Report available! Network remote powering through quasi-passive reconfigurable nodes

This project investigated the remote powering of the Internet using quasi-passive network nodes, where the power required for the providing Internet in remote network nodes without local power supply is remotely provided optically. The pump light for remote powering of network nodes is transmitted using the same data transmission fibre to reuse the existing network infrastructure. The major objectives of the project are to investigate, develop and optimize the network node and the remote power scheme, to increase the scalability, traffic handling capability and efficiency, via both theoretical study and numerical simulations.

The project was originally planned to be completed in 12 months. However, due to the interruption of COVID-19, the university campus was locked down for a prolonged period and no access to the university was allowed, This interruption resulted in delays in the project, and the project was completed at the end of May, 2021 (the research paper was published in mid December, 2021).

Although the project has been significantly affected by the COVID-19 situation, the project team managed to adjust the plan slightly to focus more on the theoretical study, modelling and analysis during this period. The main activities conducted in this project include:

The model of individual components in the node has been completed;
The signal propagation model in the network node has been built;
The theoretical model of the remote powering scheme has been established;
The remote powering scheme based network node has been analyzed theoretically and through comprehensive numerical simulations;
The complexity of the remote powering scheme based network node has been analyzed;
The impact of the opticam pump on the signal transmission in fibre has been studied;
The impact of different data modulation formats in remotely powered network node has been investigated;
The multiple optical pumps scheme has been proposed and studied to further increase the availability of power to nodes without local power supply, and two different configurations of the multiple optical pumps scheme have been analyzed and compared;
Large-scale optical networks with the proposed quasi-passive network nodes and remote powering technique have been simulated, and the statistical performance has been investigated.

The final report is available here.

Report available! Open Lawful Intercept for Asia Pacific

This project improved network operations in Asia Pacific in the area of Lawful Intercept.

OpenLI is the only open source software capable of meeting the ETSI standards for lawful interception. OpenLI has achieved broad acceptance among network operators in New Zealand but is not well known in other countries. It has benefits beyond low cost in that OpenLI is easy to deploy and maintain and is capable of high performance (i.e. multiple Gbps of concurrent interception).

This project worked with APNIC to reach out to operators in other Asia Pacific jurisdictions to understand their requirements for lawful intercept. It then provided development, training and other improvements as required to meet those requirements. It also involved the development of an engagement process to collaborate with network operators to deploy OpenLI and demonstrate that it is capable of meeting their lawful intercept requirements.

The long term aim is to move OpenLI to a sustainable model where the software is reliable and well maintained and continuously developed to meet new network and law enforcement requirements.

The final report is available here.

Report available! IPv6 deployment at enterprises

IPv6 adoption at large, brick-and-mortar enterprises has lagged. Many feel that unless this issue is addressed, the Internet as a whole will stall at an IPv6 adoption rate of about 60%. The India Internet Engineering Society (https://www.iiesoc.in/), a nonprofit based in India, would like to begin to address this issue.

There are many subsidiaries of large corporations in India. Such organizations, primarily use IPv4 addresses. For example, one of the largest mobile providers in India, whose backbone is IPv6, has had to purchase IPv4 addresses on the open market simply to support these corporations. The decision to move to IPv6 is made at the headquarters of these companies – which is often in the United States. The US federal government has recently announced a direction for IPv6-only for the US government. This makes it the right time for this project.

IIESoc proposes to work collaboratively with a nonprofit industry consortium in the United States, the Industry Network Technology Council (INTC), to address the issue of IPv6 adoption in large brick-and-mortar enterprises. INTC has done a survey of large enterprises and has found that security, application conversion and training are three of the biggest challenges enterprises have as far as IPv6 adoption. We need to find out exactly what these challenges entail. To that end, we need to have brick-and-mortar enterprises involved. This is an issue because such enterprises do not participate actively in Internet standards bodies. They do participate to some extent in network operations groups. Outreach to these organizations will be a key part of this project.

We propose three phases with their corresponding goals. (Subsequent phases may be proposed at the conclusion of phase 3).

Phase 1: IPv6 training and migration discussions for enterprises. Goal: Establish IIESoc as a leader in IPv6 space, create visibility for the project, start to create a core group of enterprises.

Phase 2: Create a consortium of academia, industry, and government. Goal: Prepare for phase 3 which will create security and application inventory.

