News

EC publishes study on Next Generation Internet 2025 2018/10/05

Bob Goudriaan successor of Marc Gauw 2017/10/12

NLnet Labs' Jaap Akkerhuis inducted in Internet Hall of Fame 2017/09/19

NLnet and Gartner to write vision for EC's Next Generation Internet initiative 2017/04/12

Dutch Ministry of Economic Affairs donates 0.5 million to "Internet Hardening Fund" 2016/12/16

Vietsch Foundation and NLnet cooperate in internet R&D for research and education 2016/09/28

  Help grow the future. Donate

Internet Infrastructure

ARPA2

The ARPA2 project is an ambitious attempt to make the internet work the way we all expect it to work: a distributed, secure and private infrastructure that serves as a solid basis for a global information society. The internet brought so many advantages that it grew explosively, but that unprecedented growth of an experimental infrastructure that had many (and sometimes intentional) fundamental weaknesses - in terms of e.g. scalability and more importantly of security - resulted in an ossified network that has a lot of technical debt accumulated. It takes a concerted effort to fix these holes and bring secure internet technologies towards real end-users and deep into the infrastructure where many important upgrades are waiting for adoption.

Atom-Based Routing -- Improving global internet routing

Atom-Based Routing aims at significantly reducing the growth of BGP table size and updates, in particular in the internet backbone, through the use of BGP policy atoms. The intent is to devise a routing protocol (or adapt a routing protocol such as BGP) which makes use of atoms to achieve a protocol of lower complexity.

BIND DLZ -- BIND Dynamically Loadable Zones

BIND DLZ allows DNS data to be modified without interrupting the DNS server's normal operation. It accomplishes this by moving DNS data out of BIND's in memory database into an external database. BIND DLZ works with a large variety of databases and has made flexibility a priority in its design. Additionally, BIND DLZ makes available an API which can be used to create custom drivers to access nearly any database, or provide other functionality such as DNS load balancing.

Bricophone -- The Bricophone Project

The Bricophone is a community-oriented mobile phone infrastructure in Open Source. It is a low cost, low energy, open hardware, open source project built for communities up to ten thousand people within regional distances. The characteristic of the Bricophone infrastructure is that it does not require any static infrastructure like relays, antennas, or digital data centers. This provides the opportunity for special uses in poor communities, mass rescueing in disastered areas, and cultural and social activities like festivals and other mass events.

CeroWRT -- Cake implementation in CeroWRT

This project aims to be a reference implementation of the Comprehensive Queue Management Made Easy (CAKE) project based on CeroWrt, the experimental firmware aiming to push forward the state of the art of edge networks and routers.

Cryptech.is

Cryptech.is is a project that want to design an open-source hardware cryptographic engine that can be built by anyone from public hardware specifications and open-source firmware. Anyone can then operate it without fees of any kind.

CuteHIP

The project of the Helsinki Institute for Information Technology (HIIT) will create a lightweight implementation of Host Identity Protocol (HIP) on Java.

Existing HIP implementations have been evolving since 2004 and became complex and hard to maintain and use. There is a need for new simple implementation of RFC5201-5202 that is cross-platform (not bound to any Operating System) and not limited to run on any vendor hardware. The project will make CuteHIP implementation using Java. It will be based on SourceForge open repository for public access and contributions.

Although there are more open-source HIP implementations (HIPL, OpenHIP, Hip4inter.net), those are limited to certain platforms like Linux; no implementation is written on Java yet. The CuteHIP implementation shall be interoperable with existing implementations but shall be new and hence free of accumulated bugs.

DNSCCM -- NSCP for BIND and NSD

There is a clear need for a common DNS(SEC) name server management and control system. DNS is such a vital part of any organization's network infrastructure that it is common to run multiple different DNS implementations. However, each implementation has its own distinctive configuration and control utilities. A common interface should greatly simplify management of diverse infrastructures.

In 2007, the IETF working group determined there was a need for standardized management of nameservers for DNS and in 2011 the requirements draft addressing this got accepted as RFC6168. An IEFT draft is under development, which proposes a Nameserver Control Protocol (NSCP) to meet these requirements.

The primary focus of this prokect is to develop an implementation of NSCP for current releases of BIND and NSD, the most widely used open source authoritative nameservers.

