Building Trust Improving Technical Security Strengthening the Internet

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA. NDSS is a premier academic research conference addressing a wide range of topics on network and system security. It’s an incubator for new, innovative ideas and research on the security and privacy of the Internet.

NDSS 2020 (23-26 February) will be one of the biggest NDSS symposium yet, featuring 88 peer-reviewed academic papers, 34 posters, 5 workshops, and 2 keynotes on vital and timely topics. Here are some of the highlights.


This year’s program officially starts with five workshops on Sunday, 23 February. NDSS workshops are organized around a single topic and provide an opportunity for greater dialogue between researchers and practitioners in the area.

The QUIC Privacy and Security (QUIPS) Workshop focuses on QUIC security and privacy analysis efforts. The IETF QUIC protocol is a modern UDP-based, stream-multiplexing, encrypted transport protocol. Inspired by prior art, QUIC’s packet and header encryption removes cleartext information from the network while simultaneously mitigating ossification of version-specific protocol behavior. The goal of the QUIPS workshop is to bring formal analysis results to the IETF working group and developer communities in order to build confidence in and improve QUIC before its widespread deployment.

The Workshop on Measurements, Attacks and Defenses for the Web (MADWeb) returns this year after making its debut in 2019. The web connects billions of devices, running numerous types of clients, and serves billions of users every day. To cope with such a widespread adoption, the web constantly changes. This is evident by some browsers that have a release cycle of just six weeks. These rapid changes are not always studied from a security perspective, resulting in new attack vectors that were never observed before. MADWeb is looking to connect researchers working at the intersection of browser evolution and web security. The goal is to bring together a community to discuss the rapid changes to browsers from a security perspective, the security implications of current web technologies, and how we can make browsers in the future more secure without hindering the evolution of the web.

The Learning from Authoritative Security Experiment Results (LASER) Workshop focuses on learning from and improving cybersecurity experimental results. The workshop strives to provide a highly interactive, collegial environment for discussing and learning from experimental methodologies, execution, and results. Ultimately, the workshop seeks to foster a dramatic change in the experimental paradigm for cybersecurity research, improving the overall quality and reporting of practiced science. As such, it will be structured as a true “workshop” in the sense that it will focus on discussions and interactions around the topic of experimental methodologies, execution, and results with the goal of encouraging improvements in experimental science in cybersecurity research. Authors will lead the group in a discussion of the experimental aspects of their respective efforts.

The Binary Analysis Research (BAR) Workshop returns for its third year at NDSS. Binary analysis refers to the process where humans and automated systems examine underlying code in software to discover, exploit, and defend against vulnerabilities. With the enormous and ever-increasing amount of software in the world today, formalized and automated methods of analysis are vital to improving security. This workshop will emphasize the importance of releasing and sharing artifacts that can be used to reproduce results in papers and can be used as a basis for further research and development.

The Workshop on Decentralized IoT Systems and Security (DISS) is also in its third year. The seemingly endless potential of the Internet of Things (IoT) is somewhat tempered by the ongoing concern over the ever-increasing risk that these devices pose to the Internet. The ultimate success of IoT depends on solving the underlying security and privacy challenges. Following the spirit of NDSS, the goal of this workshop is to bring together researchers and practitioners to analyze and discuss decentralized security in the IoT.


There will be two keynotes this year: Paul Forney, Chief Security Architect at Schneider Electric, on Monday, and Dr. Sharon Goldberg, Associate Professor in the Computer Science Department at Boston University and CEO/Co-Founder of Arwen, on Tuesday.

Paul Forney will discuss “Overcoming the ‘Evil Twins’ Attack: Lessons Learned from the Industrial Battlefield.” He asks the important question: “What could happen during a simultaneous attack of the industrial safety controllers (SIS) and Industrial Control Systems (ICS) of a critical infrastructure system?” Paul will discuss the technical lessons that can be learned from this sort of attack and how to best architect, protect, and contextualize a better future.

