8. Internet Governance Definition
8
IG Definition @ WSIS Tunis 2005 :
The development and applicationby governments, the
privatesector and civil society, in their respectiveroles, of
shared principles,norms, rules, decision-making
procedures, and programmes that shape the evolution
and use of the Internet.
9. Internet Governance Layers
9
Telecom infrastructure
(cable, wireless, ...)
Protocols, standards and services
(DNS, TCP/IP, SSL...)
Content and applications
(HTML, FTP, XML)
Source:Diplo
11. IG Concepts in ARPANET – Technology Track
11
1969 1983
ü System
requirements
ü Standardization
ü Entity for
managing
technical
standards
RFC 01 RFC 03
IETF
Working
Group
Steve
Crocker
RFC 883
RFC 882
ü Domain name
concept
ü Tree hierarchy
ü DNS operation
1984
RFC 1035
RFC 1034
ü DNS delegation
ü ccTLD, gTLD
ü Single Root
1987 1994
ISC:
Paul
Vixie
BIND
UC Berkeley
Jon Postel acted as RFC Editor 1969-1998
14. IG Concepts in ARPANET – Registry Track
14
1969
HOSTS.TXT
hostname IPaddress
hostname IPaddress
hostname IPaddress
hostname IPaddress
hostname IPaddress
hostname IPaddress
SRI maintained HOSTS.TXT
SRI (StanfordResearch Institute)
Jon Postel managed
Assigned Number List
Copy to other sites
1981
ü Names
ü Numbers
ü Critical Internet
Resources
ü Registry
operation
ü Uniqueness of
name – Single
Internet
15. IG Concepts for Architecture and Authority
15
1969 1987 1988 1998
RFC 1035
RFC 1034
18 Sep1998
established
16 Oct1998
passed away
Root Zone
Operator
ü Execute IANA
functions
ü Root zone
governance
ü TLD legal issue
The IANA functions manage
protocol parameters, Internet
number resources and domain
names. ICANN performs these
functions on behalf of the
global Internet community.
17. 17
Source : ICANNRoot DNS Anycast Root Source :RIPE
IETF48 Root Server Operators’ statement (1998 Dec)
ü Operatereliably, for thecommon good ofthe
Internet
ü RecognizeIANA as the sourceofthe root data
ü Invest sufficiently to ensureresponsible
operation
ü Facilitate thetransition, when neededandwith
proper notice
ü Recognizethe other root server operators
ü Multistakeholder
ü Recognize IANA
ü Single Internet
ü Internet as public
good
18. IG Concepts for Number Community
18
1992 20011993 1997 2005
ü Multistakeholder
Model
ü Self regulation
ü Member voting
right
ü IP address
allocation
ü Policy
development
process
1999
ü ASO ICANN Board
selection
ü Global address
policy
ü Accountability
ü Transparency
üGovernance
üFinance
üPolicy
19. Critical Information Infrastructure (CII)
19
Internet
Numbering
Architecture
Internet
Naming
Architecture
ü Critical
Information
Infrastructure
Protection
22. 22
Degree of Enforcement
完全中⽴ (Full Neutrality)
強調網路必須完全中⽴,無任何差別待遇,封
包使⽤FCFS 模式傳輸。主要⽀持者包含學者
Susan P. Crawford (Cardozo Law School; 曾任 FCC
主席)。
資料類別特許的差別待遇 (Allow
discrimination based on type of data)
此主張認為網路資料有不同服務需求,例如封
包延遲Latency、或不連續Jitter情況。ISP可以針
對應⽤服務屬性來調整差別待遇。主要⽀持者
包含學者Tim Wu (Columbia University Law
School)
⾮阻斷或⾮節流下之個別訊務排序
Individual prioritization with throttling or blocking
ISP認為在沒有阻斷(block)或不造成阻塞情況下,
ISP可以依不同服務或客⼾需求進⾏訊務排序。
主要⽀持者包含 Comcast, AT&T
不直接強制 (No direct enforcement)
許多國家並沒有網路中⽴相關法律,但可以參
考其他法律來管制,例如反競爭法,美國FCC
在無網路中⽴法之前也是參考市場合理實務提
出管制命令。
ISP 市場競爭度
美國Comcast / Netflix案件中法院裁定 Comcast 違反
網路中⽴主因: ⼤多數網路使⽤者在寬頻(25Mbps)
服務只有單⼀寬頻服務供應商可選擇。在此情境下,
ISP差別待遇⾜以影響市場競爭,寬頻 ISP 負有更⼤
責任維持服務的中⽴性,避免影響網路使⽤者的權
益。
ü Improve
connectivity
ü neutral Internet
exchange and
peering
23. CERT (Computer Emergency Response Team)
üCERT was first used in 1988 by
CERT CoordinationCenter at CMU.
