Abstract
Past Proceedings
Keynote
Welcome
Vinayak Hegde, President, IIESoc
Welcome
IETF
Fred Baker, USA
Fred Baker, who has been involved and worked in the IETF for years, will introduce the community, the organization, and their approach to the Internet. This will necessarily involve structure and cross-area activities, but will also discuss the group-think and objectives of IETF participants.
The IETF Security Area
Paul Wouters, RedHat, Canada
There are two dozen Working Groups in the Security Area. This talk will
give an overview of recently published RFCs and current draft documents
that are being discussed, such as TLS 1.3, TLS SNI, IPsec extensions and
updated and PostQuantum Cryptography.
IoT Track
Introduction
Krishnananda Shenoy, Infosys
Introduction to the IoT Track
IoT Landscape in IETF
Carsten Bormann, TZI, Germany
Interconnecting "things" with each other as well as the Internet is one of the most important technology trend. Carsten will first introduce the concept behind the internet of things and then give an overview of the various IoT related work that has been going on in the IETF in the recent past as well upcoming work.
Securing the IoT Networks: issues and possibly solutions.
Syam Madanapalli, NTT DATA Services, India
As world becomes more and more connected, the hackers are finding more ways to steal our data and threatening our lives. This slows the adoption of IoT in critical applications that involves humans lives such healthcare, industrial and other applications that involve remote control in the physical world. Securing IoT applications is different from cyber security of information systems and require a new thinking to come up with new Security Models. During this Talk, Syam will discuss the following:
- How the IoT Security is different from cyber security
- Why a new thinking is required to secure the Internet of Things
- The need for the ability to prosecute the hackers
- Design thinking and new models for securing the Internet of Things
- How IETF RFCs (related to IPSec, PKI, ACE WG etc.) would support these security models
State of compression in IoT Protocols
Rahul Arvind Jadhav, Huawei, India
In IoT, the networks and devices are more constrained than ever before, thus protocols are undergoing an overhaul to accommodate such needs. The talk presents, mostly the ongoing work in IETF, about various efforts to compress the protocols so as to reduce the network usage. Why RoHC was not the right candidate and the emergence of 6lo-over-foo standards, to the recent addition of SCHC (pronounced SCHIC) for LPWAN deployments. The protocols have undergone changes at different layers including networks (6lo adaptation) and applications (CoAP). I will present the rationale for introducing such changes and will specifically talk about:
1. RoHC and why it was not suited
2. 6lo-over-foo (6loWPAN, 6loBLE, 6loMSTP, 6loNFC) compression... The assumptions on the underlying L2. Best-case, worst-case compression efficiency.
3. Why 6lo was not good enough for LPWANs ? Introducing SCHC with its assumption set.
4. GHC (Generic Header Compression) and its use-cases
5. Control plane compression. Source routing header compression.
6.Compression of application payloads namely, HTTP to COAP, JSON to CBOR, use of SIDs etc.
Evolving IoT security and management standards for the enterprise
Elliot Lear, Cisco, Switzerland
Between the number of total devices and the number of types of devices that are being used by enterprises, in short order there will not be enough people on the Earth to administer them. New means of scale are required. In addition, other challenges face us. Do old assumptions, hold? We'll survey some of the emerging standards like Manufacturer Usage Descriptions and CoAP while examining some old ones, like DNS and NTP to have some sense of how they fit in the picture (if at all) when they are part of critical infrastructure.
SDN Track
Introduction
Sujay Gupta, IP Infusion
Introduction to the SDN track
SDN in IETF
Vishnu Pavan Beeram, Juniper, USA
This talk will give an overview of the work in the routing area of the IETF that is geared towards delivering tools and architectures to support SDN. The presentation will cover a range of technologies developed in the IETF that enable centralized control, network abstraction, programmatic interaction with the network, telemetry and intent-based provisioning.
Early Expierence sharing with Network Analytics
Vinod Kumar S, Huawei, India
Artificial intelligence is an important technical trend in the industry. With the advancements in SDN, it is also necessary to introduce artificial intelligence and network telemetry technology to achieve self-adjustment, self-optimization, self-recovery of the network through collection of huge data of network state (telemetry) and machine learning (ML). This talk with details the initial work done in this space and the role that IETF could play in this space.
Next-gen Network Telemetry is Within Your Packets: In-situ OAM
Shweta Bhandari, Cisco, India
While troubleshooting or planning, did you ever wish to get full insight into which paths *all* your packets take in your network or were you ever asked to prove that your traffic really follows the path you specified by service chaining or traffic engineering? We approach this problem by adding meta-data to *all* packets -In-situ OAM(IOAM). IOAM adds forwarding path information and other information/stats to every data packet - as opposed to relying on probe packets, which is the traditional method that tools like ping or traceroute use. IOAM information can either be accessed directly on the router or be available via Netflow. The session will introduce IOAM as a technology and discuss a series of use-cases and deployment scenarios, ranging from proving that all packets traverse a specific path and troubleshooting forwarding issues in networks which use ECMP, over simple approaches to deriving the network traffic matrix, or trend analysis on network parameters such as delay or packet loss, to using IOAM as a tool to optimize forwarding in your network. The technology discussion will be complemented by a set of demos (using Cisco's Vector-Packet-Processor OpenVPP, OpenDaylight Controller etc.) which showcase this new technology at work. We will discuss the status of this work at IETF.
