Tiqr: a novel take on two-factor authentication

Authentication is of paramount importance for all modern networked applications. The username/password paradigm is ubiquitous. This paradigm suffices for many applications that require a relatively low level of assurance about the identity of the end user, but it quickly breaks down when a stronger assertion of the user’s identity is required. Traditionally, this is where two- or multi-factor authentication comes in, providing a higher level of assurance. There is a multitude of two-factor authentication solutions available, but we feel that many solutions do not meet the needs of our community. They are invariably expensive, difficult to roll out in heterogeneous user groups (like student populations), often closed source and closed technology and have usability problems that make them hard to use. In this paper we will give an overview of the two-factor au- thentication landscape and address the issues of closed versus open solutions. We will introduce a novel open standards-based authentication technology that we have developed and released in open source. We will then provide a classification of two-factor authentication technologies, and we will finish with an overview of future work

Improving Response Deliverability in DNS(SEC)

The Domain Name System provides a critical service on the Internet, where it allows host names to be translated to IP addresses. However, it does not provide any guarantees about authenticity and origin integrity of resolution data. DNSSEC attempts to solve this through the application of cryptographic signatures to DNS records. These signatures generally result in larger responses compared to plain DNS responses. Some of these larger responses experience fragmentation, which in turn might be partially blocked by some firewalls. Apparently unresolvable zones may in those cases be a consequence. Analysis of DNS traffic suggests that at least one per cent of all resolvers experience this problem with our signed zones. However, we suspect this number to be much larger. In our presentation we will elaborate on the potential extent of this problem and propose to test two solutions. We intent to test both solutions in our production environment

Ethics and Internet Measurements

Over the past decade the Internet has changed from a helpful tool to an important part of our daily lives for most of the world’s population. Where in the past the Internet mostly served to look up and exchange information, it is now used to stay in touch with friends, perform financial transactions or exchange other kinds of sensitive information. This development impacts researchers performing Internet measurements, as the data traffic they collect is now much more likely to have some impact on users. Traditional institutions such as Institutional Review Boards (IRBs) or Ethics Committees are not always equipped to perform a thorough review or gauge the impact of Internet measurement studies. This paper examines the impact of this development for Internet measurements and analyses previous cases where Internet measurements have touched upon ethical issues. The paper proposes an early framework to help researchers identify stakeholders and how a network study may impact them. In addition to this, the paper provides advice on creating measurement practices that incorporate ethics by design, and also considers the role of third-party data suppliers in ethical measurement practices

On the Adoption of the Elliptic Curve Digital Signature Algorithm (ECDSA) in DNSSEC

The Domain Name System Security Extensions (DNSSEC) are steadily being deployed across the Internet. DNSSEC extends the DNS protocol with two vital security properties, authenticity and integrity, using digital signatures. While DNSSEC is meant to solve security issues in the DNS, it also introduces a new one: the digital signatures significantly increase DNS packet sizes, making DNSSEC an attractive vector to abuse in amplification denial-of-service attacks. By default, DNSSEC uses RSA for digital signatures. Earlier work has shown that alternative signature schemes, based on elliptic curve cryptography, can significantly reduce the impact of signatures on DNS response sizes. In this paper we study the actual adoption of ECDSA by DNSSEC operators, based on longitudinal datasets covering over 50% of the global DNS namespace over a period of 1.5 years. Adoption is still marginal, with just 2.3% of DNSSEC-signed domains in the .com TLD using ECDSA. Nevertheless, use of ECDSA is growing, with at least one large operator leading the pack. And adoption could be up to 42% higher. As we demonstrate, there are barriers to deployment that hamper adoption. Operators wishing to deploy DNSSEC using current recommendations (with ECDSA as signing algorithm) must be mindful of this when planning their deployment

The Internet of Names: A DNS Big Dataset - Actively Measuring 50% of the Entire DNS Name Space, Every Day

The Domain Name System (DNS) is part of the core infrastructure of the Internet. Tracking changes in the DNS over time provides valuable information about the evolution of the Internet’s infrastructure. Until now, only one large-scale approach to perform these kinds of measurements existed, passive DNS (pDNS). While pDNS is useful for applications like tracing security incidents, it does not provide sufficient information to reliably track DNS changes over time. We use a complementary approach based on active measurements, which provides a unique, comprehensive dataset on the evolution of DNS over time. Our high-performance infrastructure performs Internet-scale active measurements, currently querying over 50% of the DNS name space on a daily basis. Our infrastructure is designed from the ground up to enable big data analysis approaches on, e.g., a Hadoop cluster. With this novel approach we aim for a quantum leap in DNS-based measurement and analysis of the Internet

