Report available! Establishment of a Carrier Neutral Software-Defined IXP

The project led by Zartash Afzal Uzmi, from the SBA School of Science and Engineering at Lahore University of Management Sciences (LUMS) finalized their project and submitted their technical report.

Internet exchange points (IXP) are a critical piece of the Internet infrastructure that enable ISP networks to exchange traffic with each other. The Internet has more than 300 IXPs worldwide. IXPs offer a number of benefits including cost savings, better performance, and security. Traditional IXPs do not leverage the modern networking evolution offered by Software-Defined Networking (SDN).

This project aims to develop and deploy a Software-Defined IXP (SDX), using recent advances in SDN to allow operators to enable novel applications such as application-specific peering, traffic redirection through middleboxes, and inbound traffic engineering. We have already created a working prototype of SDX, comprising a route server (Quagga Application), Two (2) ISPs (2 PCs with Quagga BGP configurations), Aruba Openflow switch and Ryu Controller. Two novel peering applications have also been implemented on this SDN-based IXP.

To support the management and configuration of novel peering applications, we have developed a new package to SDN-enable the “IXP Manager” which is a web-based peering portal used by 79 traditional, non-SDN based, IXPs worldwide. Our package integrates with an open-source version of a traditional IXP Manager and allows configuring SDN-based applications through the peering web portal. This retrofitted IXP Manager will not only be useful for upcoming SDN-based IXPs, particularly in developing countries, but will also be useful for the existing IXPs worldwide as they introduce SDN capabilities within their infrastructure.

While the development work of the project has been completed, we will continue exploring avenues for large-scale deployment. As a first step in this direction, this project centered on Pakistan IXP; a future goal will be to use it as a testbed for full-scale deployment, testing, and evaluation. We will also continue to carry out training programs to prepare additional human resource in managing IXPs as well as in using SDN controllers. An additional future direction stemming from this project is to build a sustainable basis of discussion, collaboration, and training programs between least developed countries around SDN, IXPs, and other emerging technologies.

The establishment of an SDN-based IXP stands to bring down operating costs of IXPs via automatic configuration management and dynamic policy assignment. The SDN-based IXP platform developed in this project will also uncover the empirical data highlighting the benefits of IXP, particularly in the developing world, by measuring the inter-ISP traffic volumes. We further aim (as a future goal) to study the traffic types to estimate the growth in content hosted locally, or moved over from international to local hosting. Our project will eventually be useful for persuading popular large-volume publishers (Facebook, Netflix, YouTube, etc.) and content distribution networks (CDNs) to establish their local presence within the country and peer at the IXPs in Pakistan. This project will further allow the Pakistan IXP team to right size the future IXPs (in Karachi and Lahore) and scale the one in Islamabad. The knowledge of “where” the traffic is destined and downloaded from “outside the country” will motivate additional local and international cloud service providers to get interested in hosting their platforms within the region.

The report is publicly available.

Report available! A novel graph analytics theory model to mitigate IoT botnets attacks for big data

The project led by Raihana Syahirah Abdullah, from the Faculty of Information Technology and Communication at the Universiti Teknikal Malaysia Melaka (UTeM) finalized their project and submitted their technical report.

The research focused on getting the parameter from raw infection codes using a reverse engineering approach as well as addressing the behaviours of IoT botnets. The main objective of the research was to develop a new model in detecting IoT botnets using graph analytics theory model with analysing the selection of influence feature factor. The output of this research is a scheme that is able to remove and quarantine the suspicious codes as well as able to detect the behaviour changes in the IoT devices. The model also can be used as a security tool to discover the real behaviors of IoT botnets from the raw infection codes that exists in particular IoT devices and machines.

The report is publicly available.

Report available! NextGen Girls – Internet Security Ambassadors Project

The NextGen Girls initiative included creating an IoT and Security Curriculum including Internet governance, Privacy, IPV6, IoT, Networking, Information Security and open web technologies and training 40 female University students to become Internet Security Educators. They in turn, trained 160 of their peers, and make awareness to 800 high school girls in IoT safety. The training was delivered through 8 workshops at 4 universities, 24 live online training sessions, 2 meetups and an IoT hackathon among girls.

The main outcome of the NextGen Girls project is the development of a sustainable network of women specializing in IoT and security, advocating IoT safety and enable support for victims while increasing women participation in IoT and Security field. In the long term, the NextGen Girls community will support women to show leadership in the emerging IoT industry, increase safety and advancement of women.

Shilpa Sayura partners, AlgoHack community, Google education, Computer Society and ISOC Sri Lanka worked together to implement NextGen Girls initiative.

NextGen Girls aims to scale up the project “Respect Girls on Internet” which was awarded the ISOC 25 Under 25 Award and received an ISOC Beyond The Net Community Grant. The project developed a network of university and high school girls studying ICT. The goal of the project is to support young women professional development to pursue emerging IoT security careers, that in turn will help build safer and secure IoT environment at homes, workplaces and communities.


The emergence of pocket-sized computing devices, capable of electronic switching, sensing, controlling equipment, video, and audio has created a new paradigm shift in home automation, business, agriculture, transport, environmental technologies. IoT systems use internet to interconnect. Unsecure home uses of IoT can endanger safety and breach privacy of individuals and families. Women are particularly vulnerable as IoT misuse has facilitated revenge porn incidents, harassment, data breach, as well as scams. Online safety activitists recommend that women seek suppor from other women in the event of IoT breach, as seeking support from a male technician can pose additional risks. The project proposed approach is to develop IoT and security skills among women to safeguard their homes, workplaces, and community from IoT breaches. Women becoming IoT security experts immensely contributes to gender equality, diversity, and growth in female participation in the IoT economy.

The report is publicly available.

Report available! A peering strategy for the Pacific Islands

Many telecommunications networks in the Pacific interconnect not directly but via international carriers in the United States or Australia. This has a profound impact on both the cost and the performance of regional traffic. While web traffic is slowed, real-time collaborations are rendered unusable, creating barriers for inter-island collaboration.

Governments, competitive carriers, Internet societies, and activists argue that direct interconnection, or peering, is the answer to these performance problems. They believe that if competitive networks are allowed to exchange traffic free-of-charge with incumbent networks, the cost of Internet will go down, and performance will go up.

Incumbent networks throughout the Pacific steadfastly refuse to openly peer with other carriers, education networks, and government networks – and a change in this behaviour is not in sight. Not only do they refuse to peer, they sometimes charge their competitors more for direct access to their networks than competitors pay for global Internet connectivity. Competitors, activists, and even governments say this is a clear violation of network neutrality. This project investigating carrier interconnections in the Pacific has shown the situation to be far more nuanced.

This project’s objective was to share research collected during an earlier iteration of the project via the web in a dynamic way. This included information on physical and routed topologies, telecommunications market data, and information on the relationships Pacific Island nations have with the rest of the world.

In support of these objectives, the project has produced a website that reviews the telecommunications environment of the Pacific Islands. The site looks at each market’s connectivity to the world: telecommunications, sea freight, air routes, and trade. It provides real-time statistics on carrier market share. Finally, it considers the complexity of island telecommunications through a composite case study on peering.

The report is publicly available.

Report available! RPKI Monitor and Visualizer for Detecting and Alerting for RPKI Errors

Dr. Di Ma from the Internet DNS Beijing Engineering Research Center (ZDNS) has completed the report for one of the grants that was allocated in 2018 for implementation in 2019, titled “RPKI Monitor and Visualizer for Detecting and Alerting for RPKI Errors”.

This project implements an RPKI security mechanism that detects and counters adverse actions in the RPKI, which helps mitigate risks to global routing system. The mechanism is implemented by two components: the monitor, which detects erroneous or malicious RPKI changes, and the visualizer, which displays graphically the validation process passed to it by the validator and the alert information issued by the monitor.

The project achieved the following objectives:

  • Develop an RPKI Monitor to detect RPKI problems due to mistakes by or attacks against CAs and repositories, and generate alerts to the affected parties to remedy the problems. It also provides suggestions to guide RPs in deciding whether to accept or defer accepting those changes.
  • Develop an RPKI Visualizer to display graphically the validation process and involved RPKI data passed to it by the validator and the alert information issued by the Monitor.

The report is publicly available.