Phase 3: Create an inventory of application and security challenges in concert with the consortium. Goal: Start to create a methodology to handle the hardest issues in IPv6 conversion.

Phase 1 is the necessary precursor and foundation for enterprises to be able to have conversations about what is to be done for IPv6 migration. If they do not receive training and have a forum for discussion of migration issues, the other phases will not be successful. In this application, we only asked for funding for Phase 1 which lasted 12 months.

The following webinars have been completed as a part of Phase 1 activity:

Introduction to IPv6: Feb 4, 2021

Lab: IPv6 basics: Feb 11, 2021

​Neighbour Discovery: March 4, 2021

Lab: Neighbor Discovery: March 18, 2021

IPv6 Address Planning: April 8, 2021

Lab: IPv6 Address Planning: April 15, 2021

IPv6 Transition Mechanisms: May 6, 2021

Lab: IPv6 Transition Mechanisms: May 13, 2021

DHCPv6: June 3, 2021

Lab: DHCPv6: June 10, 2021

IPv6 and Cloud: June 17, 2021

Lab: IPv6 and Cloud: June 24, 2021

​Introduction to IPv6 Security July 8, 2021

An addition to the project also included the travel to in-person IETF 113 by one student.

The final report is available here.

2022 ISIF Asia Grants now open for applications

ISIF Asia is now accepting applications for the 2022 funding cycle.

ISIF Asia empowers organizations across the Asia Pacific region to research, design, and implement Internet-based solutions to solve Internet development challenges that support community development and growth. Since 2008, ISIF Asia has supported 99 grants and 29 awards, allocating over USD 5.4 million to 128 innovative initiatives across 27 economies.

An infographic of the grant types

Applications are open to public and private sector organizations, academia, non-profits, and social enterprise organizations.

There are three thematic areas.

  • Inclusion: Initiatives that help ensure everyone has meaningful access to the Internet, online applications and services
  • Infrastructure: Initiatives to increase Internet speed, reduce maintenance and operational costs, and improve reliability and/or security
  • Knowledge: Initiatives that develop technical capacity and/or research around Internet network operations for technical and non-technical audiences

In 2022, ISIF Asia will also include grants across all three programs to support innovative solutions to the environmental impact of the Internet. The Ian Peter Grants for Internet and the Environment will be made to commemorate the life and work of Ian Peter, Internet pioneer and environmental activist.

ISIF Asia’s IPv6 Deployment Grants are also open for organizations planning to deploy IPv6 in the Asia Pacific. IPv6 Deployment Grants range between USD 30,000 and USD 250,000.

In addition, three small grants (USD 30,000 each) will be made available across any program area to economies that have not previously received ISIF Asia grants. A full list of economies that ISIF Asia has supported is available here.

Applications are open now until 15 May 2022 at 11:59 AM (UTC +10). For application and selection criteria please familiarize yourself with the Funding Portal, where you will be able to submit your application.

2021 ISIF Asia grant recipients announced

A large-scale collaborative project among research networks in the Asia Pacific region to build trust and Border Gateway Protocol (BGP) capabilities is among the many Internet development and research projects being funded in the newly announced group of ISIF Asia supported projects.

Other projects include IPv6 training, an extensive honeynet cybersecurity project spanning several economies in Asia, and knowledge sharing between Network Operator Groups (NOGs) and Computer Emergency Response Teams (CERTs).

ISIF Asia received a total of 74 applications for this round of funding, resulting in the biggest group of ISIF Asia grantees ever, with 22 projects covering 16 economies. Some of these projects cover multiple economies. Three economies are receiving funds for the first time: Solomon Islands, Papua New Guinea, and Lao PDR.

The grants total USD 1.82 million in funding, and are spread across three categories: Infrastructure (developing the Internet), Inclusion (accessing the Internet) and Knowledge (skills and research about the Internet). Funding for these grants is part of the Asia Pacific Internet Development Trust’s 2021 funding for the APNIC Foundation.

The full list of summaries is included below. Follow links below for easy navigation.

INFRASTRUCTURE

INCLUSION

KNOWLEDGE

Infrastructure

Expand the Central Australian Desert Project to serve the Nitjpurru indigenous community in Pigeon Hole. Distant Curve Remote Area Telecommunications. Australia. USD 150,000.