Dowse

Dowse is a smart digital network appliance for home based local area networks (LAN), but also small and medium business offices, that makes it possible to connect objects and people in a friendly, conscious and responsible manner.

eduVPN -- eduVPN

eduVPN is an effort to make VPN technology commonly available, by building better and more user-friendly tools to connect to trusted parts of the internet.

Fairwaves

Fairwaves project is aiming at removing one more obstacles on the way to cheap and ubiquitous wireless networks --absence of free (open source), yet production quality building blocks for wireless equipment. There are plenty of expensive proprietary solutions you can use for coding.

Fairwaves is set to develop an Open Source framework for PHY and MAC levels of wireless protocols which will allow "free as in beer" development. It should foster innovation in the wireless communications and allow more projects like OpenBTS and Opendigitalradio to emerge.

FTEproxy -- Format-Transforming Encryption

fteproxy provides transport-layer protection to resist keyword filtering, censorship and discriminatory routing policies. Its job is to relay datastreams, such as web browsing traffic, by encoding streams as messages that match a user-specified regular expression.

getdns -- getdns - A reliable DNSSEC providing stub resolver

Encrypted communication between two random end points on the internet cannot happen without additional infrastructure through which security parameters are exchanged. The getdns library is an modern asynchronous DNS library for application developers, with an API vetted by application developers. getdns has especially good stub-resolving capabilities, and has been developed alongside and in close co-operation with recent standards for stub resolving; such as DNS over TLS (RFC7858), and acquiring DNSSEC at stub resolving level (DNSSEC roadblock avoidance - RFC8027).

GISS -- Global Independent Streaming Support

G.I.S.S. is an international network of free media activists, joining to build an infrastructure for free media experiences, radios and televisions like the Horitzo TV project (Spanish) in Barcelona. More concretely, right now the G.I.S.S. is an infrastructure with different components and tools for setting up an independent radio or TV channel easily.

New work to be done in the course of the project focuses on the following aspects:

  • Improvement of the topology of the network: currently all transmissions are passing through a main server and the upload to that server is saturated, so we should introduce new main servers and rebuild the architecture of the servers.
  • Development of a specific version of icecast: for now the version we use lacks some essential features for us like the encryption of IPs (anonymizing like requested by the Indymedia network), a more specific load-balancing mechanism (using the instant load of each server) and more complementary features regarding the master/slave configuration.
  • The live CD is in a usable state, but it should be improved to include more audio-visual and streaminig tools, like Cinelerra, free, gstreamer and other useful tool for video editing and broadcasting.
  • Another component of the system is a kind of 'mediabase' archive tool, similar to you-tube but using only free software and Ogg/Theora format. Although a prototype already exists, it should be improved and be customizable for every user. The new GPL package will be called 'Distributed Multimedia Database System' (DMDBS).
  • Most of our activities are located in Europe and South America, we would like to extend that network to other countries (India, Bolivia, Morocco). We already have some contacts to organize some workshops there.
IIDS -- Interactive Intelligent Distributed Systems

The IIDS research group at the Technical University of Delft (TUDelft) initially started as an NLnet initiative in 2000 at the Vrije Universiteit Amsterdam.

The group's research focuses on management of large-scale interactive distributed systems, in particular on mobile agent systems. Self-management is the ultimate goal. The AgentScape framework, services, applications, and analyses of legal implications of the use of agent systems, are all factors to increase the potential of this new technology.

ISC BIND 9 -- Development of BIND 9

BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System.

The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization's naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service.

iuh-openbsc -- Iuh support in OpenBSC

OpenBSC is a project aiming to create a Free Software, (A)GPL-licensed software implementations for the GSM/3GPP protocol stacks and elements. OpenBSC was created by the Osmocom project, a not-for-profit, community-driven project creating various FOSS projects related to mobile communications.

OpenBSC is not just a standard BSC, but a GSM network in a box software, implementing the minimal necessary parts to build a small, self-contained GSM network.

OpenBSC includes functionality normally performed by the following components of a GSM network: BSC (Base Station Controller), MSC (Mobile Switching Center), HLR (Home Location Register), AuC (Authentication Center), VLR (Visitor Location Register), EIR (Equipment Identity Register).

