亚洲AV

Important Internet security service now housed in the Mason College of Engineering and Computing

In This Story

People Mentioned in This Story
Body

September 6, 2022

This fall, 亚洲AV will become the new home of one of the Internet's venerable monitoring and measurement services: the Domain Name System Security Extensions (DNSSEC) Deployment Maps. This service plays a prominent role in chronicling the evolution of a critical part of Internet security and has been under the stewardship of the Internet Society (ISOC) since 2014. The maps were originally developed by Shinkuro, Inc. with sponsorship by the Department of Homeland Security (DHS). The transition to Mason is being facilitated with sponsorship from the Internet Society, The Internet Corporation for Assigned Names and Numbers (ICANN), and Verisign, Inc.

, Assistant Professor in the Mason Department of Computer Science in the College of Engineering and Computing, has been instrumental in bringing the deployment maps to Mason, reaching an agreement to host it at Mason鈥檚 Center for Assurance Research and Engineering (CARE, directed by J.P. Auffret) and the Measurable Security Lab (MSL) in the Computer Science department.聽鈥淲e are excited to provide a new home for this important activity,鈥 Osterweil says. 鈥淧eople all over the world access the deployment maps and will now associate them with Mason.鈥澛犅

The deployment maps service tracks how DNSSEC has been deployed worldwide for top-level domains and has been a staple of the Internet security community for years.聽With almost 17 years of deployment, the maps database is fertile ground for conducting basic research and connecting students with real operational cybersecurity issues. Osterweil notes that the security DNSSEC provides to Internet users is incredibly essential, even if in the background. 鈥淭he average person will never know about DNSSEC. It鈥檚 a lot like saying, 鈥榃hat鈥檚 the formula of the asphalt I drive on?鈥 It鈥檚 really important, but not important that I have any idea about it.鈥

DNS is the Internet鈥檚 de facto name-mapping system, translating domain names (like gmu.edu) into IP addresses and other identifiers. However, data from the DNS is not inherently secure, as 鈥渢he IP address of a DNS response can be easily forged, or spoofed,鈥 according to ICANN. DNSSEC enhances DNS with authentication protections, using public-key cryptography, so users can be confident that website visits and emails connect them to entities they want to reach. DNSSEC prevents attacks like cache poisoning and domain redirection, which can result in fraud, malware distribution, and theft of personal, confidential information.

鈥淚nternet administrators and researchers anywhere in the world receive weekly email summaries of the current DNSSEC deployment. New services will be added when the system is fully transitioned to George Mason,鈥 says Osterweil. The maps are used by the Internet operations, standards, and policy communities as a resource for the current (and past) state of deployment. 鈥淲e really want to take the deployment maps service and evolve it into an observatory for this critical infrastructure.鈥 As part of the transition to Mason, Osterweil is establishing an external advisory board, composed of industry stalwarts and chaired by Stephen Crocker (an inductee into the Internet Hall of Fame, author/editor of RFC 1, and founding chair of the ICANN Security and Stability Advisory Committee, SSAC), to help steer and evolve the service.聽With their cooperation, the deployment maps will be evolved and integrated into a new holistic Internet Namespace Security Observatory in CARE at Mason.

鈥淲e are glad that 亚洲AV is taking on this important work,鈥 said Dan York, director of online content at the Internet Society. 鈥淭he maps have been a useful way to track the state of DNSSEC聽deployment over many years. We look forward to seeing how GMU evolves and improves the maps further.鈥

Osterweil is in talks with multiple industry partners and traditional sources to help support research using the Deployment Maps. Further, he is planning to leverage the service for its research value and use it to enhance teaching, as well as a hands-on experience for student researchers.聽聽鈥淎nalyses of historical datasets of critical infrastructure like DNSSEC are critical in understanding large-scale events and behaviors.聽 The Internet Namespace Security Observatory will synthesize measurable properties of Internet naming systems (such as DNS, DNSSEC, DANE records, etc.) and provide measurable telemetry to evaluate how well dependent systems, protocols, and users are able to validate security protections.鈥

Osterweil and colleagues announced the transition of the maps publicly at the ICANN鈥檚 74 meeting in The Hague, Netherlands in June.

Founded in 1992 by Internet pioneers, the y is a global non-profit organization working to ensure聽the Internet remains a force for good for everyone. Through its community of members, special interest groups, and 130+ chapters around the world, the organization promotes Internet policies, standards, and protocols that keep the Internet open, globally-connected, and secure.聽

The is a fast-growing force for innovation in technology and education. The college boasts over 10,000 students in two schools, 37聽undergraduate, master's, and doctoral degree programs, including several first-in-the-nation offerings. As part of a nationally ranked research university, its research teams earned more than $61聽million in sponsored research awards in the last 12 months. Located in the heart of Northern Virginia's technology corridor, the college stands out for its focus on emerging areas including big聽data, cybersecurity, healthcare technology, robotics and autonomous systems, artificial intelligence and machine learning, signals and communications, and sustainable infrastructure.

mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address 鈥 a name or a number 鈥 into your computer or another device. That address must be unique so computers know where to find each other.聽ICANN聽helps coordinate and support these unique identifiers across the world.聽ICANN was formed in 1998 as a nonprofit public benefit corporation with a community of participants from all over the world.

, a global provider of domain name registry services and Internet infrastructure, enables Internet navigation for many of the world鈥檚 most recognized domain names.聽Verisign聽enables the security, stability, and resiliency of key Internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global Internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. To learn more about what it means to be Powered by Verisign, please visit verisign.com.