Nitjpurru is a community in Australia’s Northern Territory of approximately 140 people, 450kms away from the nearest town. Nitjpurru is accessible only by four wheel drive vehicle and access is subject to flooding during the wet season. Telecommunications infrastructure is limited to a single payphone, shared by the entire community.

The Central Australian Desert Project connected the Northern Territory communities of Engawala and Atitjere with an embedded system using solar powered microwave relays. This impact grant will fund the development of a similar system for Nitjpurru. The project will also integrate a framework for supervising various systems needed to run the relays, cost-effectively monitor them, and ensure they are providing the necessary connectivity.

Sustainable smart villages in rural Papua New Guinea. Papua New Guinea University of Technology. Papua New Guinea. USD 85,000.

Over 80% of Papua New Guinea’s population lives in rural areas. The government is promoting agriculture and education as key aspects of its development goals, but is challenged by limited connectivity caused by unreliable power supply, a lack of appropriate communications technology, and a shortage of skilled people to maintain infrastructure and train users.

This scale-up grant will help develop a ‘smart village’ solution, seeking to address all these challenges, connecting mobile devices to enhance education and provide information in the local language, supported by a reliable power system monitored by sensors and calibrated based on machine learning techniques. Data traffic, together with power consumption data, will be used to develop a business model for scaling the smart village model further.

The project will provide ten community Wi-Fi sites as sustainable services to rural areas, and aims to cultivate partnerships between industry, community, and academic institutions, to develop digital literacy packages as a cost-effective solution to closing the digital divide for diverse user groups in the community.

Field-ready network-coded tunnels for satellite links. The University of Auckland. New Zealand. USD 85,000.

This project aims to widen the circle of people able to deploy titrated coded tunnels, create reference systems on actual satellite links in the field, and demonstrate that this technology brings actual performance benefits to real users.

This project builds on a previous ISIF Asia project which researched how coded tunnels over satellite links can accelerate individual packet flows. The current project will take it out of the lab and show users that the technology is ready for wider deployment.

This scale-up grant involves a partnership with Gravity Internet and Te One School on Chatham Island, with Gravity Internet being familiarized with the new technology. They will work with an engineering link to Chatham Island using a satellite link to connect to the school.

Hybrid LoRa Network for underserved community Internet. Universiti Kebangsaan Malaysia. Malaysia. USD 85,000.

The Chini Lake, Pahang area of Malaysia has challenging terrain with thick foliage. These conditions mean that the 500 indigenous Orang Asli residents, spread across six villages, lack access to mobile data coverage.

As a solution, LoRa wireless technology has been proposed. The scale-up grant will help establish a LoRa Wide Area Network (LoRaWAN) gateway on a helium balloon, equipped with Mesh LoRa architecture that has text and voice messaging capabilities, as well as a cloud-based data management platform.

This will give local residents access to digital materials through a messaging system, accommodating users of all different literacy levels, as well as water level alerts for mitigation of flooding and drought situations, and an avenue for promoting local products and services through the cloud-based data management platform.

Securing Software Defined Network architectures. The University of Newcastle. Australia. USD 30,000.

This project involves the design and development of techniques for detecting attacks on Software Defined Network (SDN) switches.

SDN has proven useful for handling the growing complexity of networks. It is widely deployed in Enterprise, Cloud, and Internet Service Provider networks. As SDN becomes more common, so do cyberattacks that exploit SDN vulnerabilities. There is a growing need to enhance security in SDN networks. This small grant will implement security techniques to validate against different attacks on SDN switches and develop a Switch Security Application for SDN Controllers for detecting attacks on switches.

Back to top

Inclusion

Connectivity Bridges: Reaching remote locations with high-speed Internet services. Rural Broadband — AirJaldi. India. USD 150,000.

Various Internet infrastructure initiatives have deployed technologies across parts of India using both wired and wireless Internet. However, rural areas aren’t easily connected leading to some infrastructure being under-used, particularly large communication towers.

This impact grant will help create a hybrid ‘WiFiber’ system that bridges existing infrastructure and adds capability and coverage to reach users in the mostly rural state of Arunachal Pradesh with fast and affordable Internet services.

Local community-based Internet infrastructure development and Internet utilization in rural Indonesia. Common Room. Indonesia. USD 150,000.

An existing partnership between Common Room, the Association for Progressive Communications, and the UK’s Digital Access Programme has resulted in the development of a School for Community Networking in the Kasepuhan Ciptagelar region of Indonesia.

