This document discusses internet governance concepts, organizations, and cases. It begins by explaining that users see the internet as a simple "black box" and are unaware of its complex internal operations. It then defines internet governance and describes its multi-layered structure. Several key internet governance organizations are mentioned, including ICANN, RIRs, IETF, and others. The roles and responsibilities of these organizations in areas like technical standards, domain name management, IP address allocation, and more are also summarized.
12. 12
網路治理主要機構
Internet Governance
技術標準
Technical Standards
域名與統籌協調
ICANN
IP 位址 RIR
Regional Internet Registry
IAB
Internet Architecture Board
IETF
Internet Engineering Task Force
IRTF
Internet Research Task Force
ASO
Address Supporting Org
ccNSO
Country code Name Supporting
Org
gNSO
Generic Name Supporting Org
Verisign; Root DNS;
Root Zone; 註冊商
APNIC
TWNIC
ISP
W3C
World Wide Web Consortium
32. 32
Content vs. Carriage
Internet Governance
ü Who pays whom ?
ü The only reason why access
networks have clients is
because there are content
services that clients want to
access
ü To a carriage, content is just
another client
ü The content folk resolved this fight
by going OTT (Over The Top) and
created relationships directly with
end users
37. Transit and Public Policy
• If users don’t send packets to users any more
• If content is now delivered via CDNs to users via CDN service cone
• Then why do we need Transit Service Providers ?
• Once the CDN caches sit “inside” the access ISP then the entire wide
area network becomes a marginal activity compared to the value of
the content feeds
• If CDN feeder networks are private networks, there is little residual
public carriage other then last mile access networks, then what do we
mean by “public communication policy” ?
• Public policy : universal service; network neutrality; rights of access; market
dominance
• How about CDN operators ?
37Internet Governance
43. Cyber War Case - Afghanistan
• Two-way cyber war measures
• Cyber offensive capability
• Cyber dependence :
• Degree to which a nation relies upon cyber-controlled systems
• Cyber defensive capability
• “We have the most bandwidth running though our society and are more dependent on
that bandwidth. We are the most vulnerable.“ – former Admiral McConnell.
• Afghanistan 2001
• US had conducted a cyber war plan, but no targets for cyber warriors, that
gives Afghanistan an advantage.
• If Afghanistan had any offensive cyber capability, the cyber war would have
shifted in different way
43
44. Cyber War Case - China
• Offense vs. defense
• US has the most sophisticated offensive capability, but it can’t make up its
weaknesses in defensive position. Cyber defense trainings are offensive focus.
• China cyber warriors are tasked with both offense and defense in cyberspace.
• China advantages in cyber war
• Ownership : Internet in China is like an intranet of a company. Government is
the only service provider
• Censorship
• Great Firewall of China provides security advantages
• The technology that Chinese use to screen emails/message provide the infrastructure to
stop malware
• Install software on all computers to keep children from gaining access to pornography –
Give China control over every desktop in the country.
• Critical infrastructure: For electric power system, US relies on automation
controlled system, but China require a large degree of manual control.
44
45. Cyber War Strength
45
US
Cyber Offense: 8
Cyber Dependence : 2
Cyber Defense: 1
Total : 11
Russia
Cyber Offense: 7
Cyber Dependence : 5
Cyber Defense: 4
Total : 16
China
Cyber Offense: 5
Cyber Dependence : 4
Cyber Defense: 6
Total : 15
Iran
Cyber Offense: 4
Cyber Dependence : 5
Cyber Defense: 3
Total : 12
North Korea
Cyber Offense: 2
Cyber Dependence : 9
Cyber Defense: 7
Total : 18
Source:Richard Clarke,2010
46. DDoS vs. Cyberwar
46
Cyberwar initiated country Counterpart country
Internet DMZ
1. DDoS can only attack DMZ zone. DMZ was built for that purpose.
2. DDoS attacks are compelling. The targets can be easily identified. It
gives enemy an advantage of increasing defensive capability, or
relaxing cyber dependence.
57. Secure Communication : Technology
57
RFC 7457
Summarizing Known Attacks on TransportLayer Security (TLS)and
Datagram (DTLS)
RFC 2409 The Internet Key Exchange (IKE)
RFC 3526
More Modular Exponential(MODP) Diffie-Hellman groups for Internet Key
Exchange (IKE)
RFC 7258 PervasiveMonitoring Is an Attack
RFC 7525
Recommendations for SecureUseofTransport Layer Security (TLS)and
Datagram Transport Layer Security (DTLS)
RFC 4307
CryptographicAlgorithm for Usein the Internet Key ExchangeVersion 2
(IKEv2)
Remove support for DH1024
Proposed DH1024
Proposed DH 2048