Dr. Sharon Goldberg will present “A Few Adventures in Technology Transfer.” This talk will discuss her adventures in technology transfer and in particular address two key metrics – ease of integration and precise specification.

NDSS 2020 Papers

The star and indeed the core of NDSS 2020 is the final set of peer-reviewed academic papers to be presented and published. This year there are 88 peer-reviewed papers organized into 19 sessions, representing less than 20% of the original submissions. This year there were over 500 submissions during both a summer and a fall submission period. A program committee of 97 experts assisted by 133 external reviewers worked to select and shepherd the accepted papers to this result. Topics cover a wide range including authentication, cryptography, censorship, network security, privacy, IoT, and mobile and web security. Papers, slides, and videos of all the talks will eventually be available on the NDSS 2020 programme page. The detailed agenda is already there!

Finally, NDSS 2020 also includes an energetic Poster Session and Reception featuring 34 posters of recently published or newly-emerging research. Attendees can vote for their favorites with special prizes being awarded in different categories.

All of this fabulous content takes a huge effort by a large group of people. Special note should be given to the Program Committee along with the Organizing Committee. This is teamwork and collaboration in action!

NDSS is where the next generation of security research starts, and for more than 20 years, the Internet Society has been a proud partner in hosting this event. Nearly 450 security experts will gather this coming week in San Diego to collaborate and engage in research discussion to help advance network and system security – all for the benefit of better security and a strong Internet.

Follow along via our social media channels – Twitter, Facebook, and LinkedIn, or search/post using #NDSS20.

See you in San Diego!

Building Trust Improving Technical Security Time Security

Time Synchronization, Security, and Trust

Time is something that is often overlooked or taken for granted, but the accuracy and reliability of time is critical to our lives and must be protected. Time is a core concept underlying nearly all physical and virtual systems. Distributed computer systems, key to many functions inherent in our daily lives, rely on accurate and reliable time, yet we rarely stop and think about how that time is constructed and represented. Accurate and reliable time is needed to determine when an event occurs, in what order a particular sequence of events occurs, or when to schedule an event that is to occur at a particular time in the future. Finally, and of particular interest to our trust agenda here at the Internet Society, quality reliable time is required for many of the security technologies that help provide trust for the Internet. It is a vital and often overlooked part of the Internet infrastructure.

Some specific examples where accurate reliable secure time information is vital include:

  • The finance sector where there are high demands on the time synchronization of business clocks in trading systems. This is especially true in the high frequency trading where a new EU legislation called Markets in Financial Instruments Directive (MiFID II) requires a timestamping granularity of 1 microsecond and a maximal divergence from Coordinated Universal Time (UTC) of 100 microseconds. Similar requirements are formulated by the US Securities and Exchange Commission (SEC Rule 613).
  • The power industry for control of devices in the energy transmission and distribution network along with components in substation automation networks. These devices provide information about voltage, current, and phase angle used to derive the current state of the electrical infrastructure, a critical piece of national infrastructure.
  • Various manufacturing industries for the synchronization of machine parts in motion control type processes, for instance in a rolling mill or for printing presses.
  • Virtually all distributed systems where synchronization of logging information enables error tracking and thus contributes to system stability and system integrity.
  • Internet security technologies rely on a crucial interdependent relationship between security mechanisms and time synchronization. For example, certificates, a key component of security solutions, are used to determine that numerous types of resources are identified securely and correctly. These solutions rely on accurate time of day to establish the validity of certificates. There is a stereotypical “chicken and egg” problem where accurate time is needed to establish the security mechanism (the certificate). In turn, you need the security mechanism (the certificate) to be valid in order to establish that the information exchanged for time synchronization purposes has not been corrupted. As more security mechanisms are being deployed, we are increasingly relying on certificates and, in turn, secure time.