This impact grant will help the school provide necessary infrastructure for a ‘build out’ to extend Internet deployment and training for indigenous and other rural communities in and around seven locations.

The project will provide towers, wireless equipment, servers, and training. It will also provide support as community-based Internet is rolled out, to help demonstrate ways the Internet can benefit these communities.

Equal access to information society in Myanmar. Myanmar Book Aid and Preservation Foundation. Myanmar. USD 150,000.

This project will help the Myanmar Book Aid and Preservation Foundation combine and scale three programs: Mobile Information Literacy, Tech Age Girls Myanmar, and the Business Startup Development Program.

The Beyond Access project has already equipped 210 libraries around Myanmar with Internet, enabling 360,000 people to use a digital device for the first time. Telco Ooredoo Myanmar will invest in an additional 40 community libraries, mostly in underserved or unserved areas.

This impact grant will focus on equipping thousands of participants — primarily youth and women — at these 40 additional community libraries to develop digital literacy skills.

Broadband for all in Yap. Boom! Inc. Federated States of Micronesia. USD 85,000.

This project will establish an island-wide Fixed Wireless Access broadband network on the island of Yap.

In 2017, Yap to the world via high-speed submarine fibre-optic cable. There is still a lot of work to be done before this improved capacity can be used to provide broadband connectivity to island residents. In a recent proof-of-concept, Boom! was able to provide high speed connectivity to a school in Yap, having obtained the necessary licence and wavelength agreements. This scale-up grant will extend coverage to other parts of Yap.

Bamboo towers for low-cost and sustainable rural Internet connectivity. National Institute of Technology Silchar. India. USD 85,000.

This project is a collaboration among the Indian Institute of Technology Bombay (IIT Bombay), National Institute of Technology Silchar (NIT Silchar), and Uravu from India. The project will develop and promote low-cost and sustainable bamboo communication towers to expand access to broadband networks in remote and rural areas of India. The scale-up grant will fund the development of detailed instructions on how to construct bamboo towers — including selection of bamboo, treatment, testing of bamboo culms and their joints, structural design considering connectivity requirements and structural specifications, optimization, foundation design, erection of the tower, and its maintenance. Towers will also be constructed to test the proposed methods, and they will be able to be built in any region. Detailed multimedia manuals will also be developed and available on a dedicated website.

OASIS data garden project. SATSOL. Solomon Islands. USD 85,000.

Some communities in the Solomon Islands are faced with the challenges of a lack of electricity for digital devices, and limited means to access money electronically. This means that residents have to travel to a town to access banknotes.

This scale-up grant will fund the development and proof-of-concept testing of a ‘data garden’ that will supply affordable connectivity, power, and a digital payment system.

An OASIS data garden can be easily transported to any remote location in the Solomon Islands via small boat or vehicle, and will operate autonomously. The data garden will support remote villages and communities where it can provide for individuals, households, businesses, schools, and clinics.

Internet connection to four villages in San Isidro. Davao Medical School Foundation (DMSF). The Philippines. USD 30,000.

This small grant project will connect four villages in the San Isidro municipality of Mindanao via Point to Point (P2P) data connections. A P2P connection is a closed network data transport service that traverses the public Internet but is inherently secure with no data encryption needed. A P2P network can also be configured to carry voice, video, Internet, and data services together over the same point to point connection. DMSF will partner with local organizations in each village to develop local capacity for maintenance and security.

Inclusive and efficient access to Internet services and information for persons with disabilities in Bangladesh. Humanity & Inclusion. Bangladesh. USD 30,000.

This project aims to assist people with visual disabilities in Bangladesh, by disseminating standards on accessible web design and screen-reading software.

Around 20% of the population of Bangladesh lives under the poverty line. As Internet adoption rapidly climbs, new opportunities in employment and education are presented via the Internet. However, people with visual disabilities face added challenges in Internet accessibility.

The project, funded with a small grant, will translate visual accessibility standards into the local language and train web developers in these standards. It will also engage in policy dialogue and advocacy for people with disabilities.

Empowering remote agricultural communities in Lao PDR through long-range wide area networks. Makerbox Lao. Lao PDR. USD 30,000.

This project will leverage the possibilities offered by low-power/long-range Internet of Things solutions to bridge the technological and communication divide between urban centres and remote agricultural communities in Lao PDR.

