An article from Networld World reads: Largest DDoS attack ever delivered by botnet of hijacked IoT devices details the recent event.
A 600+Gbps DDoS attack from IoT devices is truly remarkable. Moreover, it was not a reflection attack! The target was protected by Akamai, who had to drop them (it was hosted pro-bono) after a few days of sustained attack because it was costing too much.
There are a few elements that might make this event a game changer:
- from now on, people may want to always talk about security in IoT,
- it raises questions about protecting the little guy from DDoS, the customer here found a home at Google’s Project Shield, but obviously this is not scalable, and
- cloud protection from DDoS is not a general solution despite what cloud providers will have you believe.
To me such events bring to focus the weaknesses and fragility of the IP architecture. With billions of IoT devices projected in the future, even one packet/second (or even per minute) from a fraction of these devices would be enough to cause real damage. We all know about the code quality and ease of patching of IoT devices, this will not change.
Maybe Bruce Schneier’s near-apocalyptic thoughts are not too far off.
We recently published our annual report covering our activities from May 2015 through April 2016. For the entire report see http://named-data.net/wp-content/uploads/2016/06/ndn-ar2016.pdf:
V. Jacobson, J. Burke, L. Zhang, T. Abdelzaher, B. Zhang, k. claffy, P. Crowley, J. Halderman, C. Papadopoulos, and L. Wang, “Named Data Networking Next Phase (NDN-NP) Project May 2015 – April 2016 Annual Report”, Tech. rep., Named Data Networking (NDN), Jun 2016.
This report summarizes our accomplishments during the second year of the Named Data Networking Next Phase (NDN-NP) project (the 5th year of the overall project. This phase of the project focuses on deploying and evaluating the NDN architecture in four environments: building automation management systems, mobile health, multimedia real-time conferencing tools, and scientific data applications. Implementation and testing of pilot applications in these network environments further demonstrated our research progress in namespace design, trust management, and encryption-based access control. Highlights from this year include:
We recently published our annual report covering our activities from May 2014 through April 2015. We excerpt the executive summary here, for the entire report see http://named-data.net/wp-content/uploads/2015/06/ndn-ar2015.pdf:
The heart of the current Internet architecture is a simple, universal network layer (IP) which implements all the functionality necessary for global interconnectivity. This thin waist was the key enabler of the Internet’s explosive growth, but its design choice of naming communication endpoints is also the cause of many of today’s persistently unsolved problems. NDN retains the Internet’s hourglass architecture but evolves the thin waist to enable the creation of completely general distribution networks. The core element of this evolution is removing the restriction that packets can only name communication endpoints. As far as the network is concerned, the name in an NDN packet can name anything — an endpoint, a data chunk in a movie or a book, a command to turn on some lights, etc. This conceptually simple change allows NDN networks to use almost all of the Internet’s well-tested engineering properties to solve not only communication problems but also digital distribution and control problems.
Our first four years of NDN design and development efforts (which has a 4-month overlap with NDN-NP) tackled the challenge of turning this vision into an architectural framework capable of solving real problems. Our application-driven architecture development efforts force us to fill in architectural details, and most importantly, verify and shape the architectural direction. We translated our vision to a simple and elegant packet format design, a modular and extensible NDN forwarding daemon, and a set of libraries, including security support, to support application development. These achievements establish a platform that enabled us to tackle new application environments as we stated in the NDN-NP proposal: open mobile health applications, building automation and management systems, and multimedia applications. We achieved all our major milestones for the first year of the NDN-NP project. Highlights include: