Encryption and Enterprise Data Centers
Many new protocols are being worked on at the IETF. Some are RFCs already; others will soon gain that status. These include: TLS1.3, DNS over HTTPs, and HTTP/2, and QUIC. A fundamental premise that all of these protocols share is that metadata may be misused. So, more and more of the packet is being encrypted. How will this impact diagnostics and troubleshooting? If many of the protocol headers themselves are encrypted, how will we get information on performance? Deep packet inspection is currently used by IDS / IPS, fraud detection and other security tools at enterprises.
These new protocols require a transition for enterprise network management. This session will discuss the nature of the problem and potential solutions for government and industry.
Contributing to the IETF: how to play your part, and how RFCs are made.
Making standards for the Internet is not magic, but it is hard work. The IETF's specifications depend on engineering excellence and collaborative work from experts, designers, academics and most importantly from implementers.
In a high-pressure environments focused on getting it right, there can be many different commercial incentives and there are a lot of strong opinions. But you can contribute to make your mark and to make the Internet work better.
This talk will give you some pointers on how the IETF works, how RFCs come about, and the best ways to penetrate the IETF's unique culture and get involved.
IETF and Regional Internet Registries (RIR)
In 1992, RFC 1366 proposed the regionalisation of IP address management, and led to the establishment of Regional Internet address Registries (RIRs) in the following years. APNIC was founded in 1993 as the RIR for the Asia Pacific region, and serves the regional Internet operator community with IP address allocation and registration services (including IPv4 and IPv6 addresses, and Autonomous System numbers). In this session Paul Wilson will introduce APNIC’s role and responsibilities, and its relationship with IETF standards and processes which are critical to IP addressing and routing in the Internet today.
This talk traces the history of the Internet from early beginnings - J.C.R. Licklider's ruminations on a global information system and various efforts including the ARPANET - through commercialization to the present day. It also traces the development of the organizations that make it work - the IAB, the IRTF, the IETF, and the Internet Society.
Network Slicing and Enhanced VPNs
Adrian Farrel, Old Dog Consulting, UK
5G wireless networks offer the prospect of a large range of sophisticated services for the end-user and for connecting intelligent devices. But delivering those services requires that the underlying network delivers advanced quality guarantees of throughput, loss, delay, and jitter. A popular way of ensuring that these quality guarantees can be met is by partitioning the network resources in a technique called "network slicing."
This talk will look at the techniques developed in the IETF to meet the needs of network slicing. One of the approaches is known as "enhanced VPNs" or "VPN+" and builds on existing VPN concepts to deliver network slices of different types and qualities to enable and support 5G services
Path Computation Element (PCE): Looking ahead
Dhruv Dhody, Huawei, India
This talk will focus on the Path Computation Element (PCE) - Quick introduction to it and how it is being used and what are the future plans? We will also cover how the PCE related to Software defined Networking (SDN) and the status of the WG.
Segment Routing mapped to IPv6 (SRm6)
Reji Thomas, Juniper, Bangalore
In this talk, we would look at Segment Routing with emphasis on SRm6, its motivation, and differences from SRv6. SRm6 supports traffic engineering and network programmability. Specifically, it supports both strict and loose source routing using a new Routing Header type, called the Compressed Routing Header (CRH). It also supports per-segment and per-path service instructions, using new IPv6 Destination Options. SRm6 differs from its predecessors in that a) it adheres strictly to the IPv6 addressing architecture [RFC 4291], b) it adheres strictly to IPv6 [RFC 8200] processing rules, c) it leverages existing IPv6 protocol machinery to the greatest degree possible.
Vmware NSX journey of Network Virtualization towards intent-based networking
Santosh P K, Abhishek Goliya, Bangalore
Technology disruptions and changing markets require the business to constantly deliver new applications to market. However, connectivity between workloads and applications needs to be consistent and security policy must travel with application irrespective of whether it's deployed. Vmware virtual cloud network vision breaks emerging silos created by the multiple public / private data center (s) and creates a ubiquitous network fabric. Vmware NSX is built on the principle of software-defined networking and it provides a foundational step for application mobility. Let's go through the NSX journey of network virtualization; from switching to the virtual cloud network and how it plans to embrace intent-based networking.
Secure Network Protocol Design
Mohit Sethi, Finland
In this talk, we will first look at two recent attacks on network security protocols:
1. Misbinding attacks on secure device pairing and bootstrapping: In identity misbinding attacks against, a legitimate but compromised participant manipulates the honest parties so that the victim becomes unknowingly associated with a third party. These attacks are well known, and resistance to misbinding is considered a critical requirement for security protocols on the Internet. We will show that most device pairing and bootstrapping protocols are however vulnerable to misbinding.