The small grant will help develop a prototype technology that uses long range (LoRa) wireless networking to relay agricultural data (such as soil, weather, and water information) from sensors in remote areas to forecasting experts, then relay that forecast information to farmers in a format that supports their work. The design also considers local conditions such as the absence of power grid connections by developing a solar power support, which LoRa is ideally suited to handle due to its low power consumption.

Back to top

Knowledge

Intelligent honeynet threat sharing platform. Swiss German University. Indonesia. USD 150,000.

This project will fully extend the design of the existing Honeynet Threat Sharing Platform [PDF] to provide a broader range of honeypot support, with intelligently categorized and correlated threat data, enabling organizations to share and exchange the threat information with other organizations with a consistent format.

This impact grant will support a partnership between Swiss German University, Badan Siber & Sandi Negara (Indonesia’s National Cyber and Crypto Agency), and the Indonesia Honeynet Project (IHP).

A range of economies are participating in the project, including Bangladesh, Brunei, Cambodia, Myanmar, Papua New Guinea, Sri Lanka, Timor Leste, and Viet Nam.

Two previous ISIF Asia grants supported the development of the Honeynet Threat Sharing Platform, to link honeypots together in a Honeynet that collects information on malicious Internet traffic for a public dashboard. To facilitate cooperation among participants, the Cyber Security Community Information Sharing and Analysis Center (CSC-ISAC) was also established.

The project involved four types of honeypot: Cowrie (SSH honeypots), Dionaea (Multi-Service Honeypots), Elastichoney, and Conpots (Industrial Control Honeypots).

Developing a collaborative BGP routing, analyzing and diagnosing platform. Tsinghua University. China. USD 150,000.

This project is a collaboration between National Research and Education Networks (NRENs) and research universities in the Asia Pacific, to build the kind of trust and BGP capabilities among NRENs that the wider BGP-speaking community relies upon. Currently, there is no large-scale cooperative monitoring system for BGP routing and no collaborative system for BGP hijacking and mitigation among Asia Pacific NRENs.

An earlier but ongoing project resulted in the development of a small-scale looking glass platform and BGP routing collection platform. This impact grant will expand the platform to a BGP hijacking detection and mitigation system and foster the emerging NREN network operations and security community. In addition, the team will analyze the robustness of routing in the Asia Pacific region and suggest how to improve the reliability of Internet routing through cooperative interconnections.

The organizations involved include CERNET (China), SingAREN (Singapore), ThaiREN (Thailand), BdREN (Bangladesh), LEARN (Sri Lanka), AfgREN (Afghanistan), MYREN (Malaysia), NREN Nepal (Nepal), APAN-JP (Japan), ERNET (India), DOST-ASTI/PREGINET (Philippines), HARNET/JUCC (Hong Kong), Gottingen University (Germany), Surrey University (UK), and Beijing University of Posts and Telecommunication (China).

Bug Zero. SCoRe Lab. Sri Lanka. USD 85,000.

Bug bounties are when organizations offer rewards to those who are the first to report a problem in their software. This helps them stay ahead of emerging security vulnerabilities.

Bug bounty platforms have helped many organizations in advanced economies worldwide but South Asia has been hesitant to embrace them. Equipped with empirical research data on published results, SCoRe Lab has already started a bug bounty platform in Sri Lanka called Bug Zero.

This scale-up grant will help promote bug bounties as an effective tool for organizations, while also promoting them as a good economic opportunity for youth and encourage inclusion in an area that has generally been male-dominated.

Training and knowledge sharing: Network analysis for AI transformation. TeleMARS. Australia. USD 85,000.

Research from a previous ISIF Asia grant demonstrated that Artificial Intelligence (AI) techniques can be used to resolve problems when detecting cyberattacks. This scale-up grant will help implement that work on a larger scale. This will involve strengthening knowledge sharing across Network Operator Groups (NOGs) and Computer Emergency Response Teams (CERTs), developing training and mentoring resources, and improving professional capabilities in the areas of diagnosis, monitoring, and analysis of historical datasets.

Webinar series to support IPv6 knowledge transfer. India Internet Engineering Society (IIESoc). India. USD 30,000.

This project will continue a series of webinars that have helped enterprises develop IPv6 skills, supported by ISIF Asia through a 2020 grant.

