Closeup Of A Server Network Panel

In Network Security Design, It’s About the Users

One of the longstanding goals of network security design is to be able to prove that a system – any system – is secure.

Designers would like to be able to show that a system, properly implemented and operated, meets its objectives for confidentiality, integrity, availability and other attributes against the variety of threats the system may encounter.

A half century into the computing revolution, this goal remains elusive.

One reason for the shortcoming is theoretical: Computer scientists have made limited progress in proving lower bounds for the difficulty of solving the specific mathematical problems underlying most of today’s cryptography. Although those problems are widely believed to be hard, there’s no assurance that they must be so – and indeed it turns out that some of them may be quite easy to solve given the availability of a full-scale quantum computer.

Another reason is a quite practical one: Even given building blocks that offer a high level of security, designers, as well as implementers, may well put them together in unexpected ways that ultimately undermine the very goals they were supposed to achieve.


Blue Folder With Keyhole on digital background

Thinking Ahead on Privacy in the Domain Name System

Earlier this year, I wrote about a recent enhancement to privacy in the Domain Name System (DNS) called qname-minimization. Following the principle of minimum disclosure, this enhancement reduces the information content of a DNS query to the minimum necessary to get either an authoritative response from a name server, or a referral to another name server. This is some additional text.

In typical DNS deployments, queries sent to an authoritative name server originate at a recursive name server that acts on behalf of a community of users, for instance, employees at a company or subscribers at an Internet Service Provider (ISP). A recursive name server maintains a cache of previous responses, and only sends queries to an authoritative name server when it doesn’t have a recent response in its cache. As a result, DNS query traffic from a recursive name server to an authoritative name server corresponds to samples of a community’s browsing patterns. Therefore, qname-minimization may be an adequate starting point to address privacy concerns for these exchanges, both in terms of information available to outside parties and to the authoritative name server.


Datacenter Alley

Minimum Disclosure: What Information Does a Name Server Need to Do Its Job?

Two principles in computer security that help bound the impact of a security compromise are the principle of least privilege and the principle of minimum disclosure or need-to-know.

As described by Jerome Saltzer in a July 1974 Communications of the ACM article, Protection and the Control of Information Sharing in Multics, the principle of least privilege states, “Every program and every privileged user should operate using the least amount of privilege necessary to complete the job.”

Need-to-know is the counterpart for sharing information: a system component should be given just enough information to perform its role, and no more. The US Department of Health and Human services adopts this principle in the HIPAA privacy policy, for example, which states: “protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function.”

There may be tradeoffs, of course, between minimizing the amount of privilege or information given to a component in a system, and other objectives such as performance or simplicity. For instance, a component may be able to do its job more efficiently if given more than the minimum amount.  And it may be easier just to share more than is needed, than to extract out just the minimum required. The minimum amounts of privilege may also be hard to determine exactly, and they might change over time as the system evolves or if it is used in new ways.

Least privilege is well established in DNS through the delegation from one name server to another of just the authority it needs to handle requests within a specific subdomain. The principle of minimum disclosure has come to the forefront recently in the form of a technique called qname-minimization, which aims to improve privacy in the Domain Name System (DNS).


Global computer network

The Why and How of DNS Data Analysis

headshot-burt-kaliskiA network traffic analyzer can tell you what’s happening in your network, while a Domain Name System (DNS) analyzer can provide context on the “why” and “how.”

This was the theme of the recent Verisign Labs Distinguished Speaker Series discussion led by Paul Vixie and Robert Edmonds, titled Passive DNS Collection and Analysis – The “dnstap” Approach.


World globe and bar graph

New from Verisign Labs: Measuring IPv6 Adoption

IPv4 is the common thread that has held the internet together since its very early years, and, thus, it is both the most
important and most widely deployed networking protocol in existence. As the world rapidly runs out of available IPv4 address space, there has been a major movement to transition the internet to the IPv6 protocol with its vastly larger address space.

The global internet community has shown a huge level of collaborative effort in driving this transition. Events like World IPv6 Day and World IPv6 Launch Day brought together organizations working across all levels of network connectivity to raise awareness of the ever-increasing need for this change. Held on Feb. 11, 2011, World IPv6 Day marked the beginning of the changeover process. Since then, IPv6 adoption has been a closely watched and increasingly important metric.


Server room in datacenter

Exploring Future Internet Architectures

UCLA and Washington University in St. Louis recently announced the launch of the Named Data Networking (NDN) Consortium, a new forum for collaboration among university and industry researchers, including Verisign, on one candidate next-generation information-centric architecture for the internet.

Verisign Labs has been collaborating with UCLA Professor Lixia Zhang, one of the consortium’s co-leaders, on this future-directed design as part our university research program for some time. The consortium launch is a natural next step in facilitating this research and its eventual application.

Van Jacobson, an Internet Hall of Fame member and the other co-leader of the NDN Consortium, surveyed developments in this area in his October 2012 talk in the Verisign Labs Distinguished Speaker Series titled, “The Future of the Internet? Content-Centric Networking.

As I stated in my summary of the talk, content-centric networking and related research areas under the heading of information-centric networking and NDN bring internet protocols up to date to match the way many of us already are using the internet. As Van noted, when people want to access content over the internet– for instance the recording of his talk – they typically reference a URL, for instance


Solving Challenges of Scale in Data and Language

It would not be too much of an exaggeration to say that the early internet operated on the scale of kilobytes, with all spoken languages represented using a single character encoding – ASCII. Today’s global internet, so fundamental to society and the world’s economy, now enables access to orders of magnitude more information, connecting a speakers of a full spectrum of languages.

The research challenges continue to scale along with data volumes and user diversity.



The Real Uneven Playing Field of Name Collisions

Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they’re on an even playing field with one another.

Verisign’s latest public comments on ICANN’s “Mitigating the Risk of DNS Namespace Collisions” Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21.



Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Verisign posted preliminary public comments on the “Mitigating the Risk of DNS Namespace Collisions” Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done.


World Business Blue Background

Proceedings of Name Collisions Workshop Available

Presentations, papers and video recordings from the name collisions workshop held earlier this month in London are now available at the workshop web site,

The goal for the workshop, described in my “colloquium on collisions” post, was that researchers and practitioners would “speak together” to keep name spaces from “striking together.” The program committee put together an excellent set of talks toward this purpose, providing a strong, objective technical foundation for dialogue. I’m grateful to the committee, speakers, attendees and organizers for their contributions to a successful two-day event, which I am hopeful will have benefit toward the security and stability of internet naming for many days to come.