Network Security

In the area of network security, TUCCR focuses on three key challenges. First, we tackle the imminent threat, with the detection, mitigation and prevention of existing attacks. Second, we investigate the security evolution of networks, namely the integration and impact of security solutions in current networks. Finally, we perform research into the design of future secure (core and IoT) network systems, or, in other words, we plan for a network security revolution.

Proactive network security

Attack detection, mitigation and prevention aims at characterizing and acting on the current attack landscape at an early stage. While emergent and imminent threats come often to light, understanding the size of the problem in real networks and what slice of the Internet is in practice vulnerable or misused remains an open issue. We therefore focus on real-world scenarios and propose methodologies to characterize and quantify a phenomenon, together with approaches to mitigate it. Finally, based on data on real-world attacks, we investigate how characteristics of such attacks can be used to proactively defend against attacks that are being prepared (proactive network security). The security problems on which we focus include Distributed Denial of Service (DDoS) attacks, Botnets, and spam, as well as the misuse of core network services such as the Domain Name System (DNS). Finally, this research has the goal of creating actionable information (e.g. in the form blacklists or maps of the security landscape) that can be shared with operators and security experts to improve the security level of existing networks.

Internet security, stability and resilience

Evolving security, stability and resilience of current networks requires a continuous effort by standards bodies (such as the IETF), network operators and policy forums (such as ICANN, the GCSC and national bodies such as Platform “Internetstandaarden” in The Netherlands). For all three types of stakeholders it is vital to understand which security, stability and resilience mechanisms work, to what extent they are deployed and if operators that roll out these mechanisms do so follow best current practices. In order to gauge the evolution of the Internet in terms of security, stability and resilience it is vital to perform large-scale longitudinal measurements of core Internet infrastructure such as the DNS, BGP, and RPKI ecosystem. By combining insight from infrastructure measurements with knowledge on Internet economics, we can have an impact on improving the security of the current Internet and support decisions by key stakeholders with sound scientific insights.

Design of secure future networks

Designing secure future networks requires us to study approaches to improve the transparency and security of packet switches and routers. The Internet of Things has already generated an explosion of new devices, and yet, the IoT is only in its infancy. The IoT requires us to re-think network security paradigms and it is therefore a motivating driver for the design of future secure networks.  We therefore follow Software Defined Networking (SDN) and Open Networking principles. We use programming languages such as defined for “Programming Protocol-Independent Packet Processors” (P4), and experiment with systems such as SCION and RINA. Our goal is to facilitate secure routing and network / device attestation within critical networks.

The three research challenges share a common measurement-based approach, based on the creation of large-scale, longitudinal data sets, which we refer to as data lakes. We use big data analysis techniques to characterize the attack landscape, find potential threats, understand the deployment and adoption of security mechanisms and design future networks. The data we analyse include network flows, data from the Domain Name System (DNS, the “yellow pages” of the internet), routing information (BGP, the Border Gateway Protocol), web certificates (X.509, TLS) as well as dedicated security feeds (e.g. malware and phishing blacklists). We work with network operators and industry partners in the TUCCR consortium to include data from their real-world experience in our analyses. This tightens the feedback loop, allowing our insights to flow back to industry through the "fast lane" to TUCCR partners.

Main contact person

prof.dr.ir. R.M. van Rijswijk - Deij (Roland)
Adjunct professor of measurement-based Internet security

Involved reseachers