It can be difficult to encourage enterprises to adopt IPv6. One of the issues is a lack of understanding about the technical aspects of IPv6 among some enterprise technicians. Sometimes, technicians seek training but management does not always see the business case for adoption. This small grant will continue and expand a previous series of webinars supported by ISIF Asia that have helped enterprises develop IPv6 skills, in an effort to combat a cycle of misinformation that makes enterprises hesitant to adopt IPv6.

DIY COW — An inclusive community operated wireless kit for enabling local communications at remote locations. Servelots Infotech. India. USD 30,000.

Using lessons learned during remote mentoring for young women in COVID-19 lockdowns, this project will create a Do It Yourself kit that will allow someone with no Internet access to set up a wireless access point with a local access server.

Establishing network connections in remote communities is difficult and Internet Service Providers (ISPs) don’t always see a commercial case in establishing Internet services in small areas. This project funds the creation of kits that can be immediately deployed to connect these communities without relying on any existing Internet connection.

This small grant will help develop kits that allow for the rapid establishment of a server capable of hosting applications that can immediately be used by the community. The kit contains all the necessary instruction materials to be set up without an Internet connection. It can also be connected to the Internet when and if the Internet gateway becomes available, and the set-up materials can easily be adapted to other languages

Cybersecurity education. Passerelles Numeriques Cambodia. Cambodia. USD 30,000.

This project will create fun and accessible online learning content on security issues faced by the public and organizations while navigating the Internet. Cambodia is rapidly digitizing, due in part to the rapid adoption of smartphones. However, with increased Internet adoption comes an increase in cyber-threats. The Cambodian government is currently in discussions to establish a cyber-crime law.

In the meantime, there is a need for greater cybersecurity awareness. This project is a partnership between NGOs Passerelles Numeriques Cambodia and The Foundry. It will develop simple interactive videos and quizzes to test awareness and develop public knowledge about security threats they can encounter in their daily lives. This project, funded with a small grant, focuses on youth and women facing digital literacy challenges.

Design, development and operation of an SDN-based Internet eXchange playground for networkers. University of Malaya. Malaysia. USD 30,000.

Network operators have access to a variety of technical training programs, some include the use of simulations, which are useful to put theory into practice but can be limited to simple configurations for experiments.

This small grant will help build on existing training programs by developing an ‘Internet Exchange Playground’ with a Kubernetes cluster that can help introduce SDN-based BGP/RPKI/RDAP knowledge. The Kubernetes nodes will be scattered across different economies, allowing participants to experiment with cross-border network topologies. It will allow for use of VXLAN and SDN controllers in a WAN environment.

To enhance access, there will be four on-line training, tutorials and seminars aimed at fostering participation, particularly among women. The project will be fostering participation from Bhutan, Indonesia, Lao PDR, Malaysia, Myanmar, Singapore, Taiwan, and Thailand.

The APNIC Foundation thanks all applicants for sharing their ideas, the members of the Selection Committees for their hard work, and the Trust for supporting these projects. Technical reports on the projects will be published on the ISIF Asia website as they are completed.

Back to top

Report available! Modelling and identifying IP address space fragmentation pressure points

Despite exhaustion of the IPv4 address space commencing in 2011, the Internet has largely not transitioned to IPv6, and in fact the rate of IPv6 diffusion has recently begun to slow down (Huston, 2018).  The IPv6 transition is expected to take decades and hence problems stemming from issues the lack of scalability of IPv4 will continue to affect the Internet for many years to come.

Indeed, the number of allocated IPv4 address blocks continues to grow; this is enabled due to subdivision of existing allocations into multiple blocks, and is argued to allow un-used or under-utilised address space to be moved to other organisations with greater need.  The amount of address space which could potentially be reallocated in this way is substantial: the volume of routed IPv4 address space is considerably less than the total allocated IPv4 address space (Richter et al., 2015), suggesting that there is a considerable amount of un-used address space which could potentially be transferred to other network operators.

This typically involves partitioning existing IPv4 address blocks into smaller pieces and transferring some of those pieces to other operators.  In some cases operators re-number their networks to free up contiguous address space which is subsequently transferred; while this can result in more effective use of address space it also results in BGP routing table growth, one of the major scaling issues facing the Internet today (Gamba et al., 2017).  In other cases network operators could migrate whole networks from public to private address space and deploy NAT before transferring address space elsewhere.

