SIDN Labs to participate in two NWO-co-funded cybersecurity projects

Photo: Sjoerd van der Hucht - MyEyes4u

User-driven Path verification and control in Inter-domain Networks (UPIN)

Most internet users don't currently know how their traffic flows through the network to its final destination and cannot verify or control the path taken. UPIN will address this lack of transparency and control. Its goal is to develop and evaluate a system that enables users to cryptographically verify and easily control the paths via which their data travels through an inter-domain network such as the internet. That may be both in terms of router-to-router hops and in terms of router attributes (e.g. their location, operator, security level and manufacturer).

UPIN will thus provide the solution to a very relevant and topical problem, namely that it is becoming increasingly unclear to internet users who is processing their data (e.g. the service providers that handle their data and what jurisdictions apply) and that users have no control over how their data is being routed. That represents both a privacy risk (a malicious network might compromise a user’s data) and a safety risk (an untrusted network might disrupt remote-controlled surgery).

The project’s key results will be a system that gives internet users control over and insight into network paths, as well as demos and scientific publications.

UPIN will revolve around two PhD students, attached to the DACS group at the University of Twente and the SNE group at the University of Amsterdam, respectively. The other project partners are SURF and NLnet Labs.

The project is part of the 2STiC Programme, through which we are developing mechanisms for secure, stable and transparent inter-network communication, specifically in next-generation internet infrastructures. More information on UPIN is on the NWO site.

Remediation of comPromised IoT Devices (RAPID)

The Internet of Things (IoT) connects an ever-increasing number of wildly heterogenous devices to the internet, such as IP cameras or smart home appliances. While they promise to bring further convenience to our daily lives, a large number of these IoT devices are susceptible to malware infections (e.g. Mirai or Hajime malware), which often spread quickly across home and business networks.

The RAPID project addresses that problem and has two objectives: (i) to explain the causes of the infections and the inherent insecurity of the IoT paradigm by exploring the application of innovative data analytics to raw cyber security data such as IoT honeypots and IoT sensors such as SPIN; and (ii) to promote effective remediation mechanisms that mitigate the threats associated with currently vulnerable and infected IoT devices.

RAPID seeks to accomplish those goals in three phases. First, we will investigate attackers' reconnaissance strategies to understand how their scanning processes lead to infections. The second phase will address the attackers’ exploitation of infected IoT devices and seek to explain how IoT devices become infected, for example, in terms of vulnerabilities or misconfigurations. The third phase will investigate how infections can be remediated effectively.

RAPID will look to ISPs active on the Dutch and international markets to conduct clean-up experiments and corroborate the results of the causal modelling and threat modelling. As part of the project, workshops for IoT manufacturers and other research teams will also be organised, with a view to validating the results and driving the development of security policies that apply worldwide.

Like UPIN, RAPID will be organised around two PhD students, but both working at Delft University of Technology in the Multi-Actor Systems group. One of the students will concentrate on technical work, while the other will focus on behavioural aspects of RAPID’s problem space. The RAPID project is a collaboration of TU Delft, the Dutch Radiocommunications Agency, AbuseHUB, KPN and SIDN Labs, and is closely related to our SPIN project. More information on RAPID is available from NWO.