#FactCheck - Digitally Altered Video of Olympic Medalist, Arshad Nadeem’s Independence Day Message

11th November 2022 CyberPeace Foundation in association with Universal Acceptance has successfully conducted the workshop on Universal Acceptance and Multilingual Internet for the students and faculties of BIT University under CyberPeace Center of Excellence (CCoE).

CyberPeace Foundation has always been engaged towards the aim of spreading awareness regarding the various developments, avenues, opportunities and threats regarding cyberspace. The same has  been the keen principle of the CyberPeace Centre of Excellence setup in collaboration with various esteemed educational institutes. We at CyberPeace Foundation would like to take the collaborations and our efforts to a new height of knowledge and awareness by proposing a workshop on UNIVERSAL ACCEPTANCE AND MULTILINGUAL INTERNET. This workshop was instrumental in providing the academia and research community a wholesome outlook towards the multilingual spectrum of internet including Internationalized domain names and email address Internationalization.

‍Date –11th November 2022

‍Time – 10:00 AM to 12:00 PM

‍Duration – 2 hours

‍Mode - Online

‍Audience – Academia and Research Community

‍Participants Joined- 15

‍Crowd Classification - Engineering students (1st and 4th year, all streams) and Faculties members

‍Organizer : Mr. Harish Chowdhary : UA Ambassador

‍Moderator: Ms. Pooja Tomar, Project coordinator cum trainer

‍Speakers - Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG)and

‍Mr. Mahesh D Kulkarni Director, Evaris Systems and Former Senior Director, CDAC, Government of India,First session was delivered by Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG) “Universal Acceptance( UA) and why UA matters?”

• What is universal acceptance?
• UA is cornerstone to a digitally inclusive internet by ensuring all domain names and email addresses in all languages, script and character length.
• Achieving UA ensures that every person has the ability to navigate the internet.
• Different UA issues were also discussed and explained.
• Tagated systems by the UA and implication were discussed in detail.

Second session was delivered by Mr. Mahesh D Kulkarni, ES Director Evaris on the topic of “IDNs in Indian languages perspective- challenges and solutions”.

• The multilingual diversity of India was focused on and its impact.
• Most students were not aware of what Unicode, IDNS is and their usage.
• Students were briefed by giving real time examples on IDN, Domain name implementation using local language.
• In depth knowledge of and practical exposure of Universal Acceptance and Multilingual Internet has been served to the students.
• Tools and Resources for Domain Name and Domain Languages were explained.
• Languages nuances of Multilingual diversity of India explained with real time facts and figures.
• Given the idea of IDN Email,Homograph attack,Homographic variant with proper real time examples.
• Explained about the security threats and IDNA protocols.
• Given the explanation on ABNF.
• Explained the stages of Universal Acceptance.

Executive Summary:

One of the most complex threats that have appeared in the space of network security is focused on the packet rate attacks that tend to challenge traditional approaches to DDoS threats’ involvement. In this year, the British based biggest Internet cloud provider of Europe, OVHcloud was attacked by a record and unprecedented DDoS attack reaching the rate of 840 million packets per second. Targets over 1 Tbps have been observed more regularly starting from 2023, and becoming nearly a daily occurrence in 2024. The maximum attack on May 25, 2024, got to 2.5 Tbps, this points to a direction to even larger and more complex attacks of up to 5 Tbps. Many of these attacks target critical equipment such as Mikrotik models within the core network environment; detection and subsequent containment of these threats prove a test for cloud security measures.

Modus Operandi of a Packet Rate Attack:

A type of cyberattack where an attacker sends with a large volume of packets in a short period of time aimed at a network device is known as packet rate attack, or packet flood attack or network flood attack under volumetric DDoS attack. As opposed to the deliberately narrow bandwidth attacks, these raids target the computation time linked with package processing. 

Key technical characteristics include: 

• Packet Size: Usually compact, and in many cases is less than 100 bytes 
• Protocol: Named UDP, although it can also involve TCP SYN or other protocol flood attacks 
•  Rate: Exceeding 100 million packets per second (Mpps), with recent attacks exceeding 840 Mpps 
• Source IP Diversity: Usually originating from a small number of sources and with a large number of requests per IP, which testifies about the usage of amplification principles 
• Attack on the Network Stack : To understand the impact, let's examine how these attacks affect different layers of the network stack:

1. Layer 3 (Network Layer):

• Each packet requires routing table lookups and hence routers and L3 switches have the problem of high CPU usage. 
• These mechanisms can often be saturated so that network communication will be negatively impacted by the attacker.