CERT and CSIRT (computer security
incident response team) are used
interchangeably.
üFIRST (Forum of Incident Response and
Security Team) is the global
associationof CSIRTs
üAPCERT Established 2003. Annual
events include (1)AGM (2)APCERT
Drill
23
24. 24
ü Allocationand assignment of three sets of uniqueidentifiers of the Internet:
domain names, IP addresses, and protocol parameters
ü Operation and evolutionof the DNSroot name server system
ü Policy development reasonably and appropriately related to these technical
functions
ü Multistakeholder
ü Accountability
ü Transparency
üGovernance
üFinance
üPolicy
25. UN IG Initiatives – Political Track
25
2003 20062005 2010
ü Multistakeholder
ü Multilateral
ü Inclusion
ü Sustainability
2015
Technical Topics
üCritical Internet resources
üCapacity building
üSecurity
üAccess
üInternationalization
27. 27
The Internet and Internet Governance(IG)
Cybersecurity
Cybersecurity vs. IG
28. Confidentiality Integrity Availability
prevents
unauthorized use or
disclosure of
information
safeguards the
accuracy and
completeness of
information
authorized users
have reliable and
timely access to
information
Goals of Information Security
28
29. 29
ISO27001
ISO 27001 – a global recognized standard that provides a
best practice framework for addressing the entire range of
cyber risks
ü People, processes, technology
ü Systematic approach for establishing, implementing,
operating, monitoring, reviewing, maintaining, and
improving an organization‘s information security to
achieve business objectives
Key elements of implementing ISO227001
ü Determine the scope of the ISMS
ü Consider the context of the organization and interested parties
ü Appoint a senior individual responsible for information security
ü Conduct a risk assessment – identify risks, threats, and vulnerabilities
ü Appoint risk owners for each of the identified risks
ü Implement appropriate policies and procedures
ü Conduct staff training
ü Conduct an internal audit
ü Implement continual improvement of the ISMS
33. DDoS As A Service
33
Source:tripwire,May 26 2016
400,000 Bots for Rent
Source : bleepingcomputer,Nov 24 2016
34. Operation of a DDoS attack
34
attacker computers
real users
target serversInternet
SERVICE OFFLINE
out of resources
35. Protection: Technology vs. Insurance
35
FIRST PARTY COVERAGE
üdamage to digital assets
übusiness interruption
ücyber extortion
üprivacy breach expenses
THIRD PARTY COVERAGE
ü privacy liability
ü network security liability
ü internet media liability
ü regulatory liability
ü contractual liability
Cyber Liability Insurance is inexepensive effective coverage. Coverage
limits starting at $100,000 with annual premiums starting as low as $250
1. Key companies include: AIG, Marsh, Allianz
2. False sense of security
3. Growth of market and risk will increase
insurance premium
1. Greater protection from threats
2. Insurance driving implementation
of technology solutions to comply
with policy requirement
36. Cyber War Case - Afghanistan
• Two-way cyber war measures
• Cyber offensive capability
• Cyber dependence :
• Degree to which a nationrelies upon cyber-controlled
systems
• Cyber defensivecapability
• “We have the most bandwidth running though our society
and are moredependent on that bandwidth. We arethe most
vulnerable.“– former Admiral McConnell.
