the registry of the future
play

The Registry of the Future Cristian Hesselman 1 , Giovane C. M. - PowerPoint PPT Presentation

Mar 20, 2024 •427 likes •578 views

The Registry of the Future Cristian Hesselman 1 , Giovane C. M. Moura 1 , Ricardo de O. Schmidt 2 , and Cees Toet 1 1: SIDN, the Netherlands 2: University of Twente, the Netherlands Key Concept: TLD Control Plane Modular system that enables

  1. The Registry of the Future Cristian Hesselman 1 , Giovane C. M. Moura 1 , Ricardo de O. Schmidt 2 , and Cees Toet 1 1: SIDN, the Netherlands 2: University of Twente, the Netherlands

  2. Key Concept: TLD Control Plane • Modular system that enables a registry to further increase the operational security and stability of its TLD by leveraging its key datasets (registrations, zone file, DNS queries) • Motivation: protect TLD users from increasing number of attacks (such as phishing, DDoS, and malware), thus increasing added value of the TLD • Approach: automatically share threat info with other players in the TLD (collaborative security) and adapt registry’s DNS anycast services more dynamically • Today: overview and illustrate what it takes to run a control plane, using .nl (the Netherlands) as a use case

  3. Required Functions TLD operator Privacy Extends standard Board registry func1ons privacy policies domain registra-on Tradi-onal DNS Services Control Plane transac-ons Registra-on (e.g., EPP) updates Registrant Registrar TLD players such as: Dashboard • Access providers, zone file • Hos-ng providers, specs reports • Registrars Reconfig Commands DNS Reconfigura-on DNS 2 Access Module (DRCM) DNS Provider PEP s t Clients a threats reports e r h t Resolver 1 End-user Threat Detec-on Modules (TDMs) DNS stats PEP threats Ext. Data Hos-ng stored data Sources Provider DNS traffic ENTRADA DNS anycast network (mul--node cluster) www.example.nl PEP = anycast name server = hos-ng plaPorm

  4. Required Functions TLD operator Privacy Board privacy policies domain registra-on Tradi-onal DNS Services Control Plane transac-ons Registra-on (e.g., EPP) updates Registrant Registrar TLD players such as: Dashboard • Access providers, zone file • Hos-ng providers, specs reports • Registrars Reconfig Commands DNS Reconfigura-on DNS 2 Access Module (DRCM) DNS Provider PEP s t Clients a threats reports e r h t Resolver 1 End-user Threat Detec-on Modules (TDMs) DNS stats PEP threats Ext. Data Hos-ng stored data Sources Provider DNS traffic ENTRADA DNS anycast network (mul--node cluster) www.example.nl PEP = anycast name server = hos-ng plaPorm Func%on 1: DNS traffic import, storage, and retrieval

  5. Required Functions TLD operator Privacy Board privacy policies domain registra-on Tradi-onal DNS Services Control Plane transac-ons Registra-on (e.g., EPP) updates Registrant Registrar TLD players such as: Dashboard • Access providers, zone file • Hos-ng providers, specs reports • Registrars Reconfig Commands DNS Reconfigura-on DNS 2 Access Module (DRCM) DNS Provider PEP s t Clients a threats reports e r h t Resolver 1 End-user Threat Detec-on Modules (TDMs) DNS stats PEP threats Ext. Data Hos-ng stored data Sources Provider DNS traffic ENTRADA DNS anycast network (mul--node cluster) www.example.nl PEP = anycast name server = hos-ng plaPorm Func%on 2: threat detec1on and automa1c sharing

  6. Required Functions TLD operator Privacy Board Func%on 3: DNS anycast privacy policies domain reconfigura1on registra-on Tradi-onal DNS Services Control Plane transac-ons Registra-on (e.g., EPP) updates Registrant Registrar TLD players such as: Dashboard • Access providers, zone file • Hos-ng providers, specs reports • Registrars Reconfig Commands DNS Reconfigura-on DNS 2 Access Module (DRCM) DNS Provider PEP s t Clients a threats reports e r h t Resolver 1 End-user Threat Detec-on Modules (TDMs) DNS stats PEP threats Ext. Data Hos-ng stored data Sources Provider DNS traffic ENTRADA DNS anycast network (mul--node cluster) www.example.nl PEP = anycast name server = hos-ng plaPorm