Report available! Scalable Traffic Classification in Internet of Things (IoT) for Network Anomaly Detection

Prof. Winston Seah from the School of Engineering and Computer Science at the Victoria University of Wellington has completed the report for one of the grants that was allocated in 2017 for implementation in 2018, titled “Scalable Traffic Classification in Internet of Things (IoT) for Network Anomaly Detection”.

The project focused on accurate traffic classification in the Internet of Things (IoT). The IoT comprises large numbers of heterogeneous simple devices running single applications, often with little to no security features making them easily compromised and used as tools in cyberattacks. As we become more connected and reliant on the Internet, any form of disruption in connectivity due network anomalies can result in adverse consequences, ranging from loss of productivity and revenue, to destruction of critical infrastructure and loss of life. In the last decade, cyberattacks have increased at an alarming rate, even just based on the reported incidents. We need to be able to classify new traffic types coming from IoT devices accurately and promptly, so that anomalous traffic can be identified and dealt with quickly.

Payload-based (PB) techniques although can reach high accuracy, but suffers from several limitations. The limitations of PB classification are expected to be addressed by statistical-based (SB) techniques. SB approaches are based on flow features and the traffic is classified using Machine Learning algorithms (MLAs). SB classification assumes that specific flow-level features such as flow duration, inter-arrival time, transmitted bytes, packet length and packet size can distinguish different types of traffic flows. We studied how unsupervised machine learning can be applied to network anomaly detection in the dynamic IoT environment where previously unencountered traffic types and patterns are regularly emerging and need to be identified and classified. This project involves the study and selection of appropriate MLAs (to be implemented as a proof-of-concept prototype) and identification of those flow features which have the highest impact on the traffic classification accuracy. This project contributes to making safer cyber-physical systems that are an integral component of the IoT.

The report is publicly available.

Report available! Software Defined Networks based Security Architecture for IoT Infrastructures

Prof. Vijay Varadharajan from the Faculty of Engineering and Built Environment at The University of Newcastle has completed the report for one of the grants that was allocated for implementation in 2018, titled “Software Defined Networks based Security Architecture for IoT Infrastructures”.

The project developed fine granular security policies and a lightweight security protocol to authenticate IoT devices and authorise them to access services in network infrastructure in a secure manner. The project involved three stages:

  • In the first stage, the project team conducted a detailed study of security attacks on IoT infrastructures and the different security solutions that currently exist to counteract the various types of attacks. Then, analysed the pros and cons of the existing solutions, and developed security requirements that need to be addressed in designing security architecture for IoT Applications.
  • As part of second stage, the team developed a lightweight authentication protocol based on a novel public key encryption scheme. The proposed protocol achieved a balance between the efficiency and communication cost without sacrificing security.
  • In the third stage, the team proposed a SDN based security architecture for IoT systems. Their security architecture allowed specification of fine granular access policy constraints on communications between end users, devices and services in a distributed environment. A novel feature of the proposed architecture is its ability to specify path based security policies, which is a distinct advantage in SDNs.

The report is publicly available here:

https://isif.asia/software-defined-networks-based-security-architecture-for-iot-infrastructures/

Congratulations to the ISIF Asia Grantees for 2019

This year ISIF Asia selected 6 organizations in the Asia Pacific to receive USD 20,000 to support research and development of Internet technologies for the benefit of the region. The ideas they submitted for the 2019 call for proposals highlight the main technical, operational and development issues that concern the Asia Pacific Internet community and concrete solutions to address them. This year’s funding round marks our 11th anniversary of operation in the Asia Pacific, and a total of USD 120,000 was allocated.

The application process this year, as the topics for our grants get more specialized, attracted highly relevant proposals and highlighted how a variety of stakeholders are working towards the development of the Internet. We see those as great indicators about the relevance of ISIF Asia as a mechanism to support the development of the Internet across the region. We received 70 proposals from 17 economies.

The funding will be distributed among organizations representing Private Sector (1) and Academia (5) across 5 economies: Australia, India, Indonesia, Malaysia and New Zealand.

We are confident the outcomes of their work will continue to support an open, stable, and secure Internet that serves the needs of the people in our region.

