Our objectives
SIDN Labs’ goal is to further increase the security of the internet infrastructure, which we think of as the equipment, communication links, software, protocols and other facilities that devices on the internet need in order to communicate with each other. We focus on applied technical research, for the benefit of the Netherlands, Europe and the global internet.
Our motivation derives from the crucial role that the internet now plays. Modern digital societies are highly dependent on the internet infrastructure, which means that its security is of increasing social and economic importance. For example, a robust internet infrastructure that provides secure communication is needed by the public to access e-government services and shop online, and by businesses to manage supply chains and deliver services.
We expect dependency on the internet to continue increasing. As it does so, society’s security requirements will also increase, driven by developments such as the growth of internet-based cyber-physical services, including tele-robots and smart energy grids.
We started with SIDN Labs back in 2011 to further increase SIDN’s contribution to the internet and to Dutch society. That is in line with SIDN’s responsibility as a top-level domain operator to serve the internet community.
Our 3 research areas
Our research agenda has 3 focus themes reflecting the current and future challenges that the internet faces.
We continually refine our agenda based on the feedback that we receive from the internet community on our publications, software, demos, statistics and other results.
Domain name security: aims at increasing our understanding of domain names used for malicious purposes (e.g. fake webshops and phishing) in order to continue improving anti-abuse activities. In that context, for example, we regularly measure the (security) characteristics of all 6.3 million .nl domain names with our DMAP crawler and use ENTRADA to analyse the DNS queries processed by our .nl name servers. We develop tools and algorithms that enable us to identify potentially malicious domain names, to alert registrants and registrars, and to collaborate with them on countermeasures.
Infrastructure security: revolves around increasing our understanding of the internet infrastructure as a basis for improving its security, resilience and management. Examples of the work we do in connection with this theme include large-scale measurements to understand the deployment of new security protocols in the Domain Name System (DNS) and how users map to servers in the NTP pool. We also develop prototype systems, tools and best practices for the management and development of DNS infrastructures (e.g. through the automatic management of anycasted DNS services), NTP systems and the routing system.
Emerging internet technologies: our work on this theme contributes to long-term fundamental improvements to the internet infrastructure, such as alternative routing systems (e.g. based on the security or energy characteristics of networks), new security concepts (e.g. network scopes or the 'agile' adaptation of security algorithms) and new internet properties (e.g. transparency, in-network data processing and the coexistence of multiple addressing and routing systems). Our work on this theme is inspired by, for example, clean-slate approaches such as SCION and the Extensible Internet. In connection with such long-term developments, our current focus areas are the verification of inter-domain network paths and the smooth introduction of new (quantum-secure) crypto-algorithms.
Short and long-term projects
While many of our projects aim to improve the security of the internet infrastructure in the short term (2 years or so), we also do projects with long time horizons (5+ years). For example, we carried out a preliminary study of the impact of post-quantum crypto algorithms on the DNS, and we experimented with SCION, a “clean slate” internet architecture that requires changes to networks’ border routers.
We engage in long-term projects because we believe that it is of strategic importance for the Netherlands to have expertise in the relevant areas, for instance to contribute to strengthening Europe’s digital autonomy.
Bridging research and operations
SIDN Labs often acts as a bridge between the worlds of research and operations. For example, we worked with Grenoble Alps University in France to classify domain name abuse warnings from security companies into “maliciously registered” or “compromised” domains, which we then integrated into the domain name security dashboard for SIDN’s Support team. In such projects, we operate roughly between Technology Readiness Levels (TRLs) 3 and 7, while our academic partners focus on TRLs 1-3 (basic research) and SIDN’s operational teams on TRLs 7-9 (production level).
We are able to bring research and operations together because our skillset spans the gap between them: some team members have a more academic bias, some lean towards the operational or engineering side, and others are somewhere in the middle.
Collaboration is central to our philosophy
For almost all our projects, we collaborate with universities, infrastructure operators and other research centres, with the aim of combining expertise and resources to maximise impact. For example, the 2STiC community brings together experts from the academic and operational worlds to undertake research on future internet infrastructures. The universities involved (University of Twente, University of Amsterdam, Delft University of Technology and Radboud University) focus on developing new knowledge in their specialist fields (e.g. internet measurement methodologies, open programmable networks and quantum-safe crypto), while the operators (SURF, RIPE NCC, AMS-IX, NDIX, NL-ix, NLnet Labs and SIDN) for instance provide testbeds and operational expertise.
