Categories
IETF Open Internet Standards Technology

Concluding the IETF Rough Guide, Long Live the IETF Blog

For many years we have produced a series of blog posts as a Rough Guide to each upcoming IETF meeting usually in the week prior to the meeting. The Rough Guides were intended to provide a snapshot of IETF activity of interest to the Internet Society because of programmatic activity that we were engaged in. They were also an opportunity to highlight the activities sponsored directly by the Internet Society that were happening adjacent to the upcoming IETF meeting.

Rough Guides were intended to help guide a non-specialist but technically minded audience to the hot topics and debates of interest at each upcoming IETF meeting with pointers to the agenda and remote participation possibilties. Originally intended to help spur meeting attendance by those interested in the key topics, they became a way to highlight important discussions taking place and ways to get involved in person or remotely.

As we are now less than a week away from the IETF 104 meeting in Prague it seemed like the right time to share an update regarding our plans for writing about IETF activity. We have decided to discontinue producing the Rough Guides. Instead, we will be helping to supply relevant, high-quality content for the IETF Blog.

News about upcoming meetings, post-meeting wrap-ups and articles about work on specific technical topics taking place at IETF are now regular features of the IETF blog. It is providing an excellent resource for the wider audience interested in the work of the IETF and ways to get involved. Recent posts on the IETF Blog have included a summary of potential new work being discussed at IETF 104; an update on ACME  a technology that is automating steps towards increased encryption on the Internet; and an introduction to MUD  a new protocol which addresses the challenge of managing an increasing number of Things on our networks.

We will continue to write about the IETF and the technical work taking place in the many working groups through the Internet Society’s regular channels. We may also help to curate content from the IETF community for publication on the IETF blog, as needed.

Categories
Building Trust Events Improving Technical Security Internet Governance Technology

Join Us to Discuss Attack Response at Internet Scale

How do we coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won’t survive for long as the network of networks grows ever larger. But it’s not just the technology, it’s also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create.

One such challenge is unwanted traffic, ranging from spam and other forms of messaging-related abuse to multi-gigabit distributed denial of service attacks. Numerous incident response efforts exist to mitigate the effects of these attacks. Some are focused on specific attack types, while others are closed analysis and sharing groups spanning many attack types.

We are helping to bring together operators, researchers, CSIRT team members, service providers, vendors, information sharing and analysis centre members to discuss approaches to coordinating attack response at Internet scale. The Internet Society is sponsoring a two-day “Coordinating Attack Response at Internet Scale (CARIS) Workshop” intended to help build bridges between the many communities working on attack response on the Internet and to foster dialogue about how we can better collaborate.

The workshop will take place on February 28 to March 1, 2019. Full details including submission instructions are available. The submission deadline for two-page position papers is December 16, 2018.

Categories
Events IETF Internet of Things (IoT)

Rough Guide to IETF 103: Internet of Things

Not surprisingly it has been a busy 4 months in IoT, and IoT-related work in IETF has been buzzing right along. This post is intended to highlight some of these activities, and to provide a guide to relevant sessions scheduled during the upcoming IETF 103 meeting in Bangkok. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics.

The IETF Hackathon, held on the weekend preceding the main IETF meeting (November 3-4, 2018), includes several projects directly related to IoT, with the possibility of more being added. Remote participation is available. More information is on the Hackathon wiki. Projects of interest (at the time of this writing) include those relating to:

  • LPWAN CoAP/UDP/IPv6 SCHC compression and fragmentation
  • ST-COAPS (ACE WG) + ANIMA BRSK
  • WISHI (Work on IoT Semantic / Hypermedia Interoperability
  • Trusted Execution Environment Provisioning (TEEP)

The Thing-to-Thing Research Group (T2TRG), under the Internet Research Task Force (IRTF), investigates open research issues towards turning the promise of IoT into reality. The research group will be meeting on Tuesday afternoon 6 Nov 2018 16:10-18:10 (GMT+7) in Bangkok to report out on their recent activities. In addition, they will hold a working meeting on Friday 9-November from 09:00 to 13:20 (GMT+7). The agenda for the Friday work meeting can be found here. As in the past, full details and latest info on their activities can be found in GitHub.

