Introduction to IPv6 Security

Date: October 8, 2020
Time: 00:00 UTC - 00:00 UTC
Slides: Slides
Recording: Recording

How security will be handled in IPv6 is a question asked by many. Myths abound. In this session, we will start to look at:

• NAT is not a firewall (security by obscurity)
• Complexities introduced by multiple stacks
• Risks introduced by not considering IPv6
• Reconn attacks and defense
• Local network attacks and defense
• Unauthenticated NDP (similar to ARP)
• Cache table exhaustion and ping-pong attacks
• Rogue device attachments
• Mitigations
• Extension Headers
• ICMPv6

This is only a start. In the following year, we plan to do a more detailed investigation of this critical area. There will be follow-on webcasts. In the survey to enterprises, many people said that this was a topic they considered very important.

Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co-founder of three start-ups in the high-tech arena.

Asynchronous Group Messaging Security

Date: July 23, 2020
Time: 00:00 UTC - 00:00 UTC
Slides: Slides
Recording: Recording

Peer-to-peer group communication has long been a necessity for usability in team coordination. However, the security of such systems has not been well understood or investigated in comparison to one-to-one secure messaging options (such as Signal or even TLS). Based on an ongoing IETF standardization initiative, this presentation will introduce participants to the basic concepts of group messaging security, end-goals, and threat models – including “self-healing” security – and will prepare them to ask critical questions regarding group communication security and implementations.

Britta Hale is an Assistant Professor of Computer Science at the Naval Postgraduate School working in cryptography and cybersecurity. Her specialization areas include analysis and design of cryptographic key exchange and authentication protocols. Hale is currently active in the design and IETF standardization of the MLS group messaging protocol, user-mediated protocol analysis, and hybrid post-quantum cryptography.

Recent papers include the first public research on detection of man-in-the-middle attackers in messaging protocols. Hale holds a PhD from the Norwegian University of Science and Technology and a Master’s in Mathematics of Cryptography and Communications from Royal Holloway, Univ. of London.

Internationalized Domain Names: Homographic Attacks

Date: July 7, 2020
Time: 00:00 UTC - 00:00 UTC
Slides: Slides
Recording: Recording

ICANN is engaged in an effort for the Internationalization of Domain Names — that is, making them available in languages other than English. Thıs ınvolves fıgurıng out what new symbols must be used, of course. But also figuring out which of the new symbols are easily confused with each other, or with existing symbols. Just by way of example, the Latin alphabet contains 26 basic letters, but those can be combined with some 20 diacritic marks (little dots and lines above or below the letter), giving a total of some 220 symbols. Some are only distinguishable if you know the language they happen in. For example, in a domain name suppose you encounter a Dotless I ( ı in lower case, this occurs in Turkish) when you are expecting a regular I, will you notice. In my observation, no — especially if you have never even heard of a Dotless I. (Did you notice when they got used in one sentence above?)

The domain name which is malformed in this way will most likely take you somewhere other than where you expected.  This is called a “homographic attack”.  Homographic attacks can be used for phishing and pharming with the end goal of introducing viruses or for defrauding the consumer. You may wish to understand these risks. You may also want to have some input into what limits get put on new names. We will tell you how you may get involved at ICANN.

Bill Jouris has been working in the computer industry since his college days, before the Internet was even thought of. His early career in industry was dealing with performance analysis and tuning of mainframe systems for financial and healthcare firms. He is Chief Operating Officer at Inside Products.

In addition, Bill has been active in the Computer Measurement Group, which is the professional organization for the computer performance field for decades, and served two terms on its Board of Directors. He is on the ICANN Latin Generation Panel which is a part of ICANN’s effort to expand the range of possible domain names.