Koruza

KORUZA is an innovative open-source open-hardware wireless communication system, employing a new low-cost approach to designing free-space optical network systems, enabling building-to-building connectivity with a highly collimated light beam at a capacity of 1 Gbps (1000 Mbps) at distances up to 100 m. It is designed to be suitable for home as well as professional users, enabling organic bottom-up growth of networks by eliminating the need for wired fiber connections and associated high installation costs. The simplicity of use, low-cost and compact size allow the system to be deployed in any network.

LOAP -- The DNS: Life of a Protocol

"The DNS: Life of a Protocol" is the working title for a new project by Carl Malamud. This technopolitical analysis of the Internet from the viewpoint of the life of one protocol attempts to provide some insight into both technology and politics.

Magic Wormhole -- Magic Wormhole + SPAKE2

SPAKE2 is a modern academic password-authenticated key exchange mechanism, originally designed by two security researchers from Ecole Normale Superieure (read the paper [ local copy ]. It allows to set up an ad hoc encrypted channel between two users that share a combination of words in real-time. Magic Wormhole is an open source implementation of SPAKE2 (both client and server) by Brian Warner, one of the founders of the TAHOE-LAFS.

Meshtool

This project aims to advance open mesh technology by providing the communities behind these networks with a comprehensive toolkit to build and maintain their networks.

Meshtool aims to assist in mesh network monitoring, administration and research. It is designed to aggregating multiple data sources into useful 2D/3D geographic map overlays, provide remote node management and facilitate the use of live mesh segments as protocol testbeds.

Mesh DB (or simply Mdb), provides the data-layer implementation for this task. Mdb aims to make it easier for mesh communities to share data, exposing it through a generic web-based API. This provides a framework against which portable mesh community applications may be developed and shared, much like OpenSocial.

Namecoin

Namecoin is a blockchain project that provides a decentralized naming system and trust anchor. Its flagship use-case is a decentralized top-level domain (TLD) which is the cornerstone of a domain name system that is resistant to hijacking and censorship. Among other things, this provides a decentralized trust anchor for Public Key Infrastructure that does not require third party trust. It operates independent from the DNSSEC root trust chain, and can thus offer additional security under some circumstances.

nat64 -- Open source IPv4-IPv6 translation gateway

IPv4 and IPv6 networks are incompatible. The IETF recommendation has usually been to rely on dual-stack deployment: have both networks coexist until IPv6 takes over Ipv4. However, IPv6 growth has been much slower than anticipated. Therefore, new IPv6-only deployments face an interesting challenge communicating with the predominantly IPv4-only rest of the world. A similar problem is encountered when legacy IPv4-only devices will need to reach the IPv6 Internet. This project is about implementing an open-source NAT64 gateway to run on open-source operating systems such as Linux and BSD.

The NAT64 Open Source implementation would benefit the engineering of the solution as well as providing initial implementation feedback. Moreover, an Open Source implementation will become the reference for the whole community, such as end users, network administrators, and protocol designers. Users will finally be able to deploy IPv6 connectivity without fear of being cut off from the rest of the Internet.

In many situations, dual-stack deployment is not possible. For these cases, a gateway such as the proposed one is needed. It will enable completely new deployments, and users will automatically benefit. Moreover, an Open Source implementation will empower users by giving them access to the source code and letting them customize the gateway to accommodate new scenarios.

The implementation will target both Linux and BSD (FreeBSD, NetBSD, OpenBSD). It will be portable to other POSIX systems. DNS ALG functionality will be added to Bind and Unbound. A patch will be produced and submitted to the Bind project and to the Unbound project for inclusion in their main distributions. IPv4/IPv6 translation functionality will be added to the Linux and BSD kernels.

NetEventKit -- Network Event Kit

The Network Event Kit (NEK) is a kit allowing to quickly and cheaply build a network for various types of events. This kit will offer both cabled and over-the-air infrastructure.