Two recently chartered IoT-related working groups are working on very serious problems, and are making good progress:

I would like to draw your attention to some recently started activities of note:

In other contributed updates of interest:

The Lightweight Implementation Guidance (LWIG) working group is providing useful implementation guidance to IoT developers. At IETF 103, the group will have discussions to finalize the draft on lightweight TCP implementations and Efficient Neighbor Management policies for 6LoWPAN networks. The group will also discuss a draft which defines how various standard elliptic curves such as NIST P-256, Curve25519 and Ed25519 can efficiently re-use the same underlying implementation. The session is Tuesday 7 Nov 2018 11:20-12:20 (GMT+7).

Another interesting draft titled Enabling Network Access for IoT devices from the Cloud in the Thing-to-Thing Research Group (T2TRG) investigates how to overcome the perennial problem of secure bootstrapping of IoT devices. Rather than inventing another protocol, the draft describes how IoT devices can securely join a network with existing standard protocols such as EAP (RFC 3748) and RADIUS (RFC 2865). The draft received significant positive media coverage by The Register. In the latest update, the draft presents how to deal with the tricky problem of manufacturer obsolescence. It also defines new deployment modes for devices which have no identities or keys using existing EAP methods such as EAP-PSK (RFC 4764) and new EAP methods such as EAP-NOOB (Nimble out-of-band authentication for EAP).

Thanks to Mohit Sethi, Ericsson (Co-Chairing EAP Method Update (EMU) and Lightweight Implementation Guidance (LWIG))

IoT Onboarding

A lot of work is going on to figure out how to help a device with no user interface onboard to the correct network in a secure way. The basis for some of this work is the Bootstrapping Remote Secure Key Infrastructure draft (BRSKI). This work is built atop HTTP. Several other activities are now looking at how to provide the voucher that is used in BRSKI and defined in RFC 8366 for other circumstances, like 802.11 networks and for further constrained devices. There are at LEAST three drafts on this subject, that will be mentioned in the OPS Area WG (OPSAWG) meeting, as well as at the EAP Method Update (EMU) WG session. There will also be a side meeting on Tuesday night at 18:00 local time for those who are interested in Apartment 3 on the 9th floor.

Thanks to Eliot Lear, Cisco

ANIMA‘s Bootstrapping Remote Secure Key Infrastructure draft (BRSKI) protocol has passed WGLC, and by IETF103 may be through IESG review and into the RFC-EDITOR queue. Since IETF101, ANIMA has adopted a constrained version of RFC8366 + BRSKI, and ACE has adopted a constrained version of RFC7030 (Enrollment over Secure Transport – EST). Expect serious activity on these protocols at IETF103, as these variations are approaching WGLC. A variety of interoperability events are being planned around these protocols, and there may be reports on those that have get done. Interest is growing on how to do device secure device enrolment over WiFi. The draft BRSKI over IEEE 802.11 gives a review of many different ideas, and the Wifi Alliance has recently released the Device Provisioning Protocol (DPP) Specification (requires registration).

Thanks to Michael Richardson, Sandelman Software Works

The IETF motto about running code is being applied to the opsawg’s MUD internet draft. CIRALabs has been working over the summer to bring to life a MUD-driven IoT firewall called the “SecureHomeGateway.” The system uses a smartphone, an off-the-shelf OpenWRT home gateway, and a QR code to apply the MUD internet draft to common devices. The team is taking the work up to ISPs at RIPE, to ccTLD operators at ICANN and has been keeping the HOMENET and ANIMA WGs appraised of developments. The CIRAlabs team expects to make some extensions (MUD processing and extensions for Secure Home Gateway Project) to MUD to better support some operational requirements that might come out of the SUIT and ANIMA The team also has some ideas on how to bootstrap the initial trust between mobile phone and home gateway (BRSKI enrollment for Smart Pledges).The MUD authors are now also looking at ways to expand the use of MUD to bandwidth profiling, so that administrators can provision based on the devices’ needs and observe when a device is behaving outside that profile. The initial draft can be found at https://datatracker.ietf.org/doc/draft-lear-opsawg-mud-bw-profile/.

Thanks to Michael Richardson, Sandelman Software Works, and Eliot Lear, Cisco

MUD

While we are on the subject of “Manufacturer Usage Description Specification“ (MUD), I am pleased to see that it is gaining some serious traction. Last June, the Internet Engineering Steering Group (IESG) approved it as a proposed standard.

From the abstract: This memo specifies a component-based architecture for manufacturer usage descriptions (MUD). The goal of MUD is to provide a means for end devices to signal to the network what sort of access and network functionality they require to properly function. The initial focus is on access control. Later work can delve into other aspects.

For more on MUD, Eliot Lear, one of the MUD authors, wrote a great article about it for the IETF Journal: Managing the Internet of Things – It’s All About Scaling.