2. Layer 4 (Transport Layer):

• Other stateful devices (e.g. firewalls, load balancers) have problems with tables of connections 
• TCP SYN floods can also utilize all connection slots so that no incoming genuine connection can be made.

3. Layer 7 (Application Layer): 

• Web servers and application firewalls may be triggered to deliver a better response in a large number of requests 
• Session management systems can become saturated, and hence, the performance of future iterations will be a little lower than expected in terms of their perceived quality by the end-user. 

Technical Analysis of Attack Vectors

Recent studies have identified several key vectors exploited in high-volume packet rate attacks:

1.MikroTik RouterOS Exploitation:

• Vulnerability: CVE-2023-4967
• Impact: Allows remote attackers to generate massive packet floods
• Technical detail: Exploits a flaw in the FastTrack implementation

2.DNS Amplification:

• Amplification factor: Up to 54x
• Technique: Exploits open DNS resolvers to generate large responses to small queries
• Challenge: Difficult to distinguish from legitimate DNS traffic

3.NTP Reflection:

• Command: monlist
• Amplification factor: Up to 556.9x
• Mitigation: Requires NTP server updates and network-level filtering

Mitigation Strategies: A Technical Perspective

1. Combating packet rate attacks requires a multi-layered approach:

• Hardware-based Mitigation:
• Implementation: FPGA-based packet processing
• Advantage: Can handle millions of packets per second with minimal latency
• Challenge: High cost and specialized programming requirements

2.Anycast Network Distribution:

• Technique: Distributing traffic across multiple global nodes
• Benefit: Dilutes attack traffic, preventing single-point failures
• Consideration: Requires careful BGP routing configuration

3.Stateless Packet Filtering:

• Method: Applying filtering rules without maintaining connection state
• Advantage: Lower computational overhead compared to stateful inspection
• Trade-off: Less granular control over traffic

4.Machine Learning-based Detection:

• Approach: Using ML models to identify attack patterns in real-time
• Key metrics: Packet size distribution, inter-arrival times, protocol anomalies
• Challenge: Requires continuous model training to adapt to new attack patterns

Performance Metrics and Benchmarking

When evaluating DDoS mitigation solutions for packet rate attacks, consider these key performance indicators:

• Flows per second (fps) or packet per second (pps) capability
• Dispersion and the latency that comes with it is inherent to mitigation systems.
• The false positive rate in the case of the attack detection
• Exposure time before beginning of mitigation from the moment of attack

Way Forward

The packet rate attacks are constantly evolving where the credible defenses have not stayed the same. The next step entails extension to edge computing and 5G networks for distributing mitigation closer to the attack origins. Further, AI-based proactive tools of analysis for prediction of such threats will help to strengthen the protection of critical infrastructure against them in advance.

In order to stay one step ahead in this, it is necessary to constantly conduct research, advance new technologies, and work together with other cybersecurity professionals. There is always a need to develop secure defenses that safeguard these networks.

Reference:

https://blog.ovhcloud.com/the-rise-of-packet-rate-attacks-when-core-routers-turn-evil/

https://cybersecuritynews.com/record-breaking-ddos-attack-840-mpps/

https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/

‍

Introduction

Rajeev Chandrasekhar, the Union minister of state for information technology (IT), said that the Global Partnership on Artificial Intelligence (GPAI) Summit, which brings together 29 member governments, including the European Union, announced on 13th December 2023 that the New Delhi Declaration had been adopted. The proclamation committed to developing AI applications for medical treatment and agribusiness jointly and taking the needs of the Global South into account when developing AI.

In addition, signing countries committed to leveraging the GPAI infrastructure to establish a worldwide structure for AI safety and trust, as well as to make AI advantages and approaches accessible to all. In order to complete the recommended structure in six months, India also submitted a proposal to host the GPAI Global Governance Summit.

“The New Delhi Declaration, which aims to place GPAI at the forefront of defining the future of AI in terms of both development and building cooperative AI across the partner states, has been unanimously endorsed by 29 GPAI member countries. Nations have come to an agreement to develop AI applications in healthcare, agriculture, and numerous other fields that affect all of our nations and citizens,” Chandrasekhar stated.