Despite the vital nature of time, the protocols that have historically provided the time infrastructure that we rely upon have not adopted adequate security mechanisms. There are two primary protocols for the synchronization of time over packet based (IP) networks. The Network Time Protocol (NTP), defined primarily by RFC 5905, and the IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems (IEEE 1588). Both of these standards lack mechanisms to secure these protocols.

However, as threats against Internet infrastructure have increased, both the IETF and IEEE technical communities have been working to provide new security mechanisms to address this deficiency. Later today, I will be presenting an analysis ( of the emerging security solutions for both NTP and IEEE 1588 at the IEEE International Symposium of Precision Clock Synchronization (ISPCS). Slides are also available online at

Both of the IETF NTP working group and IEEE 1588 working group standards efforts described in the paper are open standards ( processes. Participation is open and comments and contributions are welcome!

Encryption IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 96: All Things Encryption

IETF 96 finds us back in Berlin still talking about how to strengthen the Internet by improving the deployment and use of encryption. For this installment of the IETF Rough Guide, I’m going to focus on the CrypTech workshop just prior to IETF 96 along with the ongoing work of the cfrg research group, and the curdle, tls, and uta Working Groups.

As I wrote about in a separate blog post, CrypTech ( is a project to create an open source hardware security module, and this week in Berlin was the unveiling of the alpha prototype device! A select group of alpha testers joined the core development team for two days of testing and analysis. The workshop was very successful with the general consensus being that CrypTech has arrived! There were a few bugs fixed and potential improvements identified, but as one of the participants stated, there was no grey smoke! All of the details of the workshop are available on the CrypTech wiki, including the presentations and a few pictures. Additional alpha testers are invited to participate. Alpha devices are available through Crowd Supply. Rumor has it that there will be opportunities to see the CrypTech hardware during the saag and cfrg sessions this week.

Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg,) continues to focus on use of cryptography for IETF protocols. Topics for this week’s meeting include Argon 2 and SESPAKE. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions. I’d also like to mention that there was an interim meeting of the CFRG on 12 May 2016, Eurocrypt 2016. Minutes of this meeting are available at:

Moving on to IETF working groups, the first one I’d like to mention is one that is not actually meeting in Berlin. The CURves, Deprecating and a Little more Encryption (CURDLE) working group is focusing on updating cryptographic mechanisms for existing IETF protocols. In particular, they are looking at the incorporation of the curves recommended by the cfrg earlier this year. While the group isn’t meeting physically at the IETF, there are a number of drafts under development including drafts for SSH, PKIX, X.509, DNSSEC, and CMS. There is also a draft from the JOSE working group that defines how to use cfrg curves for the JOSE specifications. The work to incorporate modern cryptographic algorithms in IETF protocols is making progress.

The Transport Layer Security (TLS) working group continues to work on an update to the TLS protocol. This is a very active working group with a plan to publish an update to TLS in 2016. This meeting will be devoted to resolving the open issues with the current specification as documented in the issue tracker. There will also be discussions on AES-OCM, TLS Client Puzzles, and TLS Blocking alerts if there is time remaining in the session. Along with the work to develop a new version of TLS are efforts to get TLS support incorporated into existing applications in the Using TLS in Applications (UTA) working group. This week the focus will continue to be on support for TLS in SMTP.

Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security related conversations ongoing in the IETF.

All in all, the work continues here at IETF 96 to make encryption more widespread and easier to deploy for a stronger Internet.

Related Meetings, Working Groups, and BOFs at IETF 95:

uta (Using TLS in Applications) WG
Tuesday, July 19, 2016, 16:20-18:20 CEST, Potsdam II

tls (Transport Layer Security) WG
Tuesday, 19 July, 2016, 10:00-12:30 CEST, Charlottenburg II/III

cfrg (Crypto Forum Research Group)
Wednesday, 20 July, 2016, 14:00 – 15:30 CEST, Potsdam III

saag (Security Area Advisory Group)
Thursday, 21 July 2016, 1400-1600 CEST, Potsdam III

Follow Us

There’s a lot going on in Berlin, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see