As I have noted in previous IoT Rough Guides, MUD also plays a significant role in the project – Mitigating IoT-Based Automated Distributed Threats – being developed by the US National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE). NCCoE has also taken on a proof of concept project. You can find out more about that at https://www.nccoe.nist.gov/projects/building-blocks/mitigating-iot-based-ddos.

Ongoing work includes:

Schedule and locations subject to change. Please refer to the online agenda to confirm.

If you have an interest in how the IoT is developing and being standardized in the IETF, I hope to see you in person or online at some of these meetings during IETF 103. (Note that If you know you will be unable to travel to the meeting and would like to participate remotely, you must register as a remote participant. There is currently no fee to be a remote participant at an IETF meeting but registration is required. If you do not want to register, you may opt to listen to the live audio stream of the sessions instead. The links for each session are posted in each session description in the agenda.

** All times ICT — Indochina Time (GMT+7) 

6lo (IPv6 over Networks of Resource-constrained Nodes) WG
Monday, 5 Nov 2018, 16:10-18:10
Meeting 2 Room (7th Floor)
Agenda/Materials
Documents
Charter

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Thursday, 8 Nov 2018, 16:10-18:10
Boromphimarn 3 Meeting Room (3rd Floor)
Agenda/Materials
Documents
Charter

ace (Authentication and Authorization for Constrained Environments) WG
Thursday, 8 Nov 2018, 16:10-18:10
Chitlada 1 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

core (Constrained RESTful Environments) WG
Monday, 5 Nov 2018, 13:50-15:50
Boromphimarn 1/2 Meeting Room (3rd Floor)
Thursday, 8 Nov 2018, 11:20-12:20
Chitlada 1 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

homenet (Home Networking) WG
Wednesday, 7 Nov 2018, 13:50-15:20
Chitlada 3 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

ipwave (IP Wireless Access in Vehicular Environments) WG
Tuesday, 6 Nov 2018, 11:30-12:20
Chitlada 3 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

lpwan (IPv6 over Low Power Wide-Area Networks) WG
Tuesday, 6 Nov 2018, 09:00-11:00
Meeting 1 Room (7th Floor)
Agenda/Materials
Documents
Charter

lwig (Light-Weight Implementation Guidance) WG
Wednesday, 7 Nov 2018, 11:20-12:20
Meeting 2 Room (7th Floor)
Agenda/Materials
Documents
Charter

opsawg (Operations and Management Area) WG
Tuesday, 6 Nov 2018, 16:10-18:10
Chitlada 2 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

rats (Remote ATtestation ProcedureS – aka simply Attestation) BoF
Tuesday 6 Nov 2018, 13:50-15:50
Chitlada 2 Meeting Room (2nd Floor)
RATS draft charter

roll (Routing Over Low power and Lossy networks) WG
Monday, 5 Nov 2018, 09:00-11:00
Boromphimarn 1/2 Meeting Room (3rd Floor)
Agenda/Materials
Documents
Charter

suit (Software Updates for Internet of Things) WG
Thursday, 8 Nov 2018, 09:00-11:00
Chitlada 2 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

t2trg (Thing-to-Thing) RG
Tuesday 6 Nov 2018, 16:10-18:10
Meeting 1 Room (7th Floor)
Agenda/Materials
Documents
Charter

teep (Trusted Execution Environment Provisioning) WG
Wednesday, 7 Nov 2018, 09:00-11:00
Meeting 2 Room (7th Floor)
Agenda/Materials
Documents
Charter

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 103 posts, and follow us on the Internet Society blogTwitter, or Facebook using #IETF103 to keep up with the latest news.

Categories
Events IETF Technology

Rough Guide to IETF 103

Starting next weekend, the Internet Engineering Task Force will be in Bangkok for IETF 103, where around 1,000 engineers will discuss open Internet standards and protocols. The week begins on Saturday, 3 November, with a Hackathon and Code Sprint. The IETF meeting itself begins on Sunday and goes through Friday. We’ll be providing our rough guides on topics of mutual interest to both the IETF and the Internet Society as follows:

For more general information about IETF 103 see:

Here are some of the activities that the Internet Society is involved in during the week.

Applied Networking Research Prize (ANRP)

Through the Applied Networking Research Prize (ANRP), supported by the Internet Society, the Internet Research Task Force (IRTF) recognizes the best new ideas in networking and brings them to the IETF, especially in cases where the ideas are relevant for transitioning into shipping Internet products and related standardization efforts. Out of 55 submissions in 2018, six submissions will be awarded prizes. Two winners will present their work at the IRTF Open Meeting on Monday, 5 November at 4:10PM.

