Burt Kaliski | Dec 13, 2013
It's a privilege for Verisign to welcome this week the recipients of our 2012 Internet Infrastructure Grant program, who will be presenting the results of research their teams have conducted over the past year and a half. The results will be the focus of our fourth and final Verisign Labs Distinguished Speaker Series event for the year.
The event will open with a keynote talk by Prof. Ellen Zegura of Georgia Tech (United States), who will give an overview of the field these two projects explore, "Intermittent and Low-Resource Networks: Theory and Practice." It's an honor to have Prof. Zegura with us to describe both the academic and hands-on work she's conducted in this important area.
Prof. Philippe Cudre-Mauroux of University of Fribourg (Switzerland) and Dr. Christophe Guéret of Vrije Universiteit Amsterdam (The Netherlands) will then share their findings on "Registry Systems without the Web," a new, open-source, general-purpose data repository and resolution system intended for environments with little or no regular access to the web.
Prof. Z. Morley Mao of University of Michigan (United States) will conclude the event with summarizing discoveries on "Supporting Mobile Network Communication in Adverse Environments," a joint project with grant co-recipient Prof. Cui Yong of Tsinghua University (China). Their project proposes several new infrastructure network services optimized for mobile users again in environments that are at best partially connected.
Verisign sponsors projects like these to encourage progress in understanding better ways to connect online with reliability and confidence -- especially as more of the world becomes connected, and environments continue to change. Our 2011 grant program followed the general theme of "improving the Internet infrastructure for the next 25 years." The 2012 program, featured at this week's event, focused on "Internet infrastructure and access challenges faced by users in the developing world and elsewhere."
In 2014, rather than selecting among proposals for research to be pursued in the coming year, will recognize and reward work that's already being done. This time, our targeted research area will be name collisions in the global Domain Name System (DNS). As described in my recent blog series, name collisions can occur when a system employs a domain name suffix such as .corp to identify internal resources and the same suffix is also employed as a top-level domain (TLD) in the global Internet.
Until recently, name collisions have not been a significant concern to researchers or operators because the set of TLDs has remained close to the same for a long time. However, the environment around DNS is now changing rapidly with as many as 1,400 proposed TLDs moving through a formal evaluation process, some of which have just recently been added to the global DNS.
There have been a few preliminary studies so far on name collisions, mostly originating from within the DNS community. To expand the base of publicly available results and draw from the broader Internet research community, Verisign Labs is organizing a new Workshop and Prize on Root Causes and Mitigations of Name Collisions (WPNC), or namecollisions.net for short, which will be held in March 2014. We invite researchers to share their best analyses and techniques for understanding causes and effects of name collisions. Similar to the scope of Prof. Zegura's talk, we are interested in both "theory and practice."
And similar to our past two grant programs, we are awarding funds for the top projects. As described in more detail in the workshop announcement, we will award a prize of $50,000 to the most valuable research contribution presented at the workshop as determined by an independent judging panel, as well as several smaller prizes. If the results of the previous grant programs are any indication, we can expect high quality contributions from top researchers in the field.
We're grateful for the researchers whom we've been able to support through the Verisign Infrastructure Grant Program and look forward to the ongoing impact of their work.
Blog Moderator | Dec 06, 2013
Guest Post: Ramon Ray - Smallbiztechnology
For any company doing business today, a website is far more than a way to promote products and services. With a consumer market that heavily relies on the Internet for everything from directions to reviews, any small business that has not yet set up an online presence could be missing out on a gold mine of potential customers. In fact, Shop.org projects online holiday sales to increase between 13 and 15 percent to as much as $82 billion during the months of November and December this year, and the U.S. Commerce Department reported that final Q4 (October – December) e-commerce sales in 2012 increased 15.7 percent.
Small business owners can’t rely solely on a physical store to grow their business. It’s time to get online as customers now expect to be able to find information and, ideally, purchase products or book reservations using the Web.
Here are a few compelling reasons to boost your online presence by establishing the best website you can – some of which were recently highlighted by small business owners in a survey that Verisign conducted with Merrill Research.
Burt Kaliski | Nov 26, 2013
We recently hosted Dr. Ralph Merkle as a guest speaker for the Verisign Labs Distinguished Speaker Series. His talk, “Quantum Computers and Public-Key Cryptosystems,” was a great presentation on how molecular nanotechnology -- the ability to economically manufacture most arrangements of atoms permitted by physical law -- could fundamentally alter the world as we know it. Ralph’s and many others’ research on this topic has been groundbreaking and we are grateful he took the time to come and share his knowledge.
A little background: In 1974, Ralph, co-inventor of public-key cryptography, challenged conventional thinking on information security by proposing a way for two users who initially don't share a secret key with each other (or anyone else) to protect the messages they exchange. How could they go from a state where they have no apparent way to protect their messages, to one where they do?
