SEKIYA laboratory is now working on the following topics.
Next Generation NSP Consortium
This consortium was established in 2014 and our laboratory is tightly involved in the activities. The goals of this consortium are
- designing the architecture for next generation network infrastructure,
- evaluating the technologies for software-defined infrastructure, and
- building the scalable architecture to support the network infrastructure.
Over 30 companies are joined the consortium and work for evaluating software-defined technologies and virtualization architecture for network services.
Distributed Cloud Computing
We are working on the fundamental and infrastructure technologies for Cloud Computing. Especially resource management, distributed filesystem, monitoring method, and network virtualization. Integrating these research, we construct and operate the real IaaS cloud, called “WIDE Cloud“. The testbed is IaaS cloud and distributed IaaS cloud connected universities and research organizations. The cloud is a testbed for new technologies and ideas with the actual user. Over hundred users are joined in the cloud and operate over 400 VMs. The project was originally supported by Ministry of Economy, Trade and Industry. The project is collaborated with NICT/JGN-X.
We have papers about resource management, distributed filesystem, and network virtualization.
Software Defined Networking (SDN)
We are working on SDN for management of data center networks, cloud networks and carrier networks. One of the most effective usages of SDN is a path control of carrier networks and enterprise networks. The project called “GINEW” is an Open Source SDN implementation developed with KEIO University and NICT. GINEW stands for “General Integrated Network Engineering Workbox”. The SDN framework can control VPLS path on several routers and provide GUI for users. Administrators and users can switch VPLS path easily and avoid conflictions of VPLS configs.
Network Security is an important keyword in the current Internet and mandatory for the Internet. We can observe DDoS attacks, spoofing attacks, and brute-force attacks every day. In this surrounding situations, NECOMA Project is started. It is a joint research project of EU and JP. We, SEKIYA lab, join the project from the Japanese side. The project is funded by Ministry of Internal Affairs and Communications.
NECOMA addresses the aspect of data collection, leveraging past and current work on the topic with the goal to expand these existing mechanisms and orient them towards threat data analysis.
Second, it addresses threat data analysis not only from the perspective of understanding attackers and vulnerabilities, but also from the point of view of the target and victim, needing to protect itself in real-time and in the most efficient manner possible; this will be achieved through the development of metrics that allow measuring the impact of attacks on the protected infrastructure or endpoint.
Third, it aims to develop and demonstrate new cyber defense mechanisms that leverage these metrics for deployment and evaluation.
These three aspects will be analyzed both from an infrastructure perspective (networks and large computing infrastructures) and endpoints (smartphones and browsers). The results of the NECOMA project will be showcased in demonstrators that will highlight the innovations of the project and prepare exploitation.
In order to protect DNS answers from spoofing and attacking DNSSEC is useful and important. However, DNSSEC is not easy to introduce into existing DNS environments. Operators should pay more costs for signing zones and managing keys. Moreover, the amount of traffic will grow when DNSSEC is introduced because the size of DNSSEC messages is bigger than no DNSSEC messages.
Before introducing and deploying DNSSEC into existing DNS servers, operators and administrators may want to evaluate the operational costs and estimate the growth of DNS traffic. On the other hand, there is no good tool and simulator to evaluate the effects of introducing DNSSEC into existing environments, so we would like to provide a DNSSEC simulation software for DNS operators and administrators. This is the motivation of starting this project. This project is funded by Grant-in-Aid for Scientific Research (C) by Japan Society for the Promotion of Science (JSPS)
The project has its project page and a demo movie uploaded on youtube.
Network Architecture, Operation, and Management
The network is an infrastructure for communications. It should be redundant and flexible for users. It also should be manageable and feasible for network administrators and operators. We are working on the automation of network management, monitoring, and troubleshooting. We positively join the events for testing interoperability of new network technologies such as InteropTokyo, and make feedback to network vendors and standards body such as IETF. We intend both of theoretical and practical research.
We also join in the operation and research of Internet Exchanges, called DIX-IE / NSPIXP-3. In these IXes, we try to collect real and practical statistical data and try to apply the data for research of DDoS mitigation.