IETF Journal

The IETF Journal provides an easily understandable overview of what’s happening in the world of Internet standards, with a particular focus on the activities of the IETF Working Groups. Articles highlight some of the hot issues being discussed in IETF meetings and on the IETF mailing lists. You can follow IETF Journal via our Twitter and Facebook channels. If you would like to write for the Journal about your work at IETF 103, please email us at ietfjournal@isoc.org.

Other highlights of the IETF 103 meeting include:

Hackathon

Right before IETF 103, the IETF is holding another Hackathon to encourage developers to discuss, collaborate, and develop utilities, ideas, sample code, and solutions that show practical implementations of IETF standards. The Hackathon is free to attend but has limited seats available. Technologies from past Hackathons include DNS, HTTP 2.0, NETVC, OpenDaylight, ONOS, VPP/FD.io, RiOT, SFC, TLS 1.3, WebRTC, YANG/NETCONF/RESTCONF. Details on all planned technologies will be listed on the IETF 103 Meeting Wiki.

Birds of a Feather (BoF) Sessions

Another major highlight of every IETF is the new work that gets started in birds-of-a-feather (BoF) sessions. Getting new work started in the IETF usually requires a BoF to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. There are two BoFs happening in Bangkok:

  • Remote Attestation Procedures (rats) Tuesday, 6 November, 13:50 – 15:50. The RATS effort strives to provide evidence about a system’s health and trustworthiness via the Internet. Instead of having a separate set of protocols for each set of mechanisms, the RATS effort will define a common set of protocols that can be used inter-operably over the Internet.
  • WGs Using GitHub (wugh) Wendesday, 7 November, 13:50 – 15:20. A venue to continue discussion about ways that IETF Working Groups are using GitHub. The goal of the meeting is to determine whether there is enough support in the community to warrant more detailed discussions with the IETF Tools Team and the IETF Secretariat about functional requirements and process details to support integrating GitHub use into WG work.

Follow Us

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Follow us on the Internet Society blogTwitter, or Facebook using #IETF103 to keep up with the latest news.

Categories
IETF Improving Technical Security Internet of Things (IoT) Open Internet Standards Technology

Rough Guide to IETF 99: Internet of Things

The Internet of Things (IoT) is a buzzword around the Internet industry and the broader technology and innovation business. We are often asked what the IETF is doing in relation to IoT and in this short post I’d like to highlight some of the relevant sessions scheduled during the upcoming IETF 99 meeting in Prague. Check out the IETF Journal IoT Category or the Internet Society’s IoT page for more details about many of these topics.

The core WG aims to extend the Web architecture to most constrained networks and embedded devices. This is one of the most active IoT working groups and they will be meeting twice in Prague, on Wednesday morning and Friday afternoon.

The Thing-to-Thing Research Group investigates open research issues in turning the IoT into reality. The research group will be holding a two-day workshop on the topic of IoT Semantic/Hypermedia Interoperability on the Saturday and Sunday prior to the IETF meeting. They will also be meeting on Tuesday afternoon in Prague to report out on their recent activities.

The 6lo WG defines mechanisms to adapt IPv6 to a wide range of radio technologies, including “Bluetooth Low Energy” (RFC 7668), ITU-T G.9959 (as used in Z-Wave, RFC 7428), and the Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE) cordless phone standard and the low-cost wired networking technology Master-Slave/Token-Passing (MS/TP) that is widely used over RS-485 in building automation. They will be meeting on Tuesday afternoon in Prague.

The 6tisch WG was chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks. They are meeting on Monday afternoon in Prague.

The IPv6 over Low Power Wide-Area Networks (lpwan) WG will be meeting in Prague on Friday morning. Typical LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles, using license-exempt bands.

The IP Wireless Access in Vehicular Environments (ipwave) WG‘s primary deliverable is a specification for mechanisms to transmit IPv6 datagrams over IEEE 802.11-OCB mode. ipwave will meet on Thursday afternoon in Prague.

Security for IoT is addressed in several WGs including the ace WG that is concerned with authenticated authorization mechanisms for accessing resources hosted on servers in constrained environments. ace will meet on Monday morning.

Routing for IoT is tackled by the roll WG which focuses on routing protocols for constrained-node networks. Thursday afternoon is the time for them to meet in Prague.