  7. Required Functions Func%on 4: TLD-level security and stability TLD operator Privacy visualiza1on Board privacy policies domain registra-on Tradi-onal DNS Services Control Plane transac-ons Registra-on (e.g., EPP) updates Registrant Registrar TLD players such as: Dashboard • Access providers, zone file • Hos-ng providers, specs reports • Registrars Reconfig Commands DNS Reconfigura-on DNS 2 Access Module (DRCM) DNS Provider PEP s t Clients a threats reports e r h t Resolver 1 End-user Threat Detec-on Modules (TDMs) DNS stats PEP threats Ext. Data Hos-ng stored data Sources Provider DNS traffic ENTRADA DNS anycast network (mul--node cluster) www.example.nl PEP = anycast name server = hos-ng plaPorm

  8. Required Functions TLD operator Privacy Board Func%on 5: privacy policies domain Privacy registra-on Tradi-onal DNS Services Control Plane protec1on transac-ons Registra-on (e.g., EPP) updates Registrant Registrar TLD players such as: Dashboard • Access providers, zone file • Hos-ng providers, specs reports • Registrars Reconfig Commands DNS Reconfigura-on DNS 2 Access Module (DRCM) DNS Provider PEP s t Clients a threats reports e r h t Resolver 1 End-user Threat Detec-on Modules (TDMs) DNS stats PEP threats Ext. Data Hos-ng stored data Sources Provider DNS traffic ENTRADA DNS anycast network (mul--node cluster) www.example.nl PEP = anycast name server = hos-ng plaPorm

  9. Function 1: ENTRADA (entrada.sidnlabs.nl)

  10. Function 2: Collaborative Security DNS/EPP interac1on User Threat intelligence flow user reports domain name lookup (DNS) no1fica1ons inves1ga1on Report Judicial Site Classifier Authori1es Operator Criminal inves1ga1on Technical no1fica1ons no1fica1ons opera1ons Resolver JTIE interac%es (index Registrar Registrant Operator = domeinnaam) registra1on updates registra1on updates Domain Hos1ng Classifier Provider no1fica1ons domain name lookup (DNS) DNS queries and responses (ENTRADA) DNS Name Servers

  11. Function 4: .nl Security Dashboard

  12. Next Steps • Flesh out TLD control plane functions through various collaborative research projects • Incrementally transition the control plane into production • Continue to share and discuss with the (technical) community • Longer term: fully distributed control plane • Running at different DNS operators • Distributed threat detection/analysis • Sharing threat info using standard formats • Taking different privacy regulations into account

  13. Follow us SIDN.nl Q&A @SIDN SIDN Presentation based on: C. Hesselman, G. Moura, R. de O. Schmidt, and C. Toet, "Increasing DNS Security and Stability through a Control Plane for Top-level Domain Operators" , IEEE Communications Magazine, Network and Service Management Series, January 2017 URL: https://www.sidnlabs.nl/downloads/papers-reports/ sidnlabs-commag.pdf

Recommend

Roadmap for Section 12.2. Registry Fundamentals Registry Structure Registry Limits Monitoring

Roadmap for Section 12.2. Registry Fundamentals Registry Structure Registry Limits Monitoring

Unit OS12: Scripting 12.2. The Registry Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 12.2. Registry Fundamentals Registry Structure Registry Limits Monitoring Registry

397 views • 19 slides
What is a Honeymoon Registry A Honeymoon Registry is a wedding gift registry experience for

What is a Honeymoon Registry A Honeymoon Registry is a wedding gift registry experience for

What is a Honeymoon Registry A Honeymoon Registry is a wedding gift registry experience for honeymoons and destination weddings. Our online Honeymoon Registry allows brides and grooms to list anything they want to do on their

547 views • 19 slides
Registry Principles GMTA March 15, 2017 Key Elements of Registry Principles Definition

Registry Principles GMTA March 15, 2017 Key Elements of Registry Principles Definition

Registry Principles GMTA March 15, 2017 Key Elements of Registry Principles Definition Objectives for a registry Threshold questions Data Governance Committee Well-balanced registry design Registry data use

415 views • 9 slides
TLD Registry Data an unstructured wander through the zoo Joe Abley Public Interest Registry

TLD Registry Data an unstructured wander through the zoo Joe Abley Public Interest Registry