Prijzen van landbouwgrond in en om VINEX-locaties

Studie in opdracht van het Directoraat-Generaal voor de VolksHuisvesting van het ministerie van Verkeer, Ruimtelijke Ordening en Milieu. De studie laat zien dat er met behulp van gegevens van het Kadaster betrouwbare overzichten van prijzen van landbouwgrond in VINEX-gemeenten kunnen worden opgesteld. Zowel per BON-gebied (Besturen Op Niveau), zoals vastgesteld binnen de kaderwet Bestuur en Verandering als per cluster van overige Stadsgewesten, zoals aangeduid in de bijlage van het Besluit Locatiegebonden Subsidies (BLS). De prijzen van landbouwgronden in VINEX-locaties en VINEX-gemeenten blijken tussen 1993 en 1997 met 60% te zijn gestegen tot gemiddeld 55 gulden per vierkante meter. In dezelfde periode stegen de prijzen van agrarisch bestemde gronden met 30% tot 5 gulden per vierkante meter

Uneven Relationalities, Collective Biography, and Sisterly Affect in Neoliberal Universities

This article deploys a collective biographical methodology as a political and epistemological intervention in order to explore the emotional and affective politics of academic work for women in neoliberal universities. The managerial practices of contemporary universities tend to elevate disembodied reason over emotion; to repress, commodify, or co-opt emotional and affective labor; to increase individualization and competition among academic workers; and to disregard the relational work that the article suggests is essential for well-being at work. The apparent marginalization of feminist and feminine ways of being, thinking, and feeling in academia is examined through close readings of three narrative vignettes, which are based on memories of the everyday academic spaces of meetings, workshops, and mentoring. These stories explore moments of the breaking of ties among women and between men and women, as well as document how feminist relationalities can bind and exclude. The article suggests that academic ties are both part of the problem and the solution to countering neoliberal policies, and that academic relationships, especially with other women, are often experienced as unrealized spaces of hope. Building on feminist scholarship about race and diversity, the article reflects on how relational practices like collective biography create both inclusions and exclusions. Nevertheless, it suggests that the methodology of collective biography might engender more sustainable and ethical ways of being in academic workplaces because it provides the resources to begin to create a new collective imaginary of academia

A systematic review of anatomic predictors of abdominal aortic aneurysm remodeling after endovascular repair

Objective: The long-term outcomes after endovascular abdominal aneurysm repair (EVAR) of abdominal aortic aneurysms (AAAs) have been inferior to those after open surgical repair with regard to reinterventions and late mortality. AAA sac remodeling after EVAR has been associated with endoleaks, reinterventions, and mortality. Therefore, knowledge of the predictors of AAA sac remodeling could indirectly give insight into the long-term EVAR outcomes. In the present review, we aimed to provide an overview of the evidence for anatomic predictors of positive and negative AAA sac remodeling after EVAR. Methods: A systematic literature review and analysis were conducted in accordance with the PRISMA (preferred reporting items for systematic reviews and meta-analyses) and Cochrane guidelines. The PubMed and Scopus databases were searched using terms of AAA sac growth, shrinkage, and remodeling. Eligible studies were identified, and only those studies that had included currently used endografts were included. Results: A total of 19 studies that had reported on a total of 27 anatomic parameters of the aortoiliac anatomy were included. Only 4 parameters had been investigated by more than five studies, 7 parameters were investigated by three to five studies, 7 parameters were investigated by two studies, and 9 parameters were investigated by one study. For the presence of neck thrombus, three of four studies had reported similar results, indicating that the presence of neck thrombus might predict for less AAA sac shrinkage. AAA thrombus, the total AAA volume, the flow-lumen volume, aortic calcification, and the number of hostile neck parameters were only investigated by two to three studies. However, these parameters seemed promising for the prediction of sac remodeling. For hostile neck anatomy, neck length, infrarenal neck angulation, and patency of the inferior mesenteric artery, no significant association with any category of AAA sac remodeling was found. Conclusions: The present review demonstrates neck thrombus, AAA thrombus, number of hostile neck parameters, total AAA volume, AAA flow-lumen volume, and aortic calcification as important anatomic features that are likely to play a role in AAA remodeling after endovascular repair and should be further explored using advanced imaging techniques. We also found that strong, consistent evidence regarding the anatomic predictors of AAA sac remodeling after EVAR is lacking. Therefore, further research with large patient groups for a broad range of predictors of AAA sac change after EVAR is needed to complement the current gap in the evidence