Finally, in addition to the new protocols and other mechanisms developed by IETF working groups, IoT developers often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (lwig) WG is developing such documents and they will meet in Prague on Thursday afternoon.

If you have an interest in how the IoT is developing and being standardised in the IETF I hope to see you in person or online at some of these meetings during IETF 99.

t2trg (Thing-to-Thing) RG
July 15/16 (weekend prior to IETF99)
Workshop on IoT Semantic/Hypermedia Interoperability
Workshop details
Tuesday, 18 July 2017, 1330-1530
Grand Hilton Ballroom
Agenda
Charter

6lo (IPv6 over Networks of Resource-constrained Nodes) WG
Tuesday, 18 July 2017, 1550-1750
Karlin I/II
Agenda
Documents
Charter

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Monday, 17 July 2017, 1330-1530
Karlin I/II
Agenda
Documents
Charter

lpwan (IPv6 over Low Power Wide-Area Networks) WG
Friday, 21 July 2017, 0930-1130
Karlin I/II
Agenda
Documents
Charter

core (Constrained RESTful Environments) WG
Wednesday, July 19 2017, 0930-1200
Congress Hall I
Friday, 21 July 2017, 1150-1320
Congress Hall III
Agenda
Documents
Charter

ace (Authentication and Authorization for Constrained Environments) WG
Monday, 17 July 2017, 0930-1200
Congress Hall I
Agenda
Documents
Charter

roll (Routing Over Low power and Lossy networks) WG
Thursday, 20 July 2017, 1330-1530
Karlin I/II
Agenda
Documents
Charter

lwig (Light-Weight Implementation Guidance) WG
Thursday, 20 July 2017, 1810-1910
Athens/Barcelona
Agenda
Documents
Charter

ipwave (IP Wireless Access in Vehicular Environments) WG
Thursday, 20 July 2017, 1550-1750
Athens/Barcelona
Agenda
Documents
Charter

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.

Categories
Beyond the Net Community Projects Growing the Internet Human Rights

Internet@MySchool – a pilot project connecting Yemeni schools in Sanaa and Aden

As a country, Yemen is among the least with Internet connectivity in the Middle East. This is particularly troubling given the rise of Internet access across the globe. Furthermore, the youth in Yemen constitute the majority of the population yet are being left behind because of the lack of Internet access in schools due to poor economic conditions coupled with other priorities that supersede Internet access.

And due to the continuation of conflicts, the educational process in Yemen facing many challenges: shortages in the financial resources, the rehabilitation of partially damaged schools, and the printing of school textbooks. Currently, there are about 2 million school-age children are out of school and more than 1,600 schools are currently unfit for use due to conflict-related damage, hosting of IDPs, or occupation by armed groups.

While schools in Yemen facing these challenges, that does not mean that Internet access should not be a high priority. On the contrary, we believe that the Internet could be a strong incentive and means of support to help students acquire knowledge and be motivated to study online and compensate for the lack of books and other study material.

Students need the Internet because it is the most effective way to share ideas and experiences and complement regular traditional education. Similarly, teachers need to be informed of the new pedagogic methods and teaching material that allows them to enhance their teaching methods and improve their curricula. Teachers can also use the Internet to exchange views with each other and formulate common ideas to present to the government. This is why Yemen Chapter strongly believe in connecting schools to the internet will have a long-term positive impact.

Thanks to Beyond the Net Funding Programme support we are implementing Internet@MySchool, a project which aims to connect to the Internet four secondary school’s senior classrooms in two cities (Sanaa, and Aden) and provide training and booklets to ensure that the Internet services the project provides are used effectively by students and teachers in those schools.

The project will select one boys school and one girls school in both cities. Those schools are going to be a pilot project, which we hope will be replicated across the country and the region.

The project team, in the last five months, has worked hard to identify the selected schools to implements the project through a selection and evaluation criteria. The team has completed the following activities:

  • Installed the Internet and network infrastructure in four schools in Sana’a and Aden.
  • Produced and printed 3000 copy of a booklet in Arabic language with illustrations will be used in the training sessions for students on the basics of internet and how to use internet as a tool for education. The booklet will be distributed to students and staff in the selected schools and could be reprinted and used in many different settings and contexts if resources are available.
  • Created a website for the project with login authorization to each of the schools to allow students and staff posting  their own experiences, photos, questions, and other contributions and for the project to promote its work. Additionally, students can communicate with their teachers and colleagues to discuss and share educational resources or materials.
  • Created Social media accounts such as facebook page for disseminating project activities among public audience.
  • Video showing some activities of the project
  • Video promoting the website of the project 
  • Preparing for the training sessions in the next few weeks.
Share this story

If you like this story, please share it with your friends. That would tremendously help in spreading the word and raising the visibility of this project. Help more people understand how the Internet can change lives.