2019 Network Operations Research Grants

  • Modelling and identifying IP address space fragmentation pressure points. Curtin University. Australia. USD 20,000
  • Honeynet Threat Sharing Platform. Swiss German University (SGU), Badan Siber & Sandi Negara (BSSN) and Indonesia Honeynet Project (IHP). Indonesia. USD 20,000
  • Implementation and Utilites of RDAP for wider usability among Internet Stakeholders. University of Malaya. Malaysia. USD 20,000
  • Network coding over satellite links: scheduling redundancy for better goodput. The University of Auckland. New Zealand. USD 20,000

2019 I4D Powering Internet Infrastructure Grants

  • Telemetering the telltale signs of power issues of wireless internet relays. Rural Broadband – AirJaldi. India. USD 20,000
  • Network Remote Powering through Quasi-Passive Optical Nodes. Royal Melbourne Institute of Technology (RMIT University). Australia. USD 20,000

The 2019 I4D Award was not granted this year, instead one additional grant under the Network Operations Research was allocated.

The APNIC Foundation and ISIF Asia thanks all the applicants for sharing their ideas with us, the Selection Committees members for their hard work to arrive to this great outcome, and to APNIC for their generous funding contributions for 2019.

2019 Call for Grant Proposals and Award Nominations Extended until 21 June

ISIF Asia has extended the deadline for the 2019 Call for Grant Proposals and Award Nominations Extended until 21 June midnight UTC.

This year ISIF Asia will allocate USD 115,000 in funding across 2 categories.

Five grants and one award will be allocated to projects that have a clear development outcome aligned with the focus areas and that demonstrate a concrete contribution to research and/or implementation of Internet-based solutions, Internet operations, Internet infrastructure, technologies and protocols within the Asia Pacific region.

2019 Grants

The Internet Operations Research Grants will support research focused on the availability, reliability, and security of the Internet, with a particular focus on focus on operational stability and security. The research outcomes should aim to expand access to knowledge, expand coverage for research applications and maximize the benefit to the community. Three small grants of USD 20,000 USD will be allocated, for a total of USD 60,000 in funding. 

The I4D Powering Internet Infrastructure Grants will support the research and development of software and/or hardware solutions that can improve the stability and reliability of how Internet infrastructure is powered. This includes but is not limited to solar, wind, and hydraulic solutions used to provide Internet access in remote areas, during disasters, or to power other infrastructure such as IXPs, root servers, datacentres, etc. The monitoring of batteries and their consumption, energy efficiency tools, the management and administration of micro-grids will be considered for this call.  Two small grants of USD 20,000 will be allocated, for a total of USD 40,000 in funding. 

To know more about each of the grants categories and apply, check the focus areas, eligibility criteria and guidelines provided.

2019 I4D Powering Internet Infrastructure Award 

The 2019 Internet for Development Award will be given to one organization working on research and development of software and/or hardware solutions that can improve the stability and reliability of how Internet infrastructure is powered. This includes but is not limited to solar, wind, and hydraulic solutions used to provide Internet access in remote areas, during disasters, or to power other infrastructure such as IXPs, root servers, datacentres, etc. The monitoring of batteries and their consumption, energy efficiency tools, the management and administration of micro-grids will be considered for this award. The award includes a cash prize of USD 3,500 and a travel grant to attend the Internet Governance Forum 2019 in Berlin.

To know more about the 2019 Award and apply, check the focus areas, eligibility criteria and guidelines.

 

Community LTE in Papua project by Yanobama published Final Report

The project “Community LTE in Papua”, delivered a LTE (CoLTE) network -a lightweight, Internet only LTE core network (EPC)- designed to facilitate the deployment and operation of small-scale, community owned and operated LTE networks, with a particular eye towards expanding Internet access into rural areas with limited and unreliable backhaul.

The CoLTE network comes paired with a basic, IP based network manager as well as basic web services. The key differentiator of CoLTE, when compared to existing LTE solutions, is that in CoLTE the EPC is designed to be located in the field and deployed alongside a small number of cellular radios (eNodeBs), as opposed to the centralized model seen in large-scale telecom networks.

The project also provided performance results and lessons learned from a real world CoLTE network deployed in rural Indonesia. This network has been sustainably operating for over six months, currently serves over 40 active users, and provides measured backhaul reductions of up to 45% when compared to cloud core solutions.

Read their Final Technical Report for all the details about their work in Indonesia.