Continuing the current practice of dividing address space into ever-smaller allocations while increasingly relying on NAT not only presents challenges for IPv6 diffusion efforts but will increasingly create ‘pressure points’ in economies or regions where allocations are smaller.  Further, it also increases the prevalence of layered NAT (sometimes dubbed ‘double NAT’), which can not only lead to a range of operational problems but which has security implications including the creation of attack points to be targeted by malicious parties and increasing the difficulty of identifying hosts involved in botnet activity (BITAG, 2012).  Nevertheless, there has been nothing to suggest that the practice will end in the foreseeable future.

There has been no modelling to identify economies or regions likely to be first affected by such pressure points, or for how long this practice can continue.  This project will develop a statistical model of the process, thus allowing countries at greatest risk to develop mitigation strategies, providing clarity to the Internet community, and providing stakeholders tasked with stimulating IPv6 diffusion with a better understanding of differences between different countries and economies.

The final report is available here.

Report available! Collaborative Honeynet Threat Sharing Platform

With the continuous rise of cyber security threats, monitoring security potential threats and attacks become essential to plan for cyber defense. Honeypot, a decoy system designed to lure attackers, has been used to track and learn attacker’s behavior. Collecting attacker’s interactions with honeypot at different locations inside different organization’s premises provide useful and more complete picture of the landscape of current cyber security threats. The log of the attacks to the honeypots become an essential cyber security threat information that could be shared to many of the security incident analysts at different organizations to provide relevant and contextual threat intelligence. The goal of this project is to develop and implement a collaborative honeynet threat sharing platform that could collect, store, add contextual information pertaining to the threat and share these threat information to the relevant organization. This project continues on the previous year project with additional type of honeypots are being added to the collection of honeypot sensors. In addition, new type of threat categories, threat purpose and threat phases are added to define more fine-grained secure shell (ssh) attacks seen in our honeypots. With the new public dashboard is now ready for public view, our hope is more organizations in Indonesia as well as organizations in ASEAN countries would be interested to participate in the project in a collaborative effort to share and exchange threat information, which potentially could be used as a cyber defense platform for each of the participating organizations.

The project achieved the following objectives:

  1. Develop a collaborative repository platform for storing honeynet-based threat information. The project allows anyone or organization to participate in a community-based threat information sharing based on the honeynet system.  There are 4 honeypots currently implemented, i.e., cowrie, Dionaea, Elastichoney, and conpot.
  2. Redesign and develop a more robust repository and visualization platform that allows security analysts to add and enrich existing security threat information with the results of the analysis of the security events or objects related to the events. The robust repository platform utilized the cluster database of MongoDB while the visualization platform also uses cluster setup to distribute search tasks over cluster servers, improving overall user experience of using the platform.
  3. An enhanced platform that allows organizations to share and exchange security threat information with other organizations. The platform enables the threat information to be exchanged with the cyber security community through TAXII services in a standardized format or through open-source threat intelligence Malware Information Sharing Platform (MISP).

The project was lead by the Charles Lim, from Swiss German University (SGU) and builds on years of collaboration to support the Honeynet project Indonesia Chapter (IHP), in partnership with the Ministry of Communication and Informatics (KOMINFO) and Badan Siber & Sandi Negara (BSSN). It is also an expansion of a previous ISIF Asia grant allocated in 2019.

The final report is available here.

Report available! Telemetering the telltale signs of power issues of wireless internet relays

The TellTale project was conceived with aim of addressing the problem of measurement and projection of the power uptime duration of wireless internet relays. In rural areas and in areas where such projections are not available, operators often fail to address downtimes in a timely manner, thereby increasing the number and duration of downtimes and/or fail to project the power needs of a relay properly. These issues have direct adverse economic consequences for both providers and users

In line with this, the project objectives were to:
1. Identify an affordable and replicable sensor+SBC + internet uplink power charge and discharge module
2. Create a cloud-based, machine-learning supported, data ingestion, storage, data prep, analysis and reporting system.
3. Develop an easy-to0use reporting and alert system with PC and mobile applications (Android)
4. Measure and report on the cost-saving and improved uptime impact of the project
5. Disseminate the project findings and share the systems design
6. Create a paid support system for interested parties.

