Explore the vast range of titles available.

The DNS Security Extensions (DNSSEC) are among the first attempts to deploy cryptographic protections in an Internet-scale operational system. DNSSEC applies well-established public key cryptography to ensure data integrity and origin authenticity in the DNS system. While the cryptographic design of DNSSEC is sound and seemingly simple, its development has taken the IETF over a decade and several protocol revisions, and even today its deployment is still in the early stage of rolling out. In this paper, we provide the first systematic examination of the design, deployment, and operational challenges encountered by DNSSEC over the years. Our study reveals a fundamental gap between cryptographic designs and operational Internet systems. To be deployed in the global Internet, a cryptographic protocol must possess several critical properties including scalability, flexibility, incremental deployability, and ability to function in face of imperfect operations. We believe that the insights gained from this study can offer valuable inputs to future cryptographic designs for other Internet-scale systems.

When the global rollout of the DNS Security Extensions (DNSSEC) began in 2005, a first-of-its-kind trial started: The complexity of a core Internet protocol was magnified in favor of better security for the overall Internet. Thereby, the scale of the loosely-federated delegation in DNS became an unprecedented cryptographic key management challenge. Though fundamental for current and future operational success, our community lacks a clear notion of how to empirically evaluate the process of securely transitioning keys. In this paper, we propose two building blocks to formally characterize and assess key transitions. First, the anatomy of key transitions, i.e., measurable and well-defined properties of key changes; and second, a novel classification model based on this anatomy for describing key transition practices in abstract terms. This abstraction allows for classifying operational behavior. We apply our proposed transition anatomy and transition classes to describe the global DNSSEC deployment. Specifically, we use measurements from the first 15 years of the DNSSEC rollout to detect and understand which key transitions have been used to what degree and which rates of errors and warnings occurred. In contrast to prior work, we consider all possible transitions and not only 1:1 key rollovers. Our results show measurable gaps between prescribed key management processes and key transitions in the wild. We also find evidence that such noncompliant transitions are needed in operations.

As the Internet plays an increasingly critical role in both our global economy and governments all over the world, it has become a central concern for everyone. This has elevated its security from just a relevant research area to one of the global linchpins of our society. Unfortunately, it is widely recognized (and often lamented) that the designs of the Internet's core protocols did not make security a top priority, and there has been an increasingly palpable sense that the Internet needs to enhance its security. Though there have been many efforts to add security protections, the Internet's environment has confounded designs or models that require strict behaviors, rigid configurations, or any form of global consensus (such as a global Certificate Authority, CA). One of the most notable attempts to secure a core protocol has been the DNS Security Extensions (DNSSEC), which is the first attempt to actually deploy a true Internet-scale cryptosystem. However, this seemingly straightforward design has met with many fundamental challenges which stem from its \"provable security\" foundation. In this dissertation we introduce a new system substrate called Measurable Security that casts security assurances as measurable quantities and embraces the chaotic environment that Internet-scale systems face. Specifically, DNSSEC is a type of system that uses cryptography as its sole foundation (a cryptosystem), and in this work we show how Measurable Security can act as an additional foundational element that lets DNSSEC's design embrace aspects of its own deployed status, and help remedy some tangible problems the DNSSEC deployment is already facing. To fully illustrate the utility of Measurable Security, we first show how it can be applied the current DNSSEC deployment and used to quantify an empirical notion of how well it is offering its security protections to client resolvers today. To do this, we propose three design-level measures (and three associated system-level metrics) that allow us to evaluate the operational level of protections that DNSSEC tries to offer. Next, we use Measurable Security to derive a model for DNSKEY learning and verification called Public Data. From this model we will go on to discuss an actual open source software system (called Vantages ) whose design is based on this concept and which is publicly available. Finally, we quantitatively demonstrate how much more effective Vantages is than DNSSEC's current key learning design by using deployment metrics to create a side-by-side comparison of the two approaches. We believe that this is the first opportunity that operators of any Internet-scale cryptosystem have had to make an apples-to-apples comparison between the deployments of different cryptosystem designs, and properly judge them against each other.

Transport Layer Security (TLS) is the base for many Internet applications and services to achieve end-to-end security. In this paper, we provide guidance on how to measure TLS deployments, including X.509 certificates and Web PKI. We introduce common data sources and tools, and systematically describe necessary steps to conduct sound measurements and data analysis. By surveying prior TLS measurement studies we find that diverging results are rather rooted in different setups instead of different deployments. To improve the situation, we identify common pitfalls and introduce a framework to describe TLS and Web PKI measurements. Where necessary, our insights are bolstered by a data-driven approach, in which we complement arguments by additional measurements.

Preserving privacy is an undeniable benefit to users online. However, this benefit (unfortunately) also extends to those who conduct cyber attacks and other types of malfeasance. In this work, we consider the scenario in which Privacy Preserving Technologies (PPTs) have been used to obfuscate users who are communicating online with ill intentions. We present a novel methodology that is effective at deobfuscating such sources by synthesizing measurements from key locations along protocol transaction paths. Our approach links online personas with their origin IP addresses based on a Pattern of Life (PoL) analysis, and is successful even when different PPTs are used. We show that, when monitoring in the correct places on the Internet, DNS over HTTPS (DoH) and DNS over TLS (DoT) can be deobfuscated with up to 100% accuracy, when they are the only privacy-preserving technologies used. Our evaluation used multiple simulated monitoring points and communications are sampled from an actual multiyear-long social network message board to replay actual user behavior. Our evaluation compared plain old DNS, DoH, DoT, and VPN in order to quantify their relative privacy-preserving abilities and provide recommendations for where ideal monitoring vantage points would be in the Internet to achieve the best performance. To illustrate the utility of our methodology, we created a proof-of-concept cybersecurity analyst dashboard (with backend processing infrastructure) that uses a search engine interface to allow analysts to deobfuscate sources based on observed screen names and by providing packet captures from subsets of vantage points.