We are interested in your project

We are looking for new ideas from people all over the world on how to make your community better using the Internet. Internet Society “Beyond the Net Funding Programme” funds projects up to $ 30.000 USD.

Find out more about the programme 
Stay tuned for the upcoming blog and follow our stories on Twitter 

Categories
IETF Internet of Things (IoT) Technology

Rough Guide to IETF 98: Internet of Things

The Internet of Things (IoT) is a buzzword around the Internet industry and the broader technology and innovation business. We are often asked what the IETF is doing in relation to IoT and in this short post I’d like to highlight some of the relevant sessions scheduled during the upcoming IETF 98 meeting in Chicago next week. Check out the IETF Journal IoT Category for more details about many of these topics.

Before getting into the IETF 98 proceedings, I’ll note that the IAB recently provided commentsto the United States National Telecommunications and Information Administration (NTIA) on the Green Paper: Fostering the Advancement of the Internet of Things that was released on January 12, 2017.

The core WG aims to extend the Web architecture to most constrained networks and embedded devices. This is one of the most active IoT working groups and they will be meeting twice in Chicago, on Tuesday afternoon and Friday afternoon.

The Thing-to-Thing Research Group investigates open research issues in turning the IoT into reality. They will be meeting on Monday afternoon in Chicago to report out on various recent activities. There will also be some t2trg-related items on the agenda of the Information Centric Networking research group meeting taking place on Sunday March 26.

The 6lo WG defines mechanisms to adapt IPv6 to a wide range of radio technologies, including “Bluetooth Low Energy” (RFC 7668), ITU-T G.9959 (as used in Z-Wave, RFC 7428), and the Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE) cordless phone standard and the low-cost wired networking technology Master-Slave/Token-Passing (MS/TP) that is widely used over RS-485 in building automation. They will be meeting on Wednesday morning in Chicago.

The 6tisch WG was chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks. They are meeting on Tuesday morning in Chicago.

The IPv6 over Low Power Wide-Area Networks (lpwan) WG will be meeting in Chicago on Wednesday afternoon. Typical LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles, using license-exempt bands.

The IP Wireless Access in Vehicular Environments (ipwave) WG’s primary deliverable is a specification for mechanisms to transmit IPv6 datagrams over IEEE 802.11-OCB mode. ipwave will meet on Friday morning in Chicago.

Security for IoT is addressed in several WGs including the ace WG that is concerned with authenticated authorization mechanisms for accessing resources hosted on servers in constrained environments. The ace WG will meet on Monday morning.

Routing for IoT is tackled by the roll WG which focuses on routing protocols for constrained-node networks. Thursday afternoon is the time for them to meet in Chicago.

Finally, in addition to the new protocols and other mechanisms developed by IETF working groups, IoT developers often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (lwig) WG is developing such documents and they will meet in Chicago on Monday afternoon.

If you have an interest in how the IoT is developing and being standardised in the IETF I hope to see you in person or online at some of these meetings during IETF 98.

t2trg (Thing-to-Thing) RG
Monday, 27 March 2017, 1300-1500, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/t2trg/
Charter: https://irtf.org/t2trg

6lo (IPv6 over Networks of Resource-constrained Nodes) WG
Wednesday, 29 March 2017, 0900-1130, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/
Charter: http://datatracker.ietf.org/wg/6lo/charter/

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Tuesday, 28 March 2017, 0900-1130, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/
Charter: http://datatracker.ietf.org/wg/6tisch/charter/

lpwan (IPv6 over Low Power Wide-Area Networks) WG
Wednesday, 29 March 2017, 1300-1500, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/lpwan/
Documents: https://datatracker.ietf.org/group/lpwan/
Charter: https://datatracker.ietf.org/group/lpwan/charter/

core (Constrained RESTful Environments) WG
Tuesday, 28 March 2017, 1300-1430, Zurich C
Friday, 31 March 2017, 1150-1320, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/core/
Documents: https://datatracker.ietf.org/wg/core/
Charter: http://datatracker.ietf.org/wg/core/charter/