The project has achieved most of its objectives. An AirJaldi “TellTale” system, capable of measuring battery voltage and generating indicators and alerts based on the its change over time, has been built, demonstrated and is ready for distribution and sharing. At a device cost of around US $20 (hardware components) the system is affordable, as are the software packages and cloud hosting services required.

AirJaldi will offer TellTale using a Freemium model. Interested users can either download the source codes and manuals at no cost from Github (accessed directly or via our website and those of other partners), or choose one of various models of paid support offered by AirJaldi.

TellTale’s User Interface (UI) was designed to be clear and easy to use and update and is available in both computer and mobile version. An Android APK, offering a stripped-down version of the web UI with a focus on alerts, was also created and made available for users.

We plan to continue working on improving and enriching TellTale in the coming months and will share information and resources.

The final report is available here.

Report Available! Experiment and improve reinforcement learning algorithms to enhance anomalous network behaviour detection

Cybersecurity is a significant research area because all of the operations based on government, military, commercial, financial and civilians gather, process, transfer and store tremendous volume of data on computers and others. Cyber-attacks have imposed increasing threats and damages on our modern society at all levels. Network Intrusion Detection System (NIDS) is one of the major techniques in preventing cyber-attacks occurred in network traffic. Over the past decade, a lot of research work has been conducted to explore the capabilities of artificial intelligence (AI) methods in developing NIDS solutions. The previous studies suggested that AI algorithms have promising potentials in developing effective solutions to detect the increasing attacks.

TeleMARS R&D team commits to advance AI-based methods, explore realistic approaches of deploying the research outcomes in real network environment, and support on-going research in wider community to achieve long term sustainable development. The key objectives of this project were to:

  • contribute to the development of NIDS;
  • contribute to research community in the subject of anomaly detection;
  • establish a practical collaboration framework to enable scientists and IT professionals from diverse background to work together to continuously contribute to NIDS research;
  • test and prove TeleMARS operation and technical frameworks, and the team capabilities; and
  • inspire and enable the participation of broader research community in cybersecurity domain supporting gender equality and inclusion

This project started in September 2020 and finalized in June 2021. The main activities included:

  • Literature review and project design.
  • Data analysis and preparation.
  • Anomaly detection model development using Machine Learning methods including Reinforcement Learning method.
  • Model experimentation.
  • Established evaluation pipelines to simulate real application environment.
  • Model capability evaluation applying different datasets.
  • Implementation of a collaboration framework supporting the research activities conducted by researchers and professionals with various backgrounds.

The final technical report is available for review here.

Report Available! Implementation and Utilities of RDAP for Wider Usability among Internet Stakeholders

This project aimed to increase the adoption of the Registration Data Access Protocol (RDAP), which is the replacement/upgradation of WHOIS. It is used to retrieve registration data using Internet resources such as domain names, Internet Protocol (IP) addresses, and autonomous system numbers (ASN). RDAP solves several problems of WHOIS. It has many new features which include: standardized query/response formats, authoritative address of the Regional Internet Registries (RIR), authentication, and encryption. Internet operation researchers and users need to adopt RDAP as it will continue to play an increasingly important role in Internet resilience, safety, and investigations requiring the search and collection of registration data. This project contributed in increasing the utilization and adoption of the RDAP by implementing the RDAP client in Matlab (Data Simulation Tool), Browser extensions, and generic recommendations to establish RDAP clone in national Registries across Asia Pacific region.

Matlab is a powerful tool to simulate, design, and analyze real-world systems. At the time of the project was proposed , there was no direct/native support of RDAP protocol in Matlab. Implementing such a client or toolbox will enable easy retrieval of data from RDAP with minimal development efforts as well as native support for RDAP in Matlab. Eventually, it will facilitate doing Internet operation research, data visualization, digital forensic, and other studies involving internet resources such as domain name, etc. The Browsers extension would assist end users in getting lookup information of the domain they are about to visit, this way it will potentially help in mitigating the risk of online spam and scams with the benefit of improved transparency of legitimate Internet resources. Moreover, this project also explored potential implementation strategies to set up RDAP clone for national Registries. This replication can potentially improve the availability of RDAP in unforeseen circumstances and could help to implement robust strategies for improved quality of service. The recommendations and guidelines are useful for RDAP adoption acceleration, identifying the current state of RDAP, identifying future strategies to deploy country level RDAP, and challenges faced by country level Registries.

The final technical report is available for review here.