• Afghanistan 2001
• US had conducted a cyber war plan, but no targets for
cyber warriors,that gives Afghanistan an advantage.
• If Afghanistan had any offensive cyber capability,the
cyber war would have shifted in different way
36
37. Cyber War Case - China
• Offense vs. defense
• US has the most sophisticatedoffensive capability,but it can’t
make up its weaknesses in defensiveposition. Cyber defense
trainings areoffensivefocus.
• China cyber warriors aretaskedwithboth offense and defense in
cyberspace.
• China advantagesin cyber war
• Ownership: Internet in China is like an intranet of a company.
Government is the only serviceprovider
• Censorship
• Great Firewall of China provides security advantages
• The technology that Chinese use to screen emails/message provide the
infrastructure to stop malware
• Install software on all computers to keep children from gaining access to
pornography – Give China control over every desktop in the country.
• Critical infrastructure:For electric power system,US relies on
automationcontrolledsystem,but China requirea largedegree of
manual control.
37
38. Cyber War Strength
38
US
Cyber Offense: 8
Cyber Dependence : 2
Cyber Defense: 1
Total : 11
Russia
Cyber Offense: 7
Cyber Dependence : 5
Cyber Defense: 4
Total : 16
China
Cyber Offense: 5
Cyber Dependence : 4
Cyber Defense: 6
Total : 15
Iran
Cyber Offense: 4
Cyber Dependence : 5
Cyber Defense: 3
Total : 12
North Korea
Cyber Offense: 2
Cyber Dependence : 9
Cyber Defense: 7
Total : 18
Source:Richard Clarke,2010
39. DDoS vs. Cyberwar
39
Cyberwar initiated country Counterpart country
Internet DMZ
1. DDoS can only attack DMZ zone. DMZ was built for that purpose.
2. DDoS attacks are compelling. The targets can be easily identified. It gives
enemy an advantage of increasing defensive capability, or relaxing cyber
dependence.
41. Browser SSL Connection
41
1. Server sends a copy ofits asymmetric public key
2. Browser creates a symmetric session key and encrypt it with the server’s public key
3. Server decrypts the asymmetric public with its private key to get the symmetric session
key
4. Server and Browser now encrypt and decrypt alltransmitted data with the symmetric
session key. This allowa secure channel because only the Browser and the Server knowthe
symmetric session key.
Symmetric key 128/256 bit (fast); PKI key 1024/2048 bit (slow)
Most secure communication systems (SSL; SSH; VPN..) use symmetric key encryption
1
2
3
4
44. 44
Certificate Authority vs. IG Authority
It can be done by deploying DNSSEC and DANE and
give up CA's and X.509certificate hierarchies.
CA can issue a cert for any domain name and
instead use DNSSEC and DANE
45. OECD
CIIP (Critical InformationInfrastructure Protection)
45
üInformation components supporting the critical
infrastructure
üInformation infrastructure supporting essential
components of government business
üInformation infrastructure essential to the
national economy
US
Systems and assets, whether physical or virtual to
the US that the incapacity of destruction of such
systems and assets would have a debilitating
impact on security, national economic security,
national public health or safety, or any
combination of those matters.
CIIP
Directive (EU) 2016/1148 ANNEX II :
IXP、Root DNS、TLD Registry
EU
46. ETSI Lawful Intercept Model
46
administration
function
IRI mediation
function
content
mediation
function
IRI : intercept
related Information
CC : content
of communication
INI
internal network interface
IIF
internal interception function
HI3
content of communication
Network
Internal
Functions
HI2
Intercept related information
HI1
administrative information
NWO/AP/SvP Domain
LEMF
Law Enforcement Monitoring Facility
network operator / access provider / service provider
HI: handover interface
(ETSI)
50. China Telecom hijacks Verizon Wireless
50
AS 4134
China Telecom
AS 7018
AT&T
AS 3356
Level 3
AS 2828
X0 Comm.