Role of Telemetry and Analytics in SDN
Panel Discussion
Manav Bhatia, Nokia
Kalyana, Huawei
Vishnu Pavan Beeram, Juniper
Manjul Khandelwal, Nivetti Systems
​
​
Security Track
Impact of TLS1.3 on Enterprises
Darin Pettis & Steve Fenter, US Bank, USA
In this TLS 1.3 presentation we will initially talk about the deprecation of the RSA protocol which would cause many security and troubleshooting tools to go dark with encrypted traffic. Next we will speak of our challenges to retain visibility when RSA had been removed about three years earlier and wasn't going to return in TLS 1.3 We will outline the journey that we undertook to create a new technical visibility option. Followed by the very real need to garner adoption from the TLS Working Group along with the great insight we have received to make the proposed solution very strong. Finally, we will speak to the creation of EDCO (Enterprise Data Center Operators) to address a need for enterprise representation and involvement in new and evolving standards that we must abide by.
Stream Control Transmission Protocol and potential DDoS attack
V Anil Kumar, CSIR, India
​Stream Control Transmission Protocol (SCTP) is a general purpose and relatively new transport layer protocol with several unique features. We conduct an in-depth security analysis of closed-loop feedback operation of SCTP congestion control and present an attack scenario called feedback manipulation flooding attack (FMFA). We show that standard SCTP senders can be remotely exploited for generation of powerful and sustained Denial-of-Service attack flood by tactically manipulating feedback messages. To ascertain the attack feasibility and its potential impact, we simulate the FMFA scenario using network simulator (ns2). We also compare the feedback manipulation flooding attack with conventional brute-force flooding attacks and identify some of its exclusive characteristics. Further, we implement the FMFA attack scenario in Linux kernel and present real-world experimental results. We identify and analyze a fundamental design limitation in SCTP that leads to the above mentioned vulnerability and propose a novel acknowledgement generation scheme, called Data Enriched SACK (DESACK). We present the design and implementation details of DESACK.
Security Analytics
Dharmanandana Reddy, Huawei, India
Security attacks are becoming more prevalent as cyber attackers exploit system vulnerabilities for financial gain. Signature recognition and anomaly detection are the most common security detection techniques in use today. These techniques provide a strong defense. However, they fall short of detecting complicated or sophisticated attacks like Advanced Persisted Threats (APTs). To detect APTs, there is a need to analyze huge amount of data to detect suspicious user activity occurring in real time using security analytics by applying machine learning algorithms to multiple heterogeneous log sources. During this talk, Dharma will discuss the following:
- Why traditional security tools or current security systems can't handle emerging security threats?
- Why do we need security analytics?
- New security techniques and approaches offering intelligent and holistic security analytics
- Need of IETF standards to support security analytics
Certificate Validation in TLS: Challenges and Emerging Trends
Dr. Balaji Rajendran, C-DAC, India
TLS Certificates are heavily relied upon for establishing trust between a server and a client browser (user). The process of validation carried out by browsers have been increasing in complexity over a period of time. This talk will capture topics including complexities in certificate validation, attacks and exploits on CAs, emerging trends ranging from TLSA (DANE) to Blockchain etc.
Apps Track
Making the Web Conversational: How Web Protocols Have Evolved to Support Modern Web Applications
Vipul Mathur, NetApp, India
The nature of the Web has gone from retrieving individual HTML pages in a request-response manner to fully conversational streaming data applications. This talk aims to take a look back at how Web protocols have evolved over the years to accommodate and enable these changes. We will look at how HTTP long polling, streaming, server-sent events, and particularly the WebSocket protocol address the demands of modern applications. We'll take a closer look at the WebSocket protocol (RFC6455) to understand why it has become the protocol behind most conversational, bi-directional, streaming applications built on the Web infrastructure today.
HTTP/2 - Making the web faster, scalable and secure
Vinayak Hegde, Zoomcar, India
HTTP/2 is the newest revision of the very popular HTTP protocol. The talk will look at drawbacks of HTTP/1.1 and the design considerations of HTTP/2 which solves those issues. Among the newer ideas in HTTP2 is the concept of header compression using HPACK algorithm, Push_promise to speed up page rendering, ALPN (to reduce the encrypted channel setup), the concepts of streams and frames to allow multiplexing over the same connections. The talk will go into each of these in detail.
Localisation: Current standards and challenges.
Panel Discussion
Ramakrishna Reddy Yekulla (Ramky), RedHat
Vivek Pani, Reverie Language Technologies
Carsten Bormann, TZI
