The Domain Name System (DNS) offers ways to significantly strengthen the security of Internet applications via a new protocol called the DNS-based Authentication of Named Entities (DANE). One problem it helps to solve is how to easily find keys for end users and systems in a secure and scalable manner. It can also help to address well-known vulnerabilities in the public Certification Authority (CA) model. Applications today need to trust a large number of global CAs. more
Security for Internet-connected devices, the "Internet of Things" (IoT), is critically important. Now, more than ever, it is top of mind for device manufacturers, network operators, consumer advocates, lawmakers, and government regulators -- domestically and internationally. In the face of recent attacks, government authorities and consumer advocates have proposed legislation, frameworks, certifications, and labeling schemes. more
In my last blog post I shared some of the general security challenges that come with the Internet of Things (IoT). In this post, I will focus on one particular security risk: distributed denial of service (DDoS) attacks. Even before the age of IoT, DDoS attacks have been turning multitudes of computers into botnets, attacking a single target and causing denial of services for the target's users. By "multitudes" we can be talking about thousands or even millions of victim devices. Now add IoT into the equation... more
Do "smart" parking meters really need phone numbers? Does every "smart meter" installed by electric utilities need a telephone number? Does every new car with a built-in navigation system need a phone number? Does every Amazon Kindle (and similar e-readers) really need its own phone number? In the absence of an alternative identifier, the answer seems to be a resounding "yes" to all of the above. more
The Internet is undergoing an evolutionary transformation resulting from the explosive growth of things that are interconnected. From single purpose sensors through wearable technologies to sophisticated computing devices, we are creating, exchanging, and consuming more data at rates that would have been inconceivable just a decade ago. The market suggests the average consumer believes this is the best world possible. As technologists, we have a responsibility to consider if we are building an Internet that is in the best interest of the user. more
The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more
Distributed Denial-of-Service (DDoS) attacks will become larger in scale, harder to mitigate and more frequent, says Deloitte in its annual Global Predictions report. more
Let's be honest about it. Nobody -- including those very clever people that were present at its birth -- had the slightest idea what impact the internet would have in only a few decades after its invention. The internet has now penetrated every single element of our society and of our economy, and if we look at how complex, varied and historically different our societies are, it is no wonder that we are running into serious problems with the current version of our internet. more
It all started earlier this year in June. I was coding transcripts of the past global Internet Governance Forum (IGF) meetings as part of a data mining exercise for DiploFoundation's Geneva Internet Platform (GIP). Pouring over transcript after transcript, the work was tedious, but I was learning a great deal about the Internet governance community as well. My interest was piqued by the conversations, the familiar names I came across, and the multi-stakeholder manifestation of politics, perspectives, and positions. more
Over the past several months, CITP-affiliated Ph.D. student Sarthak Grover and fellow Roya Ensafi been investigating various security and privacy vulnerabilities of Internet of Things (IoT) devices in the home network, to get a better sense of the current state of smart devices that many consumers have begun to install in their homes. To explore this question, we purchased a collection of popular IoT devices, connected them to a laboratory network at CITP, and monitored the traffic that these devices exchanged with the public Internet. more
Digital Transformation (DX) is picking up speed. According to a recent announcement by IDC, the market is expected to grow at a Compounded Annual Growth Rate (CAGR) of 17.9% to reach a whopping 321 billion dollars by 2021. In 2018 alone, IDC expects that 326 billion will be spent on transforming how people and things communicate. Based on these numbers, it looks like Digital Transformation has become the real deal. more
It has often been claimed that IPv6 and the Internet of Things are strongly aligned, to the extent that claims are made they are mutually reliant. An Internet of Things needs the massively expanded protocol address space that only IPv6 can provide, while IPv6 needs to identify a compelling use case to provide a substantive foundation to justify the additional expenditures associated with a widespread deployment of this new protocol that only the Internet of Things can provide. more
The Internet is a great success and an abject failure. We need a new and better one. Let me explain why. We are about to enter an era when online services are about to become embedded into pretty much every activity in life. We will become extremely dependent on the safe and secure functioning of the underlying infrastructure. Whole new industries are waiting to be born as intelligent machines, widespread robotics, and miniaturized sensors are everywhere. more
Many of you will have seen news stories that explained what was going on: a huge DDoS attack on the infrastructure of Dyn had taken down access to many large websites like Twitter. A great deal of digital ink has since been spilled in the mainstream press on the insecurity of the Internet of Things, as a botnet of webcams was being used. Here are some additional issues that might get missed in the resulting discussion. more
IGF-USA full day conference at the Center for Strategic and International Studies (CSIS) in Washington DC to be held on Thursday, July 14, 2016 from 8:00 AM - 7:00 PM. Key forum topics include IANA transition, ICANN accountability, broadband access, online privacy, Internet of Things, and digital trade. more
A World-Renowned Source for Internet Developments. Serving Since 2002.