Understanding the Role of Registrars in DNSSEC Deployment

The Domain Name System (DNS) provides a scalable, flexible name resolution service. Unfortunately, its unauthenticated architecture has become the basis for many security attacks. To address this, DNS Security Extensions (DNSSEC) were introduced in 1997. DNSSEC’s deployment requires support from the top-level domain (TLD) registries and registrars, as well as participation by the organization that serves as the DNS operator. Unfortunately, DNSSEC has seen poor deployment thus far: despite being proposed nearly two decades ago, only 1% of .com, .net, and .org domains are properly signed. In this paper, we investigate the underlying reasons why DNSSEC adoption has been remarkably slow. We focus on registrars, as most TLD registries already support DNSSEC and registrars often serve as DNS operators for their customers. Our study uses large-scale, longitudinal DNS measurements to study DNSSEC adoption, coupled with experiences collected by trying to deploy DNSSEC on domains we purchased from leading domain name registrars and resellers. Overall, we find that a select few registrars are responsible for the (small) DNSSEC deployment today, and that many leading registrars do not support DNSSEC at all, or require customers to take cumbersome steps to deploy DNSSEC. Further frustrating deployment, many of the mechanisms for conveying DNSSEC information to registrars are error-prone or present security vulnerabilities. Finally, we find that using DNSSEC with third-party DNS operators such as Cloudflare requires the domain owner to take a number of steps that 40% of domain owners do not complete. Having identified several operational challenges for full DNSSEC deployment, we make recommendations to improve adoption

Use of locator/identifier separation to improve the future internet routing system

The Internet evolved from its early days of being a small research network to become a critical infrastructure many organizations and individuals rely on. One dimension of this evolution is the continuous growth of the number of participants in the network, far beyond what the initial designers had in mind. While it does work today, it is widely believed that the current design of the global routing system cannot scale to accommodate future challenges. In 2006 an Internet Architecture Board (IAB) workshop was held to develop a shared understanding of the Internet routing system scalability issues faced by the large backbone operators. The participants documented in RFC 4984 their belief that "routing scalability is the most important problem facing the Internet today and must be solved." A potential solution to the routing scalability problem is ending the semantic overloading of Internet addresses, by separating node location from identity. Several proposals exist to apply this idea to current Internet addressing, among which the Locator/Identifier Separation Protocol (LISP) is the only one already being shipped in production routers. Separating locators from identifiers results in another level of indirection, and introduces a new problem: how to determine location, when the identity is known. The first part of our work analyzes existing proposals for systems that map identifiers to locators and proposes an alternative system, within the LISP ecosystem. We created a large-scale Internet topology simulator and used it to compare the performance of three mapping systems: LISP-DHT, LISP+ALT and the proposed LISP-TREE. We analyzed and contrasted their architectural properties as well. The monitoring projects that supplied Internet routing table growth data over a large timespan inspired us to create LISPmon, a monitoring platform aimed at collecting, storing and presenting data gathered from the LISP pilot network, early in the deployment of the LISP protocol. The project web site and collected data is publicly available and will assist researchers in studying the evolution of the LISP mapping system. We also document how the newly introduced LISP network elements fit into the current Internet, advantages and disadvantages of different deployment options, and how the proposed transition mechanism scenarios could affect the evolution of the global routing system. This work is currently available as an active Internet Engineering Task Force (IETF) Internet Draft. The second part looks at the problem of efficient one-to-many communications, assuming a routing system that implements the above mentioned locator/identifier split paradigm. We propose a network layer protocol for efficient live streaming. It is incrementally deployable, with changes required only in the same border routers that should be upgraded to support locator/identifier separation. Our proof-of-concept Linux kernel implementation shows the feasibility of the protocol, and our comparison to popular peer-to-peer live streaming systems indicates important savings in inter-domain traffic. We believe LISP has considerable potential of getting adopted, and an important aspect of this work is how it might contribute towards a better mapping system design, by showing the weaknesses of current favorites and proposing alternatives. The presented results are an important step forward in addressing the routing scalability problem described in RFC 4984, and improving the delivery of live streaming video over the Internet

Connecting the nation : an historical institutionalist explanation for divergent communications technology outcomes in Canada and Australia