Besides to building an Open Source Network Event Kit, the purpose is to gain knowlegde and experience in a practial setup that has value for Open communities.

nftables

nftables is the intended successor of the popular iptables, providing a new modular packet filtering framework e.g. for operating systems based on the popular Linux kernel. Besides a modular code base that is better suited for modern multiprotocol networking environments, the nftables project aims to introduce powerful new userspace tools which will allow users to dynamically perform packet filtering on custom protocols (including but not limited to new proposed internet standards as defined by the Internet Engineering Task Force). Existing packet filtering solutions would require a recompiled kernel module in the same situation. The end result is that users will have more autonomy on what gets filtered and how, which make them less dependent on the technical choices of vendors and communities. The nftables project has been accepted in Linux mainstream kernel.

nftables-xfrm -- nftables-xfrm

The project entails rewriting nftables (which is a subsystem of the Linux kernel responsible for packet filtering and classification) to make it easier to combine with xfrm (which is the common framework to work with IPSec in Linux). IPsec was originally developed in conjunction with IPv6 but is just as often used with IPv4 as well. IPSEC encrypts traffic, providing key features absent in the regular IP layer - like data integrity, data origin authentication and confidentiality. The project is expected to make an important contribution to improving the IPSEC capabilities, usability, speed and robustness in many systems.

NLnet Labs -- Foundation Stichting NLnet Labs

NLnet Labs was founded in 1999 by Stichting NLnet to develop, implement, evaluate, and promote new protocols and applications for the Internet. Its activities are focused on topics directly relating to the Internet's infrastructure, such as DNS, DNSsec, IPv6, and routing.

Nodewatcher

Project aimed at creating a wireless network node management system that can be used to manage and update large amounts of nodes in wireless networks such as community networks.

OpenBTS-HW -- OpenBTS hardware

This project is a part of a bigger effort to create a completely open GSM network, from a low level hardware to high level software.

The network is intended to be built with open-source software, such as OpenBTS, OpenBSC, FreeSwitch, Linux, etc. The hardware part of the project is more complex, because to date there is no open hardware for GSM base-stations.

As a practical implementation this will set up completely open network providing affordable mobile service to people from Mayotte island.

OSLD

Wireless communication technology is mostly proprietary, despite that we are using it every day. The mission of the Open-Source LTE Deployment (OSLD) project is promoting open-source radios, to get more people involved in developing software to create modern wireless communications systems.

The project will develop an open-source LTE (Long Term Evolution, an 4G radio standard) library and tools for building sophisticated radios at low cost. LTE provides bandwidth on demand for different amounts of speeds and so improving the quality of service to people on the move.

Available LTE processing chains are either proprietary or unsuitable for commercial products. This project will therefore use the open-source SDR framework ALOE. The primary objective of this OSLD project is promoting open-source SDRs and shared development of software for wireless communications systems. Specificly, the project will develop a modular LTE library for mobile terminals and base stations as well as improve the accessibility of ALOE for building sophisticated radio systems at low cost. Both, ALOE and the open-source LTE library, will leverage open-source R&D, complement university labs, facilitate and encourage shared development, and be a solid basis for innovation and commercialization.

The expected project products are:

  • modular, open-source LTE library for building base stations and mobile terminals on a cluster of general-purpose processors,
  • new ALOE release and improved accessibility for shared development,
  • user guides, installation manuals, frequently asked questions,
  • renewed FlexNets web site containing OSLD section, virtual support office, collaborations, and commercial interest for ALOE and LTE library.
Palea

Palea is a tool to help discover if devices on your (secured and firewalled) network are also unknowingly connected to unknown other networks that would facilitate attacks and information leaks to the outside. Such an unknown network could for instance be a known device on your trusted network that also has a USB dongle in it connected to the open internet over GSM/2G/3G/xG.

By spoofing packets, Palea can be used to trick systems into exposing their connections to the internet. Palea can be run 24/7 on your network to also discover temporary connections.

RaptorJIT

RaptorJIT is a fork of LuaJIT focused on predictably high performance. RaptorJIT takes a quantitive approach to performance. The value of an optimization must be demonstrated with a reproducible benchmark. Optimizations that are not demonstrably beneficial on recent CPU generations are removed. RaptorJIT was initially developed by the team behind Snabb Switch.

RPKI-RTRlib -- RPKI/RTRlib

The Resource Public Key Infrastructure (RPKI) is a component of secure interdomain routing and has recently been standardized in the IETF SIDR group (RFCs 6810/6811). RPKI is currently being rolled out, and is a significant and necessary step towards fully protecting BGP.