ace (Authentication and Authorization for Constrained Environments) WG
Monday, 27 March 2017, 0900-1130, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/ace/
Documents: https://datatracker.ietf.org/wg/ace/
Charter: http://datatracker.ietf.org/wg/ace/charter/

roll (Routing Over Low power and Lossy networks) WG
Thursday, 30 March 2017, 1740-1840, Zurich B
Agenda: https://datatracker.ietf.org/meeting/98/agenda/roll/
Documents: https://datatracker.ietf.org/wg/roll/
Charter: http://datatracker.ietf.org/wg/roll/charter/

lwig (Light-Weight Implementation Guidance) WG
Monday, 27 March 2017, 1710-1810, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/lwig/
Documents: https://datatracker.ietf.org/wg/lwig/
Charter: http://datatracker.ietf.org/wg/lwig/charter/

ipwave (IP Wireless Access in Vehicular Environments) WG
Friday, 31 March 2017, 0900-1130, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/ipwave/
Documents: https://datatracker.ietf.org/wg/ipwave/
Charter: http://datatracker.ietf.org/wg/ipwave/charter/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
Building Trust Domain Name System (DNS) Improving Technical Security Open Internet Standards Privacy Technology

DNS Privacy: Solutions emerging, but deployment lags

I recently attended the DNS Privacy Workshop colocated with this year’s NDSS 2017 in San Diego, California. DNS privacy has received considerable attention from researchers and engineers since the Snowden revelations of state-backed pervasive surveillance in 2013 and the workshop covered a lot of ground.

For some Internet users, anonymity is critically important and a service like ToR exists to obfuscate the location and browsing habits of ToR users. Even ToR users have a need to resolve names using DNS however (for non-hidden services) and they are then vulnerable to the exit relay operator’s DNS configuration. The addition of DNS data to existing attack techniques makes attacks more precise, especially for infrequently visited websites (e.g. dissident sites). Exit relay operators are therefore advised to run their own resolvers with QNAME minimisation. In the long term, adding confidentiality to DNS is necessary to prevent it being used as a vector for de-anonymisation of ToR users.

Curiously, ToR was also discussed as a potential solution to the problem of DNS recursive resolver logs falling into the wrong hands. Incorporating a micropayment solution to align incentives and using ToR to anonymise traffic could create a recursive resolution service that wouldn’t have the logging vulnerability problems we see today. Latency of such a service would however be an issue in many cases, which brings me to my next point.

There is a critical tension between contemporary uses of the DNS to provide resilient and low-latency services versus the desire for greater privacy. Most DNS TTLs of the Alexa top 500 are less than 20 minutes. TTLs of 20 minutes make caching solutions and tools like Namecoin effectively impractical for popular sites. One suggestion is to download large caches of DNS data from relatively anonymous locations (libraries, coffeeshops, etc.) and then use those when in more privacy-vulnerable locations, e.g. at home. However within a 2 week window one third of A records (and nearly two thirds of AAAA records … go figure) for the Alexa top 500 have changed, so this approach, while certainly possible, has clear limitations.

While DNS privacy seems like an unambiguously good thing, greater confidentiality of DNS traffic will impact researchers and service providers that rely on passive collection of DNS information. Codifying anonymisation and data access practices may help here.

Workshop participants heard concerns about the pace with which the technical building blocks for adding confidentiality to DNS, namely DNS-over-TLS, are being adopted. However, we should remember that DNS-over-TLS was only standardized 9 months ago in RFC 7858.

In addition to addressing the implementation and deployment challenge, the DNS community needs to heed the lessons about usable security that have been learned, e.g. from HTTP(S) security indicators and SSL Certificate warnings. In order for DNS privacy solutions to become pervasive, addressing the usability challenge is essential. It may be that the emerging solutions to the DNS privacy problem are not sufficiently baked or too hot off the press to expect much deployment to have taken place, or a stronger effort to evangelise the availability of new tools may be necessary.

The workshop also considered a detailed analysis of padding DNS queries and responses (padding encrypted DNS messages makes it harder to apply size-based correlation with known unencrypted messages), securing DNS Service Discovery, and a detailed analysis of the tradeoffs between the numerous authentication mechanisms for DNS privacy enabling recursive resolvers.

The workshop concluded with breakouts creating content for the workshop report including conclusions, recognised challenges and research agenda recommendations. A full report of the workshop will be available in due course.

Slides from the workshop are available and audio should also be available soon. The DNS Privacy Project pages provide extensive further reading and details regarding available implementions of servers and clients supporting DNS-over-TLS.