Australia's slow rate of progress in rolling out broadband technologies became a major election issue in 2007, resulting in the National Broadband Network (NBN), the largest public infrastructure investment in Australia's history. Numerous international comparative reports reveal that Australia's lag in the deployment of broadband technologies in relation to Canada, another geographically large, sparsely populated federal system, is significant. Nevertheless, Australia's poor broadband performance is no different than the sluggish adoption of many other forms of electromagnetic communications technologies since the time of the telegraph. This thesis adopts an historical institutionalist approach to explain why Australia trails behind Canada in the take-up of communications technologies. The thesis identifies the different approaches to enabling, coordinating and regulating communications technologies in each country. Importantly, different federal powers for communications technologies have resulted in longstanding differences in the deployment of communications technologies. The Australian government's exclusive powers to legislate for communications technologies resulted in a series of centralised, top-down, single national solutions. Conversely, Canada's decentralised, bottom-up, provincial and municipal solutions approach stems from the provinces' powers to legislate for communications technologies within the provinces. Constitutionally, the Canadian government's powers are for the most part restricted to issues of interconnection between the provinces. Australian policy-makers favour standardised national systems designed to provide equality of service provision which invariably takes longer to deliver services to citizens. While Canada's approach leads to different standards of service provision, the approach is faster in delivering communications technology services to citizens. In explaining why a decentralised approach to deploying communications technologies results in faster take-up of new communications technologies, the concept of varieties of particularism is developed. The term 'varieties of particularism' refers to the unique social, political, economic, technological and geographical peculiarities that exist at the nexus of government, business and communications technologies. These various characteristics differ for each region, jurisdiction, provider and user and present a complex series of challenges for the deployment of new communications technologies. In the broadband era, the traditional monolithic telecommunications carrier model is increasingly obsolete. The research finds that single national solutions designed to meet citizens' communications technology requirements (such as those adopted by Australian policy makers) do not adequately address the varieties of particularism and therefore are slow to be deployed and to be taken-up by citizens. Further, the centralisation of political power in the communication industries prevents many citizens from participating in policy development - a 'build it and they will come' scenario - which neglects the human element of the 'network society'. Consequently, the centralised approach results in policy focused on particular technologies or devices predetermined by government, rather than user functionality which can be delivered by a mix of available technologies. The research finds that Australia's centralised approach discourages innovative uses of available technologies, whereas the Canadian decentralised approach enables citizens to be active policy and network participants where political issues are resolved at the regional or local level. In light of the NBN, the comparison with Canada demonstrates that Australia's centralised approach has important ramifications for future communications technology deployment

Collaborative Traffic Offloading for Mobile Systems

Due to the popularity of smartphones and mobile streaming services, the growth of traffic volume in mobile networks is phenomenal. This leads to huge investment pressure on mobile operators' wireless access and core infrastructure, while the profits do not necessarily grow at the same pace. As a result, it is urgent to find a cost-effective solution that can scale to the ever increasing traffic volume generated by mobile systems. Among many visions, mobile traffic offloading is regarded as a promising mechanism by using complementary wireless communication technologies, such as WiFi, to offload data traffic away from the overloaded mobile networks. The current trend to equip mobile devices with an additional WiFi interface also supports this vision. This dissertation presents a novel collaborative architecture for mobile traffic offloading that can efficiently utilize the context and resources from networks and end systems. The main contributions include a network-assisted offloading framework, a collaborative system design for energy-aware offloading, and a software-defined networking (SDN) based offloading platform. Our work is the first in this domain to integrate energy and context awareness into mobile traffic offloading from an architectural perspective. We have conducted extensive measurements on mobile systems to identify hidden issues of traffic offloading in the operational networks. We implement the offloading protocol in the Linux kernel and develop our energy-aware offloading framework in C++ and Java on commodity machines and smartphones. Our prototype systems for mobile traffic offloading have been tested in a live environment. The experimental results suggest that our collaborative architecture is feasible and provides reasonable improvement in terms of energy saving and offloading efficiency. We further adopt the programmable paradigm of SDN to enhance the extensibility and deployability of our proposals. We release the SDN-based platform under open-source licenses to encourage future collaboration with research community and standards developing organizations. As one of the pioneering work, our research stresses the importance of collaboration in mobile traffic offloading. The lessons learned from our protocol design, system development, and network experiments shed light on future research and development in this domain.Yksi mobiiliverkkojen suurimmista haasteista liittyy liikennemäärien eksponentiaaliseen kasvuun. Tämä verkkoliikenteen kasvu johtuu pitkälti suosituista videopalveluista, kuten YouTube ja Netflix, jotka lähettävät liikkuvaa kuvaa verkon yli. Verkon lisääntynyt kuormitus vaatii investointeja verkon laajentamiseksi. On tärkeää löytää kustannustehokkaita tapoja välittää suuressa mittakaavassa sisältöä ilman mittavia infrastruktuuri-investointeja. Erilaisia liikennekuormien ohjausmenetelmiä on ehdotettu ratkaisuksi sisällönvälityksen tehostamiseen mobiiliverkoissa. Näissä ratkaisuissa hyödynnetään toisiaan tukevia langattomia teknologioita tiedonvälityksen tehostamiseen, esimerkiksi LTE-verkosta voidaan delegoida tiedonvälitystä WiFi-verkoille. Useimmissa kannettavissa laitteissa on tuki useammalle langattomalle tekniikalle, joten on luonnollista hyödyntää näiden tarjoamia mahdollisuuksia tiedonvälityksen tehostamisessa. Tässä väitöskirjassa tutkitaan liikennekuormien ohjauksen toimintaa ja mahdollisuuksia mobiiliverkoissa. Työssä esitetään uusi yhteistyöpohjainen liikennekuormien ohjausjärjestelmä, joka hyödyntää päätelaitteiden ja verkon tilannetietoa liikennekuormien optimoinnissa. Esitetty järjestelmä ja arkkitehtuuri on ensimmäinen, joka yhdistää energiankulutuksen ja kontekstitiedon liikennekuormien ohjaukseen. Väitöskirjan keskeisiä tuloksia ovat verkon tukema liikennekuormien ohjauskehikko, yhteistyöpohjainen energiatietoinen optimointiratkaisu sekä avoimen lähdekoodin SoftOffload-ratkaisu, joka mahdollistaa ohjelmistopohjaisen liikennekuormien ohjauksen. Esitettyjä järjestelmiä arvioidaan kokeellisesti kaupunkiympäristöissä älypuhelimia käyttäen. Työn tulokset mahdollistavat entistä energiatehokkaammat liikennekuormien ohjausratkaisut ja tarjoavat ideoita ja lähtökohtia tulevaan 5G kehitystyöhön