for various types of attack: phishing, malware distribution, spam campaigns, fraudulent online shops, etc. Also, .nl domains may fall victim to distributed denial-of-service attacks (DDoS) and other such malicious activities. Moreover, domains can be hijacked, e.g. by stealing the registrant's credentials.

The goal of SITO is to detect a large variety of attacks and abuses that might involve .nl domains. To do so, SITO builds on the ENTRADA project, employing a data-driven approach to the detection of abuses and various types of attack, including the use of domains for phishing or spam campaigns. Ultimately, the goal is to provide early warnings with a view to protecting users, registrars, registrants and hosting providers from domains that have been compromised or are involved in abuse.

SITO is a large project which is divided into several modules, each of them addressing a specific type of attack. The first module is nDEWS (new Domain Early Warning System) and focuses on distinguishing 'normal' new domains from 'suspicious' ones by employing machine learning algorithms, using as input the DNS data that ENTRADA provides. Other modules will be developed in due course and information about them posted here.

Lead time 1 January 2015 till 1 January 2016
Partners Non
Funders SIDN (internal project)
Main researcher Giovane Moura (SIDN Labs)
SIDN Labs contact person Giovane Moura (SIDN Labs)
Website http://sito.sidnlabs.nl/


Project DBS Extensions (DBSext)

The goal of the DBS Extensions project is to research and develop new advanced functionality for the Domain Surveillance Service (https://www.sidn.nl/a/internet-security/dbs). For instance, we have developed an extension that classifies typosquat domains, indicating whether each is harmless (the name simply looks like the original) or dangerous (it appears to be a phishing site). Other topics of research are the inclusion of DNS traffic data in such profiles and the addition of other top-level domains to the DBS results.

Lead time 1 January 2014 till ..
Partners Non
Funders SIDN (internal project)
Main researcher Jelte Jansen (SIDN Labs)
SIDN Labs contact person Jelte Jansen (SIDN Labs)
Website http://dbsextsito.sidnlabs.nl/


Project Resolver Service

The resolver service is a managed DNS resolver that organisations can use instead of a DNS resolver of their own or one provided by their ISP. It offers additional functionality, such as full support for DNSSEC validation. At SIDN Labs, we are researching further new functionality for the resolver service to improve stability and security for the service's users.

Lead time 1 January 2014 till..
Partners Non
Funders SIDN (intern project)
Main researcher Jelte Jansen (SIDN Labs)
SIDN Labs contact person Jelte Jansen (SIDN Labs)
Website http://dbsextsito.sidnlabs.nl/


Project DNSSEC Validatie Monitor XXL

The goal of this project is to alert .nl registrars to all errors in the DNSSEC signing of the .nl domains that they manage. Even though the percentage of DNSSEC errors in .nl is already very low, we firmly believe that reducing the number of errors even further will promote DNSSEC adoption, especially on resolvers worldwide. Within the project, we have realised tools that are able to scan the entire .nl zone, looking for DNSSEC errors at high speed and reporting them to the relevant registrars. The Lab environment is currently being migrated to a full production station, as part of SIDN's Registrar Scorecard.

Lead time 1 January 2014 till 31 december 2015
Partners Non
Funders SIDN (internal project)
Main researcher Marco Davids (SIDN Labs)
SIDN Labs contact person Marco Davids (SIDN Labs)
Website http://dbsextsito.sidnlabs.nl/


Project ValiBox

The ValiBox is a small, affordable device that will provide a user with a DNSSEC validating resolver at home or when travelling. ValiBox is a small, internal project and its goal is to provide experience and insight into the pros and cons of validation much closer to the client. The project involves designing custom firmware (based on OpenWRT) and gathering information about the experiences of (non-technical) users. We would like to find out what the associated challenges are, such as the creation of captive portals in hotel environments. We are also experimenting with the provision of more informative feedback to users in the event of a validation error, much like the browser pop-ups that users get when a TLS problem is encountered. We will therefore also incorporate negative trust anchor options, RFC7646.

Lead time 1 January 2015 till 31 december 2015
Partners Non
Funders SIDN (internal project)
Main researcher Marco Davids (SIDN Labs)
SIDN Labs contact person Marco Davids (SIDN Labs)


Sponsorprojecten

Support for NLnet Labs

SIDN is supporting NLnet Labs for a period of five years, covering half of its turnover. We are providing this support because NLnet Labs' DNS software represents an important Dutch contribution to the security and stability of the internet infrastructure. The flagship products of NLnet Labs are the authoritative name server software NSD and the UNBOUND resolver. UNBOUND users include major Dutch internet service providers, such as XS4ALL and T-Mobile. Within the IETF, NLnet Labs has also contributed to numerous internet standards in fields such as DNSSEC, thus helping to guide the ongoing development of the internet. The work of NLnet Labs is therefore important for numerous internet infrastructure stakeholders, including our .nl registrars.

Lead time 1 January 2012 tot 1 January 2017
Partners NLnet Labs, SIDN
Financiers SIDN (internal project)
Main researcher  -
SIDN Labs contact person Cristian Hesselman (SIDN Labs)
Website http://www.nlnetlabs.nl/