TLD Registry Data an unstructured wander through the zoo Joe Abley Public Interest Registry AIMS-CAIDA Workshop San Diego, February 2020 What is a TLD Registry DNS Answer We publish the ORG zone in the DNS Highly

550 views • 18 slides
SYSTEM WHAT IS A REGISTRY? A registry is an organized system for the timely collection , storage ,

SYSTEM WHAT IS A REGISTRY? A registry is an organized system for the timely collection , storage ,

THE TEXAS TB REGISTRY SYSTEM WHAT IS A REGISTRY? A registry is an organized system for the timely collection , storage , retrieval , analysis , and dissemination of information on individual persons who have a particular disease, or a risk factor

811 views • 34 slides
http://registry.sf.net http://registry.sf.net Before We Start . . . FORGET ABOUT THE NAME

http://registry.sf.net http://registry.sf.net Before We Start . . . FORGET ABOUT THE NAME

Linux Registry Turning Linux into a Trully Integrated Operating Environment Avi Alkalay <avi@unix.sh> Avi Alkalay <avi@unix.sh> Linux, Open Standards Consultant http://registry.sf.net http://registry.sf.net Before We Start . . .

640 views • 34 slides
Registry for Performance Metrics draft-ietf-ippm-metric-registry-05 M. Bagnulo, B. Claise, P.

Registry for Performance Metrics draft-ietf-ippm-metric-registry-05 M. Bagnulo, B. Claise, P.

Registry for Performance Metrics draft-ietf-ippm-metric-registry-05 M. Bagnulo, B. Claise, P. Eardley, A. Morton, A. Akhter Registry Draft Updates 2 Goals and a recommendation: IANA creates and maintains according to process Define

367 views • 19 slides
The Artory Registry Blockchain for the Art World The Registry is the industrys first

The Artory Registry Blockchain for the Art World The Registry is the industrys first

The Artory Registry Blockchain for the Art World The Registry is the industrys first object-oriented, public database. Leveraging Ethereum blockchain, it tracks provenance and title, and distinguishes trusted from non- trusted data for the

567 views • 7 slides
and prospective registry study data in the EBMT registry Per Ljungman, MD, PhD For the

and prospective registry study data in the EBMT registry Per Ljungman, MD, PhD For the

The challenge of COVID-19 for HSCT; EBMT recommendations and prospective registry study data in the EBMT registry Per Ljungman, MD, PhD For the Infectious Diseases Working Party Disclosures None on this topic 2 What have been the EBMT

380 views • 23 slides
Medical Marijuana Registry August 15, 2018 Document 8 Presentation 2 of 17 Overview

Medical Marijuana Registry August 15, 2018 Document 8 Presentation 2 of 17 Overview

Document 8 Presentation 1 of 17 Medical Marijuana Registry August 15, 2018 Document 8 Presentation 2 of 17 Overview Marij uana in Colorado Registry s Role Functions of the Registry Foundation of the Registry

515 views • 17 slides
The case for a registry owning a registrar in its TLD Richard Tindal, SVP Registry eNom/ Demand

The case for a registry owning a registrar in its TLD Richard Tindal, SVP Registry eNom/ Demand

The case for a registry owning a registrar in its TLD Richard Tindal, SVP Registry eNom/ Demand Media What this debate is about: To simplify terminology lets call registries producers and registrars retail stores Were debating

357 views • 18 slides
National Breast Implant Registry Andrea Pusic, MD Co-Chair, National Breast Implant Registry

National Breast Implant Registry Andrea Pusic, MD Co-Chair, National Breast Implant Registry

National Breast Implant Registry Andrea Pusic, MD Co-Chair, National Breast Implant Registry Steering Committee MDEpiNet Annual Meeting October 2017 Single Sign Up Portal What is the National Breast Implant Registry? The Plastic Surgery

500 views • 11 slides
Directory Schema Registry its Concept, Implementation and Future First TERENA Task Force EMC2

Directory Schema Registry its Concept, Implementation and Future First TERENA Task Force EMC2

Directory Schema Registry its Concept, Implementation and Future First TERENA Task Force EMC2 Meeting, Amsterdam, 4. November 2004 Peter Gietz, DAASI International GmbH Peter.gietz@daasi.de AGENDA Motivation Project Plan Survey

236 views • 22 slides
Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members

Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members

GDPR and .AS Domain Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members meeting Who we are US Territory (Like Puerto Rico!) Located at 14d 1954 S / 170d 4241W 16,111 km from

250 views • 8 slides
Registry Trust - An Introduction- Who We Are Changing Operations Registry Trust The Original

Registry Trust - An Introduction- Who We Are Changing Operations Registry Trust The Original

Registry Trust - An Introduction- Who We Are Changing Operations Registry Trust The Original Register The Lord Chancellor in the early 1980s So rather than shut down the register, a non-profit Originally set up by parliament in 1852. The

592 views • 24 slides
The future of registries Jay Daley Dec 2006 1 The future of registries Only the start of the

The future of registries Jay Daley Dec 2006 1 The future of registries Only the start of the

The future of registries Jay Daley Dec 2006 1 The future of registries Only the start of the journey Change is coming New technologies all the time Always a registry opportunity Some will embrace this Some will be left

344 views • 23 slides
The case for a registry owning a registrar that sells its names Richard Tindal, SVP Registry

The case for a registry owning a registrar that sells its names Richard Tindal, SVP Registry

The case for a registry owning a registrar that sells its names Richard Tindal, SVP Registry eNom/Demand Media What this debate is about Were debating whether a manufacturer can own one of the retail stores that sells its product to the

375 views • 15 slides
Registry Artifacts Villanova University Department of Computing Sciences D. Justin Price

Registry Artifacts Villanova University Department of Computing Sciences D. Justin Price

Registry Artifacts Villanova University Department of Computing Sciences D. Justin Price Spring 2014 REGISTRY The registry is a central hierarchal database intended to store information that is necessary to configure the

979 views • 65 slides
New Local Internet Registry Webinar Learning and Development Overview The Internet Registry

New Local Internet Registry Webinar Learning and Development Overview The Internet Registry

New Local Internet Registry Webinar Learning and Development Overview The Internet Registry (IR) System RIPE and the RIPE NCC Tools Getting Resources 2 The Internet Registry System Section 1 The Internet Registry System 4

453 views • 42 slides
How it Works: TLD Registry Protocols Ed Lewis Steve Conte | ICANN 53 | 21 June 2015

How it Works: TLD Registry Protocols Ed Lewis Steve Conte | ICANN 53 | 21 June 2015

How it Works: TLD Registry Protocols Ed Lewis Steve Conte | ICANN 53 | 21 June 2015 Define and Focus | 3 What is a registry? Registry as defined by Merriam-Webster: "a place where

742 views • 57 slides
PedNet Registry W orkshop on registries EMA/ CHMP/ BPW P Rolf Ljung for the PedNet study group

PedNet Registry W orkshop on registries EMA/ CHMP/ BPW P Rolf Ljung for the PedNet study group

PedNet Registry W orkshop on registries EMA/ CHMP/ BPW P Rolf Ljung for the PedNet study group PedNet Registry 31 centers Europe, Canada and Israel 3 PedNet and Pednet registry PedNet started 1996 PedNet Registry started 2003

791 views • 25 slides
History of the MNA Registry 1991 to 2017 THE MNAA MEMBERSHIP REGISTRY Prior to 1991,

History of the MNA Registry 1991 to 2017 THE MNAA MEMBERSHIP REGISTRY Prior to 1991,

History of the MNA Registry 1991 to 2017 THE MNAA MEMBERSHIP REGISTRY Prior to 1991, membership applica3ons were taken at the M3s Local and Regional Council offices who issued membership cards to the applicants. In 1991, the MNA, under

230 views • 12 slides
National Rural Environmental Registry System Bangkok May 2017 GENERAL FRAMEWORK BRASILIAN LAND

National Rural Environmental Registry System Bangkok May 2017 GENERAL FRAMEWORK BRASILIAN LAND

National Rural Environmental Registry System Bangkok May 2017 GENERAL FRAMEWORK BRASILIAN LAND REGISTRY SISTEMS The implementation of an effective Cadastre (Registry) in Brazil is a historic challenge. The absence of this instrument

873 views • 75 slides
power station accreditation Contents > Why were making changes to the REC Registry > The

power station accreditation Contents > Why were making changes to the REC Registry > The

REC Registry changes for large- scale generation certificates and power station accreditation Contents > Why were making changes to the REC Registry > The changes: New LGC claims process > Enhancements to applications for

378 views • 17 slides

More recommend