Industrial Internet Federated Learning Driven by IoT Equipment ID and Blockchain

With the development of Internet of Things (IoT), 5G, and industrial technology, Industrial Internet has become an emerging research field. Due to the industrial specialty, higher requirements are put forward for time delay, safety, and stability of the identification analysis service. The traditional domain name system (DNS) cannot meet the requirements of industrial Internet because of the single form of identification subject and weak awareness of security protection. As a solution, this work applies blockchain and federated learning (FL) to the industrial Internet identification. Blockchain is a decentralized infrastructure widely used in digital encrypted currencies such as Bitcoin, which can make secure data storage and access possible. Federated learning protects terminal personal data privacy and can carry out efficient machine learning among multiple participants. The numerical results justify that our proposed federated learning and blockchain combination lays a strong foundation for the development of future industrial Internet.

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public large-scale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols’ performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.

Policy Question: Is a Sovereign Internet Feasible?

In 2019, Russia attempted to implement a long-term policy objective, to enable itself to cut the Russian Internet (RuNet) off from the rest, by blocking the flow of data through Internet Exchange Points at national borders. It claimed that a successful experiment had been carried out. This chapter looks at why this should happen and whether it is possible. The role of US interests, for instance in ICANN, is considered as a risk to Russian sovereignty, although American attempts to interfere with the Domain Name System would be counterproductive and unlikely to be successful. Attempts by Iran and Egypt to cut the Internet off are also discussed.

LEA-DNS: DNS Resolution Validity and Timeliness Guarantee Local Authentication Extension with Public Blockchain

While the Domain Name System (DNS) is an infrastructure of the current network, it still faces the problem of centralization and data authentication according to its concept and practice. Decentralized storage of domain names and user local verification using blockchain may be effective solutions. However, since the blockchain is an add-only type database, domain name changes will cause out of date records to still be correct when using the Simplified Payment Verification (SPV) mechanism locally. This paper mainly introduces Local Enhanced Authentication DNS (LEA-DNS), which allows domain names to be stored in public blockchain database to provide decentralization feature and is compatible with the existing DNS. It achieves the validity and timeliness of local domain name resolution results to ensure correct and up to date with the Merkle Mountain Range and RSA accumulator technologies. Experiments show that less than 3.052Kb is needed for each DNS request to be validated, while the validation time is negligible, and only 9.44Kb of data need to be stored locally by the web client. Its compatibility with the existing DNS system and the lightness of the validation protocols indicate that this is a system suitable for deployment widely.

Entropy-Based Evaluation of DNS Activity for Threat Hunting

The paper documents, based mainly on published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a mathematical approach for Cyber Threat Hunting using Domain Name System (DNS) observations. After referring to the various Advanced Persistent Threat (APT) hunting techniques we propose a high level, mainly, entropy-based technique for detecting the existence of various threat vectors in our networks, demystifying DNS Anomalies. Keywords: Domain Name System (DNS), Advanced Persistent Threat (APT) actors, Entropy, Anomaly Detection.