However, the mechanism does incur additional load at BGP routers. In order to reduce that load, RPKI objects can be fetched and cryptographically validated by cache servers. The RPKI/RTR protocol defines a standard mechanism to maintain the exchange of valid RPKI data between cache server and router. RTRlib is one of the two open source reference implementation of RTR, originally created by researchers from the Computer Systems & Telematics group at Freie Universität Berlin and reseachers from the INET research group at Hamburg University of Applied Sciences, under the supervision of dr. Matthias Wählisch and Thomas Schmidt.

The RTRlib is a real-time capable, open-source (MIT licensed) C library that implements the RPKI router part. Basically, it fetches data from an RPKI cache server and allows for prefix origin validation as well as initial steps of BGP path validation (draft 6810bis). The RTRlib can serve as the backend for BGP daemons and monitoring tools in real-world operations, as well as user guidance.

SCTP-Linux -- SCTP on Linux

The Internet transport layer has been extremely rigid since its inception. The very diverse requirements of today’s applications are mapped to only two services, provided by the two protocols that are broadly available, TCP and UDP.

The Stream Control Transmission Protocol (SCTP) offers promising benefits to applications, but faces significant deployment problems. One of these problems is certainly related to shortcomings of its Linux implementation ("LKSCTP"), which cause it to perform much worse than TCP under most circumstances. It is obvious that, for SCTP to be an attractive option for application designers, it should always perform at least as good as TCP.

The two most important TCP features that are not required according to the standard are missing in LKSCTP: auto-buffer tuning and pluggable congestion control. In this project:

  1. Auto-buffer tuning will be added to SCTP.
  2. Work towards adding pluggable congestion control will be carried out.
  3. An investigation of other, less significant differences between TCP and SCTP in Linux will be carried out.
SDR PHY -- SDR PHY for Osmocom BB

SDR (Software Defined Radio) allows for a low cost setup to serve a wide variety of changing radio protocols in real time. SDR is gaining popularity in the world of Open Source mobile communications. Thanks to the work of projects like Osmocom and OpenBTS, it is already possible to run a custom GSM network using Open Source software. Moreover, there is a few Open Source projects for LTE, such as OpenLTE, srsLTE and OpenAirInterface. However up to now there was no software defined GSM mobile phone. The "SDR PHY for Osmocom BB" project aims to fill this void. The project is focused on the client side of GSM protocol stack, and bridging the gap between existing GSM stack implementation project and SDR hardware.

Serval

Communicate anywhere, any time ... without infrastructure, without mobile towers, without satellites, without wifi hotspots, and without carriers. Use existing off-the-shelf mobile cell phone handsets.

Serval enables mobile communications no matter what your circumstance: mobile communications in the face of disaster, in the face of poverty, in the face of isolation, in the face of civil unrest, or in the face of network black-spots. In short, Serval provides resilient mobile communications for all people.

This system is the only mesh mobile telephony system that works on ordinary handsets, and is open source. It lets you use existing telephone numbers and can work without needing an internet connection.

Serval-LR -- Serval Long Range WiFi

Serval Project's goal is making mobile phones useful, even when there is no cellular network or internet available. This particular project prototypes a "helper device" for long-range WiFi.

Serval has developed various technologies that allow voice calls, SMS, file sharing and other services in a completely distributed manner. Robust security is being progressively introduced into these technologies, with voice calls already enjoying end to end encryption, and our UDP-like Mesh Datagram Protocol (MDP) also enjoying automatic encryption.

The Serval Project is intended to be useful in disaster and emergency situations anywhere in the world, as well as for people in rural, remote and developing world settings where traditional cellular service may not be available or may be too expensive. The Serval Project's technologies also have obvious application to enabling freedom of speech and communications for people under oppressive regimes.

Serval currently uses ad-hoc WiFi on mobile phones to form the mesh network. This requires root access on Android, and is unlikely to ever be possible on iPhone. Also, ad-hoc WiFi, while useful, has many limitations, including limited range and relatively high power consumption. This particular project aims to prototype a "helper device", that would consist of a WiFi-enabled Arduino-compatible device attached to a low-cost radio module, and then to integrate that hardware with the Serval platform.