During disasters, crisis, and emergencies the public relies on online services provided by official authorities to receive timely alerts, trustworthy information, and access to relief programs. It is therefore crucial for the authorities to reduce risks when accessing their online services. This includes catering to secure identification of service, secure resolution of name to network service, and content security and privacy as a minimum base for trustworthy communication. In this paper, we take a first look at Alerting Authorities (AA) in the US and investigate security measures related to trustworthy and secure communication. We study the domain namespace structure, DNSSEC penetration, and web certificates. We introduce an integrative threat model to better understand whether and how the online presence and services of AAs are harmed. As an illustrative example, we investigate 1,388 Alerting Authorities. We observe partial heightened security relative to the global Internet trends, yet find cause for concern as about 78% of service providers fail to deploy measures of trustworthy service provision. Our analysis shows two major shortcomings. First, how the DNS ecosystem is leveraged: about 50% of organizations do not own their dedicated domain names and are dependent on others, 55% opt for unrestricted-use namespaces, which simplifies phishing, and less than 4% of unique AA domain names are secured by DNSSEC, which can lead to DNS poisoning and possibly to certificate misissuance. Second, how Web PKI certificates are utilized: 15% of all hosts provide none or invalid certificates, thus cannot cater to confidentiality and data integrity, 64% of the hosts provide domain validation certification that lack any identity information, and shared certificates have gained on popularity, which leads to fate-sharing and can be a cause for instability.

Botnet Distributed Denial of Service (DDoS) attacks are now 20 years old; what has changed in that time? Their disruptive presence, their volume, distribution across the globe, and the relative ease of launching them have all been trending in favor of attackers. Our increases in network capacity and our architectural design principles are making our online world richer, but are favoring attackers at least as much as Internet services. The DDoS mitigation techniques have been evolving but they are losing ground to the increasing sophistication and diversification of the attacks that have moved from the network to the application level, and we are operationally falling behind attackers. It is time to ask fundamental questions: are there core design issues in our network architecture that fundamentally enable DDoS attacks? How can our network infrastructure be enhanced to address the principles that enable the DDoS problem? How can we incentivize the development and deployment of the necessary changes? In this article, we want to sound an alarm and issue a call to action to the research community. We propose that basic research and principled analyses are badly needed, because the status quo does not paint a pretty picture for the future.

Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades, but the basic defense approaches have not fundamentally changed. Rather, the size and rate of growth in attacks have actually outpaced carriers' and DDoS mitigation services' growth, calling for new solutions that can be, partially or fully, deployed imminently and exhibit effectiveness. In this paper, we examine the basic functions in Named Data Networking (NDN), a newly proposed Internet architecture, that can address the principle weaknesses in today's IP networks. We demonstrate by a new DDoS mitigation solution over NDN, Fine-grained Interest Traffic Throttling FITT, that NDN's architectural changes, even when incrementally deployed, can make DDoS attacks fundamentally more difficult to launch and less effective. FITT leverages the NDN design to enable the network to detect DDoS from victim's feedback, throttles DDoS traffic by reverse its exact paths through the network, and enforces control over the misbehaving entities at their sources. Our extensive simulation results show that FITT can throttle attack traffic with one-way time delay from the victim to the NDN gateway; upon activation, FITT effectively stop attack traffic from impacting benign flows, resulting in over 99\\% of packets reaching victims being legitimate ones. We further demonstrate that service providers may implement NDN/FITT on existing CDN nodes as an incrementally deployable solution to effectuate the application level remediation at the sources, which remains unattainable in today's DDoS mitigation approaches.

To fight tax evasion, the Belgian Parliament has introduced new Article 344 section 1 of the Belgian Income Tax Code in the form of so-called \"economic reality.\" Some may now think that the article, in effect, means the end of the Brepols doctrine, referring to a 1961 Supreme Court case in which it held that, as long as a taxpayer is prepared to accept the consequences of legal acts devised by her, then the Tax Administration cannot interfere with the taxpayer's structuring. The new law is clearly not intended to do away with structuring as such, but rather to ensure that tax engineering has not been used for the sole purpose of avoiding tax. The general idea is that substance should prevail over form. The capitalization of corporations will henceforth be scrutinized by the Belgian Tax Administration on the basis of the new law. The new law also introduces a step transaction doctrine and may have repercussions on international transactions.

Belgian coordination centers have provided substantial tax and other advantages to multinational corporations since 1982. Coordination centers enjoy special tax benefits, which include a determination of their taxable base in the form of a percentage of certain administrative expenses. While they have had a significantly favorable impact on Belgium's economic climate, coordination centers have contributed relatively little to the Belgian exchequer in the form of taxes. Consequently, the Belgian Parliament has introduced a new head tax on coordination centers. US parent companies of coordination centers will be particularly unhappy with the new tax because the head tax is not available for the foreign tax credit in the US since the Belgian tax is not based on income.