Categories
Domain Name System (DNS) IETF Improving Technical Security Privacy

DNS Privacy and Route-Aggregation Research Awarded 2015 ANRP; 2016 Nominations Open

The latest recipients of the Applied Networking Research Prize (ANRP) for 2015 are Haya Shulman and João Luís Sobrinho. Shulman won her award for analyzing the deficiencies of different approaches to DNS privacy. You can read the full paper at https://www.ietf.org/mail-archive/web/dns-privacy/current/pdfWqAIUmEl47.pdf.

Sobrinho and his co-authors won their award for designing a route-aggregation technique that allows filtering while respecting routing policies. You can read the full paper at http://www.cs.princeton.edu/~jrex/papers/dragon14.pdf.

Shulman and Sobrinho have been invited to present their findings to the Internet Research Task Force open meeting during IETF 93 in July in Prague, Czech Republic. Remote participation details and the exact timing of their presentations will be available at https://www.ietf.org/meeting/93/index.html in due course.

For the 2015 award period of the ANRP, 33 eligible nominations were received. Each submission was reviewed by 3-5 members of the selection committee according to a diverse set of criteria, including scientific excellence and substance, timeliness, relevance, and potential impact on the Internet. Based on this review, five submissions will be awarded prizes in 2015. The first ANRP award for 2015 was given to Aaron Gember-Jacobson.

Nominations for the 2016 ANRP awards is now open. Nominations can be submitted until 31 October 2015 via the ANRP submission site. You can also read more about the awards and how to nominate.

Categories
IETF

Routing State Distance – a new metric for understanding Internet routing

The Internet Research Task Force (IRTF) has been hosting some of the most interesting talks at recent IETF meetings as the Applied Networking Research Prize winners are given the stage to present the work for which they have been recognised. At the IETF86 meeting in Orlando earlier this month, Gonca Gürsun, a PhD student from Boston University and the most recent recipient of the ANRP, discussed a new metric for analysing the structure of Internet routing.

The Routing State Distance (RSD) metric is a tool to analyse BGP routing policies and can be used for visualisation of networks and routes, detecting patterns in routing behaviour, and provides new insights about the routing fabric of the Internet. RSD is roughly a measure of how similar or dissimilar routes to a given destination network are (for a full explanation, see the paper for which Gonca won her award: Gonca Gürsun, Natali Ruchansky, Evimaria Terzi and Mark Crovella. Routing State Distance: A Path-based Metric For Network Analysis. Proc. ACM Internet Measurement Conference (IMC), November 2012, Boston, MA, USA). This way of looking at the Internet allows us to see some interesting patterns emerge.

Using 48 million routing paths collected from Routeviews and RIPE RIS projects with over 359 Internet vantage points, Gonca and her collaborators set out to understand what RSD could reveal about the structure of Internet routing and the early results are fascinating.

RSD visualisation reveals clusters of networks that make similar routing decisions. The two very distinct clusters in the Figure illustrate the effect of Hurricane Electric’s very open peering policy. Sources always route through Hurricane Electric if the option exists. This is a macro-scale cluster arising from the peering policy of a single operator and it is visible in any random sample from the dataset – a true Internet-wide phenomenon! Gonca’s research also reveals smaller clusters which seem to be driven more by geopolitical concerns and the affinities of operators from specific countries.

RSD is an original and very interesting way to look at the Internet’s routing structure. Promising future directions for the research include going beyond visualisation to detecting routing instabilities and anomalies. Code, data and more information is available at: http://csr.bu.edu/rsd. Gonca’s slides are at: http://www.ietf.org/proceedings/86/slides/slides-86-irtfopen-1.pdf.

ANRP prizes will be awarded at the two remaining IETF meetings this year, and the call for nominations for the 2014 award cycle will open after the summer.

Categories
IETF Technology

What's happening at the IETF?

The Internet Engineering Task Force (IETF) is the pre-eminent global standards organisation for Internet technologies and it will be meeting all next week in Orlando, Florida. Prior to each IETF meeting, three times a year, we put together a guide to the sessions most relevant to our programmatic work. At this IETF meeting we are focussing on the following broad categories of work:

  • Trust technologies
  • Authentication/Authorization
  • Infrastructure/Support
  • IPv6
  • Bandwidth

Check out the Internet Society’s Rough Guide to Hot Topics at IETF86 for details of these work areas and pointers to other agenda highlights that are sure to make this another great meeting and another milestone in the development of the Internet.