The result will be a box that allows any WiFi enabled phone (Android, iPhone, Blackberry, Nokia S60 etc) to connect to the mesh. Some platforms will have a first-class native client, e.g., Android, while others will be able to use an HTML client to access mesh functions.

Moreover, the box will be capable of long-range communications to other such boxes. Current estimates suggest that ranges of 6x-18x WiFi range are possible, allowing line-of-sight range of perhaps 1km or more.

Finally, the box will be able to be integrated with satellite data terminals and short-burst data modules (basically satellite SMS) to allow the connection of mesh networks to the outside world.

SnabbWall

Layer-7 firewalls, or application firewalls, empower technical users and administrators near the endpoints of networks. They can provide one centralized, flexible tool to subsume many other ones, simultaneously reducing the burden to learn how to achieve certain ends, and freeing people from the confines of very specific tools.

Software Defined Networking has been revolutionizing the network space over the last couple of years. SDN uses commodity hardware to implement network elements and functionalities which were generally provided by very expensive, and usually inflexible, special-purpose network appliances.

SnabbWall is designed as a modular, application-level (Layer-7) firewall suite built on the foundations of the popular open source SDN Snabb Switch, allowing it to be used with cheap commodity hardware.

As an application-level (Layer-7) firewall, it will be able to:

  • Inspect network traffic and detect flows of related data, and pinpoint which application has produced a certain data flow.
  • Filter (drop, reject, or accept) packets using criteria specified in a set of rules, which can use the information inferred by inspecting the packets.

As a suite, it will include a complete firewall program out of the box.

As a modular system, it will provide a set of components which can be reused in other Snabb Switch designs.

SocketHUB

This project aims to implement a service which enables developers to use common social functions regardless of the 'language' of the various protocols out in the wild. Call it "polyglot" of the social web.

The implementation revolves around a socket server, with a clearly defined protocol/API that the developers can use as a tool to execute actions mainly focused on social interaction on the internet. Identifying users, sending messages, subscribing, sharing, chatting. It will speak whatever language (protocol) necessary to carry out the action, abstracting the implementation details of the various APIs from the developer. Leaving them to focus on creating rich web applications and providing as much compatibility as possible. The app developer can utilize one tool, indicate what they'd like to do, and that tool goes out and 'speaks the right language' to get the job done.

This project is born from the Unhosted community and shares ideologies and goals with projects such as remoteStorage.js.

Stratosphere IPS -- Stratoshere IPS

The Stratosphere IPS is a free software Intrusion Prevention System that uses Machine Learning to detect and block known malicious behaviors in the network traffic. The behaviors are learnt from highly verified malware and normal traffic connections in our research laboratory. Its goal is to provide the community and especially vulnerable targets with low budgets such as NGO's and civil society groups with an advanced tool that can protect against targeted attacks.

Stubby -- Stubby - A DNS Privacy enabled stub resolver

Stubby is an open source project to develop a DNS stub resolver for use on client devices which will provide DNS Privacy for end users by implementing DNS-over-TLS (RFC7858). This service will provide encrypted first-hop access to DNS services protecting users’ DNS queries from eavesdropping at any point along the path between their device and a privacy-enabling DNS server.

TCP-multipath -- TCP multipath

The goal of the project is to implement open source extension of TCP/IP stack to support multipath communication in the Internet. With this approach, users will be able to improve their connection speed and reliably by utilizing several network interfaces simultaneously and receiving aggregate bandwidth.

Modern mobile devices, equipped with several network interfaces, as well as multihomed residential Internet hosts are capable of maintaining multiple simultaneous attachments to the network. This can be favorable for applications that are aiming to increase the overall throughput or minimize the delays caused by roaming between the networks.

This project will design and evaluate an efficient and secure multipath solution on a wedge-layer. Based on Host Identity Protocol (HIP) the design will support multihoming, mobility, NAT traversal, advanced security features, network coding for efficiency in lossy networks and will match the requirements of the most modern applications.

Who will benefit? General network users requiring faster Internet access e.g. over two ADSL lines at home, service provides in Internet requiring higher fault tolerance for their services, network operators providing high speed connectivity e.g. over WLAN and 3G combined.