AS 6167
Verizon
AS 22394
Verizon
4134, 22724, 22724
66.174.161.0/24
3356, 6167, 22394
66.174.161.0/24
AS 22724
China Telecom
Apr, 2010
Prefix Hijacks
China Telecom announced 50,000 prefixes (15% routes)
51. Pakistan Telecom hijacks YouTube
51
AS 18174
Allied Bank
AS 58467
Lahore Stock
AS 18173
Age Khan
AS 3491
PCCW
AS 3327
Linux Telecom
AS 25462
RETN Ltd
AS 36561
YouTube
17557
208.65.153.0/24
3491, 17557
208.65.153.0/24
36451
208.65.153.0/22
AS 17557
Pakistan Telecom
Feb 2008
Subprefix Hijacks
52. Moratel Leaks a Route to PCCW
52
AS 23947
Moratel
AS 3491
PCCW
AS 4436
nLayer
AS 15169
Google
3491, 23947, 15169
8.8.8.0/24
15169
8.8.8.0/24
23947, 15169
8.8.8.0/24
53. 53
The Internet and Internet Governance(IG)
Cybersecurity
Cybersecurity vs. IG
54. Why Bother Internet Governance
54
Jurisdiction
Law
Organization
Rules
International
Law / Treaty
Internet
Governance
Multistakeholder
Standard
Technology
Architecture
Policy
Procedure
Best Practices
Cooperation
Coordination
IG
Regime
61. Secure Communication : Technology
61
RFC 7457
Summarizing Known Attacks on TransportLayer Security (TLS)and
Datagram (DTLS)
RFC 2409 The Internet Key Exchange (IKE)
RFC 3526
More Modular Exponential(MODP) Diffie-Hellman groups for Internet Key
Exchange (IKE)
RFC 7258 PervasiveMonitoring Is an Attack
RFC 7525
Recommendations for SecureUseofTransport Layer Security (TLS)and
Datagram Transport Layer Security (DTLS)
RFC 4307
CryptographicAlgorithm for Usein the Internet Key ExchangeVersion 2
(IKEv2)
Remove support for DH1024
Proposed DH1024
Proposed DH 2048
63. Secure Internet Root
63
a b c ….. k l m
…..Site1 Siten
…..Host1 Hostn
Sites
(uniquelocation
and BGP route)
Root letters
(uniqueIP
anycast address)
Servers
(internal
load balancing)
User
Recursive resolver
Horizontal distribution
Multiple letters
Multiple operators
Vertical distribution
Multiple sites
Multiple servers
64. Impact of The Attack
64
1. The Root DNS handles the situation well
2. Resilience of the Root DNS is not an accident, but the
consequence of fault tolerant design and good
engineering
3. True diversity is the key to avoid collateral damage
68. Potential Cooperation for Cybersecurity and
Internet Governance
68
Case : Crypto–Ransomware
Source : EUROPOL
69. 69
Check Whois database,
Found In Romania
Traceroute, ends up in
Netherlands
1
2
It’s not useful
French Cyber Investigator
Source : EUROPOL
70. 70
MLAT* from French to Romania
1 month later, Romania LE goes
to the indicated company
3
4
MLAT: Mutual Legal Assistance Treaty
Source : EUROPOL
71. 71
Scenario 1 : Romania company cooperate
Found server is in Germany
Second MLAT from French to Germany
5
6
Scenario 2 : Romania company
uncooperative, victim of ID theft
5
Source : EUROPOL
72. 72
1 month later, Germany LE goes to
seize the server
7
To late !!
Decryption keys have been moved
to another server ..
8
Source : EUROPOL
73. LEA and RIRs Cooperation
73
Question?
ü How can we ensure that IP addresses
are announced in the country where
they are actually registered?
ü Can the RIR database reflect the
location of an ISP handling an IP
address?
Internet Policy Proposal
ü Require registration of all IP sub-allocation to downstream ISPs to
entire chain of sub-allocations are accurately reflected in WHOIS
ü NOT disclose end-user information but instead focus on
downstream ISP providing connectivity to the end-user
Source : EUROPOL