2. Selfie attack on TLS 1.3 External Pre-Shared Key (PSK) mode: TLS 1.3 is finally an Internet standard and is published as RFC 8446. It has undergone roughly 5 years of standardization at the IETF and has been received significant contributions from the security community (about 90 contributors listed in the RFC). TLS 1.3 allows the use of external PSKs for authentication (instead of certificates). This was one of the features specifically requested from the IoT community. Unfortunately, the TLS 1.3 external PSK mode is vulnerable to Selfie attack. Selfie attack is a special case of misbinding attacks.
We will try to understand these complex attacks and their consequences. With these two attacks in mind, we will discuss why it is important for us update the Internet threat model specified in RFC 3552. Finally, we will look at some basic design guidelines which are important to keep in mind when designing security protocols.
How secure is the global routing?
Anurag Bhatia, Hurricane Electric
This talk will cover in detail about how routing filtering across the BGP routing table, the practice of IRR, RPKI, associated challenges etc. It will also put some data on how current state of Indian networks with respect to route filtering.
Edge computing security : Challenges and solutions
Rajeev Chaubey, Juniper
Edge cloud represents an extension of cloud resources where the traffic is processed closer to source. This approach caters to higher data rates, reduced latency, and massive device connectivity. IOT, 5G, augmented reality/virtual reality (AR/VR) and smart devices are primary drivers of edge cloud. It has also resulted in a decentralized cloud network and substantially increased attack surface. This talk will discuss some of security challenges on an edge cloud and emerging solutions for the same.
Engaging Policymakers in the Standards Ecosystem
Deepak Maheshwari, NortonLifeLock Inc.
With the ever-increasing digitization and digitalization across the socio-economic fabric, it is becoming important for the technologists and policymakers to appreciate each other's perspectives and concerns thereby leading to creation and adoption of robust technical standards by bodies like the IETF that would foster and enable an open, free and secure cyberspace.
This would go a long way in enhancing affordability, access, interoperability and assurance around safety and security. Last but not the least, instead of seeing objectives like privacy and security as contradictory in nature, harmony across the same should be developed in the interest of the larger public good.
IPv6 and TLS would be taken up as examples.
A Data Centric view of IoT
Prateep Misra, Kolkata
Industrial IoT systems present significant challenges to architects and designers. In this talk, we present the case for having a data centric approach to designing Industrial IoT systems. Each layer of an Industrial IoT system presents the opportunity to bring in some data oriented abstractions that simplify the design and help build the systems in a modular way. We also discuss various types of data intensive workloads that are common in Industrial IoT systems - including data integration, context driven data fusion and metadata management.
IOT evolution in Smart Homes
Venkatram Aurva, Hyderabad
IoT involves the interconnection of a large number of heterogeneous devices and networks. This talk focuses on the IOT Technologies for Smart Home e.g Zigbee, Zwave, Bluetooth mesh, BLE and Wi-Fi mesh. We will look at the interworking and compatibility aspects and IETF standardization efforts. The key challenges in Security, Safety, and Reliability of IOT networks. Enabling voice for IOT (Low power edge devices) using AI/ML. How voice technologies are changing the way humans interact with IOT devices. IOT Smarthome adaption in India and Global Markets including the key drivers of growth and challenges.
Scaling IoT systems & IoT startup deployment experience
Vinayak Hegde, Microsoft + Startup IoT teams from Gaia, Machine Sense & Mihup.
The talk will cover different aspects of scaling your IoT infrastructure using your own systems as well as building it using public cloud. The talk will also include direct presentations from various IoT startups discussing their problem space and deployment experience. Some of the IoT startups included are Gaia, Machine Sense, and Mihup.
Towards a flatter pyramid: A smarter application-layer for a better Internet
Abhijan Bhattacharyya, TCS
Traditionally the Internet has been driven by a stack of protocols with a clear distinction of responsibilities for each layer. Application layer has mostly remained agnostic about what is happening in the lower-stack and has depended on the lower layers for ensuring efficient end-to-end delivery. But, does that approach hold good to ensure the quality of experience demanded by emerging IoT and different Low-latency applications? Let's investigate and explore.
WiFi and TLS Cipher Suits and the Saga of RC4
Goutam Paul, Kolkata
IEEE 802.11 is a part of the IEEE 802 set of LAN protocols, and it specifies MAC and Physical layer protocols for implementing wireless LAN including but not limited to 2.4, 5, and 60 GHz frequency bands. These are the most widely used wireless network standards for domestic as well as office networks to allow laptops, printers, and smartphones to talk to each other and access the internet without wires. On the other hand, TLS, a successor of SSL, is an Application Layer cryptographic protocol designed to provide communications security over a computer network. Its several versions find usage in web browsers, email, instant messaging, and VoIP. Both these sets of protocols use specific cipher suits with some common members. In this talk, we will give a brief overview of these cipher suits and particularly highlight the rise and fall of RC4 algorithm, which has perhaps the simplest design possible and yet found the most popular applications in commercial domains.