Timesheets

This project aims to create a platform to develop Adaptive Time-based web applications. This is applied to developing Single-Page Interfaces (SPIs). A SPI can reduce network bandwidth needs, specially important in the fast-growing use of mobile networks. Despite its importance, use of SPIs has not proliferated because it is highly complicated to develop and maintain.

A novel approach based on a W3C specification is proposed: SMIL Timesheets. This approach simplifies the design of time-based web applications and web sites. These interactive applications use time as a major structuring paradigm, i.e. time and events dictate which parts of the application are presented.

SMIL Timesheets are the time counterparts of layout focussed Stylesheets. SMIL Timesheets use the W3C standard SMIL Timing & Synchronization. Timesheets are a perfect match for CSS styles and CSS3 Transitions/Animations. Also, it is designed to synchronize multimedia (HTML5's audio and video) with web content.

In addition the following issue is tackled: wasting network bandwidth is common in multi-device applications. This project aims to dynamically adapt to the capabilities of devices, to save bandwidth and processing power. Such adaptation is achieved via capability-based resource loading for different devices (e.g. media resources, CSS3 emulation, and other).

TLS-KDH -- ARPA2

This project aims to implement the proposed TLS-KDH protocol into a production ready implementation. TLS-KDH is a design from Rick van Rein (ARPA2) that combines the benefits of Kerberos and Diffie-Hellman key exchange into a single unified solution that can be used to add additional security and flexibility to internet resources. Kerberos lends itself well to infrastructure-supported mutual authentication, and can even be used to crossover between realms. A downside of this infrastructure is that a crack of one key can lead to a cascade of reverse-engineered keys. Diffie-Hellman key exchange, nowadays primarily in its Elliptic-Curve variation, can be used to incorporate the desirable property of Forward Secrecy, but its vulnerability to man-in-the-middle attacks must then be overcome by cryptographically binding it to an authentication mechanism. The project will create a production quality implementation based on the open source GnuTLS codebase.

Uberflow

OpenFlow is a cornerstone and the de-facto standard protocol for software-defined networking (SDN). The API for manipulating the network state is currently being standardised by the Open Networking Foundation (ONF) as NBI (which stands for 'North-Bound Interface'). As an emerging standard NBI has significant potential to create the ecosystem for network architectures.

UmTRX

Mission of the UmTRX project is to radically drop price of mobile communications in developing, rural and remote areas. UmTRX aims at providing an open-source, inexpensive yet carrier grade transceiver for GSM Base Station.

This project is a part of a bigger effort to create a completely open GSM network, from a low level hardware to high level software. UmTRX will be the first open hardware to work within the core telecom networks.

This open hardware is being designed specifically to work with OpenBTS and OsmoBTS/OpenBSC open-source projects. While those software projects enjoy quick growth, the hardware side is remaining proprietary. The main reason for this is that such hardware is extremely hard to develop, it requires specific skills and specialists like high-profile RF designers and lots of effort to be put in it.

The results of this project have been used to provision affordable mobile service to people at Mayotte island.

Wireguard -- Wireguard

In hostile environments such as the open internet, Virtual Private Network technology play a major role in protecting users both from snooping and malicious traffic injection. WireGuard is a general purpose VPN - the new kd on the block that is fast, simple and lean. It can run on embedded interfaces and super computers alike, fit for many different circumstances. Its goal is to be the most secure, easiest to use, and simplest VPN solution in the industry.

Wisper -- Long distance wifi IPv6 internet infrastructure

Wisper is a concept (an idea) in the field of long distance wifi network infrastructures with a practical and concrete internet service provision goal. Wisper is the buzz word in order to stimulate concrete project proposals and cooperative initiatives focussed on creating a new mesh-type: solely based on wifi and IPv6 internet connections.

The access nodes in Wisper are projected to be low cost (US$ 100) wifi boxes some Public Domain (fully self-configuring) networking software (probably on Linux and/or BSD OS's). Access and usage to the Wisper network should be free of charge. The plan is to create clouds of Wisper nodes. And then clouds of Wisper-clouds, expanding all over the globe.

Calls

Send in your ideas.
Deadline Feb 1st, 2018.

 
Help fundraising for the open internet with 5 minutes of your time

Project list

Project abstracts