We also collaborate with universities through “embedded researchers”. They are SIDN Labs team members who spend 1 day a week at an academic institution, for instance to work on joint results, develop new projects, and supervise MSc students. We currently have 2 embedded researchers at the University of Twente, 1 at Delft University of Technology and 1 at the University of Amsterdam.
Our partners
Generic and publicly available results
In pursuit of our goal, we focus on developing widely applicable and publicly available results that are useful to a wide range of stakeholders (e.g. DNS operators, registrars and peer registries). By doing so, we enable such stakeholders to use our research results to make their own contributions to the security of the internet. That approach is important, because the internet functions through the collaboration of many individuals and organisations, including some 75,000 autonomously managed networks.
Our results and products are regularly put to constructive use by others. For example, our open-source DNS analytics platform ENTRADA is used by the registries for .nz (New Zealand), .be (Belgium) and .ch (Switzerland).
Similarly, our DNSSEC tools are used in the .br (Brazil), .se (Sweden) and .dk (Denmark) domains to monitor key and algorithm rollovers. Our results are also used within SIDN, as with tools such as Anteater (used by our Operations team) and RegCheck (used by our Support team).
More examples of our output are in our annual reviews, such as those of 2024, 2023, 2022, 2021 and 2020.
Educational contributions
We contribute to educating the next generation of network engineers and researchers, which we consider one of our responsibilities to the community. For example, we teach the courses Advanced Networking and Security Services for the IoT at the University of Twente, and we contribute to several other courses through guest lectures, for instance at the University of Amsterdam.
We also encourage students to do their MSc theses with us, which gives them the opportunity to work for a leading TLD operator, while we benefit from having smart people to help us with our projects. We typically host 2 or 3 students a year. Would you like to know more about graduating at SIDN Labs? Then go to sidnlabs.nl/en/graduating.
Contributions to expert bodies
We contribute to internet expert groups in various roles. For example, one of our colleagues acts as co-chair of the RIPE community's DNS working group, while another sits on the editorial panel of the journal Privacy & Informatie.
We are also long-time contributors to the IETF, the CENTR R&D working group and DNS-OARC, amongst others.
Our team
Our multinational team is made up of technical experts with experience in a range of different fields. We often work with master's students, who support us with projects linked to our various research themes.
-
I research BGP routing security and how it could be improved to make the Internet a more reliable and secure place. For that, I build test environments and prototypes that allow us to measure and analyse the impact of potential new security mechanisms on current Internet routing.
-
I really enjoy getting to grips with how the internet works 'under the hood'. So I focus mainly on researching and advising on the development of (new) internet standards, how they work and how they can be used. My role also involves advancing SIDN's interests within the Dutch and international internet communities.
-
I'm responsible for SIDN Labs, SIDN's research team. I oversee our research activities, support the SIDN Labs team and develop new in-house and collaborative projects.
-
The main focus of my work is the application of machine learning to make the internet more secure and trustworthy. My expertise with big data and algorithms is valuable for identifying patterns associated with abuse, enabling detection and intervention.
-
I'm researching technologies that have the potential to make the internet of the future more open, secure and transparent. I'm collaborating with our research partners on the development of test environments for piloting such technologies and demonstrating their added value to a mixed audience.
-
I do research into the working of the current internet and technologies that can influence the internet of the future. I'm also interested in phishing and in security and privacy on the Internet of Things.
-
My job involves analysing data from our name servers. The detection of patterns and trends in the data is the starting point for making .nl more secure and more robust. The analysis results are also useful to the security industry, network communities, researchers and policy-makers.
-
I do research based on large-scale internet measurements, with the aim of helping to make the DNS even more stable and secure. My findings have direct operational impact within SIDN and more generally. I also work closely with the University of Twente, where I'm a guest researcher.
-
My work centers around researching and developing the internet of the future. Besides this challenging job, I also enjoy working on improving the current internet.
-
SIDN Labs
Suzan Teunissen van Manen
Management assistant
I support Cristian to keep everything running smoothly. Through my role, I enable him and his team to focus on their work.
-
I concentrate mainly on DNS big data and on coming up with new concepts and developing prototypes for their implementation. A good example is development of the ENTRADA big data platform.
-
I'm investigating how machine learning can contribute to internet security and stability. Machine learning algorithms extract rules and patterns from large volumes of data. My work at SIDN Labs involves developing algorithms that can detect domain name abuses, for example.