The answer is obvious now in hindsight, and we experience it every time we make a secure connection to a Web server and in many other applications: two users can protect the messages they exchange using public-key cryptography. In public-key cryptography, keys come in pairs, a public key and a private key. Messages are encrypted with the public key, and decrypted with the corresponding private key. The two users thus only need to give each other their public keys (in a trusted way); they keep their private keys to themselves, so no secret keys are shared with anyone. They protect the messages they exchange by encrypting them with one another's public keys. (In a typical implementation between a user and a Web server, only the Web server initially needs a key pair, which is enough to get an encrypted session started.)
Nearly four decades ago when the Internet was in its infancy, public-key cryptography hadn't yet been discovered, and it was inconceivable that a message could be protected between two users without someone sharing some secret keys. For an undergraduate project, Ralph thought about proving that no such method had these properties, and when a proof was not forthcoming, he set out to find a method that did.
Burt Kaliski | Nov 20, 2013
ICANN’s second level domain (SLD) blocking proposal includes a provision that a party may demonstrate that an SLD not in the initial sample set could cause “severe harm,” and that SLD can potentially be blocked for a certain period of time. The extent to which that provision would need to be exercised remains to be determined. However, given the concerns outlined in Part 2 and Part 3 of this series, it seems likely that there could be many additions (and deletions!) from the blocked list given the lack of correlation between the DITL data and actual at-risk queries.
If the accumulated risk from non-blocked SLDs were to become too large, it could become necessary for ICANN to withdraw the entire gTLD from the global DNS root. Changes to the DNS root, once properly approved and authorized, can be implemented rapidly by updating the root zone file and notifying root server operators that a new zone file is available. This part of the process is as straightforward for deletions as for additions. The approval and authorization process, however, would need to be much faster for a deletion than it currently is for an addition because of the urgency of making the change or “rollback” after a determination was reached that a gTLD’s delegation needed to be revoked. The importance of rapid delegation is affirmed in Recommendation 3 of SAC062: Advisory Concerning the Mitigation of Name Collision Risk, published Nov. 7 by ICANN’s Security and Stability Advisory Committee (SSAC):
Burt Kaliski | Nov 19, 2013
I began my journey into computer science as a high school freshman coding on a TI-59 calculator. Later in my high school years, I wrote computer chess games on a PDP-11/34 minicomputer in BASIC and, for speed, in assembly language. I might have contributed inadvertently to the Y2K problem with some FORTRAN and COBOL programs I wrote in the early 1980s. In college, I learned LISP and CLU on a MULTICS operating system, and had a part-time job where I programmed on a VAX-11/750. But eventually I did get around to coding in C on a Unix box.
So this is a little more information than 140 characters would allow, which may explain why I found David Chisnall's opening talk at the recent vBSDcon so fascinating. DOS and VAX are to computer professionals what the classics are to the liberal arts: our Iliad and Odyssey. And C and Unix, in their various forms, are the living languages that preserve the connection to the early days - the contemporary variants of Koine Greek. The art of building C compilers as well as operating systems continues to advance skillfully.
Verisign hosted vBSDcon as part of our commitment to high quality, community efforts that provide stable, secure building blocks for Internet infrastructure, such as the one we operate. The FreeBSD operating system, as I mentioned in a previous post, is one of the mix of options we support at our edge sites, alongside Linux, contributing to our hardware and software diversity. FreeBSD and other crowd-sourced software initiatives can only be sustained through well run online communities. But those communities in turn can only be sustained if a good number of participants meet in person from time to time to strengthen their connections and review current developments. That's what we wanted to encourage through vBSDcon, as Verisign engineer and conference co-organizer Rick Miller described on Twitter:
“The BSD community is very tight knit, but dispersed all around the world. Conferences like this are so important because it’s a rare opportunity to meet and collaborate." -- Rick Miller, Verisign
As recounted in the vBSDcon tweets, the conference wrap ups by ixSystems and RootBSD and www.bsdnow.tv's video podcast, the well-organized event appears to have met those goals.
A special thanks to vBSDcon's speakers: David Chisnall, Kris Moore, Devin Teske, Luigi Rizzo, Baptiste Daroussin, Henning Brauer, Reyk Floeter, Mike Bentkofsky, Marc de la Gueronniere, Julien Charbon, John Hixson, and Glen Wiley; and sponsors iXsystems, Juniper Networks, The FreeBSD Foundation, RootBSD, CDW, HP and Daemon Security, Inc. for their generous contributions. Thanks also to Verisign Engineers Rick Miller and Glen Wiley for championing and organizing this inaugural event.