iot and internet identifier security - itu: committed to ......iot and internet identifier security...
TRANSCRIPT
IoT and Internet Identifier SecurityJoyce Chen | Senior Manager Strategy & Development, ICANNAsia Pacific Digital Societies Policy Forum - Thailand | 28 April 2016
| 2
For public use. Designed by XPLANE, in assignment by ICANN. v2.1 • 16 December 2015 2015 | Creative Commons Attribution - NonCommercial
NAMES NUMBERSINTERNETPROTOCOLS+ + =
IDENTIFIERS’ PUBLIC REGISTRIES
NAMES PROTOCOLSNUMBERS
THE ROOT ZONE
LOGI
CAL
LAYE
R
• ICANN / IANA• IETF• NRO / RIRs• ISO• ETSI• TLD Operators• Domain Name Registrars• IEEE• W3C
E ▲0.98 +13% EQZ ▲24.52 +20% 12.71 -3E ▲0.98 +13% EQZ ▲24.52 +20%24.52 +20% 12.71 -3
ENTERTAINMENT
ECONOMIC AND SOCIAL
DEVELOPMENT
FINANCE
EDUCATION
HEALTHCARE
INTERNET OF THINGS
PUBLIC SECTOR AND TAXATION
INFORMATION AND COMMUNICATION
TECHNOLOGY
RIGHTS!
NEWS AND MEDIA
SECURITY
CIVIL AND HUMAN RIGHTS
MANUFACTURING AND TRADE
ECO
NOM
IC A
NDSO
CIET
AL L
AYER
• IGF• World Economic Forum• NETmundial Initiative• W3C• Industrial Internet Consortium• ISOC• National Governments• Private Sector
(ex.: Facebook, Google, Sony, Alibaba)
• Inter-governmental Organizations (ex.: OECD, UNESCO, WTO, WIPO)
• Civil Society (ex.: Human Rights Watch, APC)
• Academia• Law Enforcement Agencies
(ex.: INTERPOL, FBI)
IP ADDRESSESDOMAIN NAMESROOT SERVICES PROTOCOL PARAMETERS
INFR
ASTR
UCTU
RELA
YER
• National ICT Ministries• National Regulators• Network Operators
• GSMA• IEEE• IETF• ITU
INTERNET EXCHANGE
POINTS (IXP)
TERRESTRIAL CABLES
UNDERSEA CABLES SATELLITES WIRELESS
SYSTEMS
THE INTERNET BACKBONE (IP NETWORKS)
THE THREE LAYERS OF DIGITAL GOVERNANCENo one person, government, organization, or company governs the digital space. Digital Governance may be stratified into the three layers depicted here: Infrastructure, Logical, Economic and Societal. Solutions to issues in each layer include policies, best practices, standards, specifications, and tools developed by the collaborations of stakeholders and experts from actors in business, government, academia, technical, and civil society. For a map of Digital Governance Issues and Solutions across all three layers, visit https://map.netmundial.org.
DIGITAL GOVERNANCE ACTORS
The Internet Architecture
| 3
What does ICANN do?
• DomainName.com.org.net;.my.sg.cn .in.bd;.सगंठन ,.游戏,. شبكة
• IPaddress(192.0.32.7)(2607:f0d0:1002:51::4)
| 4
IoT and Unique Identifiers
• Unique Identifiers are needed to address IoT– Internet Protocol version 6 (IPv6) is one of the main unique
identifiers
• Physical layer– 802.15.4, Bluetooth, Wi-Fi, WiMax, 3G/4G, LTE etc.
• Network layer– IPv6 can be applied
• IPv6 will further enable IoT– Interoperable – Scalable – Huge amount of IPv6 addresses– Stateless auto configuration
| 5
DNS Security Threats
| 6
DNS Security Threats
DNS spoofing diverts Internet traffic away from legitimate servers and towards fake ones.
| 7
Cybersecurity – People and Technology
People• Awareness • Security requirements • Capacity building -
Knowledge and skills• Sharing Security Incident
Information
Technology• Server Protection• Data Protection
Lack of security awareness,
knowledge and skills
Lack of understanding,
R&D requirements
Security Requirements
not easily derived
Reluctance to share Security
Incident Information
Risk Management and Security
Audit not emphasised
Cross-Border Crimes occur
Challenges
| 8
People – Information sharing• Exchange of threat/incident intelligence
• Attacks against ccTLDs, registrars
• Coordinated response to threats
• Vulnerability disclosure
• Collaborate to look at specific issues
• Phishing - Research, target bad domains (Anti-Phishing Working Group)
• Spam - Work with Governments; Regional Internet Registries; ISOC
• Crime- DNS abuse/misuse; DDoS attack- Work with Law Enforcement Agencies
• Global Cybersecurity Cybercrime Initiative- OECD, other academic institutions
| 9
Technology - IoT and Internet Identifier Security
• Secure IP networks and DNS infrastructures– IP address management, DHCP, DNS– DNS Response Rate Limiting– Protecting DNS transactions and data– DNSSEC (DNS Security Extensions)
| 10
DNSSEC – simplified
| 11
DNSSEC – simplified
| 12
DNSSEC – simplified
DNSSEC uses digital signaturesto assure that information is correct, and came from the right place.
| 13
DNSSEC: What you can do
• For Companies:– Sign your corporate domain names– Turn on validation on corporate DNS resolvers
• For Users:– Ask ISP to turn on validation on their DNS resolvers
• For All:– Take advantage of DNSSEC education and training
| 14
Preparing for Future!
• Overall planning– Develop technology and Identifier Systems security plan(s)
• Strategy, scope of the deployment, schedule, auditing of execution of the plan
– Budget readiness
– Technical management
– Human capacity development
– Stay abreast with IoT Technologies• IoT and Mobile
14
| 15
Thank You and QuestionsEmail: [email protected]: icann.org
gplus.to/icann
weibo.com/ICANNorg
flickr.com/photos/icann
slideshare.net/icannpresentations
twitter.com/icanntwitter.com/icann4biz
facebook.com/icannorg
linkedin.com/company/icann
youtube.com/user/icannnews
Thank you and Questions