The statement highlights GPAI's critical role in tackling modern AI difficulties, such as generative AI, through submitted AI projects meant to maximize benefits and minimize related risks while solving community problems and worldwide difficulties.

GPAI

Global Partnership on Artificial Intelligence (GPAI) is an organisation of 29 countries from the Americas (North and South), Europe and Asia. It has important players such as the US, France, Japan and India, but it excludes China. The previous meeting took place in Japan. In 2024, India will preside over GPAI.

In order to promote and steer the responsible implementation of artificial intelligence based on human rights, multiculturalism, gender equality, innovation, economic growth, the surroundings, and social impact, this forum was established in 2020. Its goal is to bring together elected officials and experts in order to make tangible contributions to the 2030 Agenda and the UN Sustainable Development Goals (SDGs). 

Given the quick and significant advancements in artificial intelligence over the previous year, the meeting in New Delhi attracted particular attention. They have sparked worries about its misuse as well as enthusiasm about its possible advantages.

The Summit

The G20 summit, which India hosted in September 2023, provided an atmosphere for the discussions at the GPAI summit. There, participants of this esteemed worldwide economic conference came to an agreement on how to safely use AI for "Good and for All."

In order to safeguard people's freedoms and security, member governments pledged to address AI-related issues "in a responsible, inclusive, and human-centric manner."

The key tactic devised is to distribute AI's advantages fairly while reducing its hazards. Promoting international collaboration and discourse on global management for AI is the first step toward accomplishing this goal. 

A major milestone in that approach was the GPAI summit.

The conversation on AI was started by India's Prime Minister Narendra Modi, who is undoubtedly one of the most tech-aware and tech-conscious international authorities.

He noted that every system needs to be revolutionary, honest, and trustworthy in order to be sustained.

"There is no doubt that AI is transformative, but it is up to us to make it more and more transparent." He continued by saying that when associated social, ethical, and financial concerns are appropriately addressed, trust will increase.

After extensive discussions, the summit attendees decided on a strategy to establish global collaboration on a number of AI-related issues. The proclamation pledged to place GPAI at the leading edge of defining AI in terms of creativity and cooperation while expanding possibilities for AI in healthcare, agriculture, and other areas of interest, according to Union Minister Rajeev Chandrasekhar.

There was an open discussion of a number of issues, including disinformation, joblessness and bias, protection of sensitive information, and violations of human rights. The participants reaffirmed their dedication to fostering dependable, safe, and secure AI within their respective domains.

Concerns raised by AI

• The issue of legislation comes first. There are now three methods in use. In order to best promote inventiveness, the UK government takes a "less is more" approach to regulation. Conversely, the European Union (EU) is taking a strong stance, planning to propose a new Artificial Intelligence Act that might categorize AI 'in accordance with use-case situations based essentially on the degree of interference and vulnerability'.
• Second, analysts say that India has the potential to lead the world in discussions about AI. For example, India has an advantage when it comes to AI discussions because of its personnel, educational system, technological stack, and populace, according to Markham Erickson of Google's Centers for Excellence. However, he voiced the hope that Indian regulations will be “interoperable” with those of other countries in order to maximize the benefits for small and medium-sized enterprises in the nation.
• Third, there is a general fear about how AI will affect jobs, just as there was in the early years of the Internet's development. Most people appear to agree that while many jobs won't be impacted, certain jobs might be lost as artificial intelligence develops and gets smarter. According to Erickson, the solution to the new circumstances is to create "a more AI-skilled workforce." 
• Finally, a major concern relates to deepfakes defined as 'digital media, video, audio and images, edited and manipulated, using Artificial Intelligence (AI).'

Need for AI Strategy in Commercial Businesses

Firstly, astute or mobile corporate executives such as Shailendra Singh, managing director of Peak XV Partners, feel that all organisations must now have 'an AI strategy'.

Second, it is now impossible to isolate the influence of digital technology and artificial intelligence from the study of international relations (IR), foreign policy, and diplomacy. Academics have been contemplating and penning works of "the geopolitics of AI."

Combat Strategies

"We will talk about how to combine OECD capabilities to maximize our capacity to develop the finest approaches to the application and management of AI for the benefit of our people. The French Minister of Digital Transition and Telecommunications", Jean-Noël Barrot, informed reporters. 

Vice-Minister of International Affairs for Japan's Ministry of Internal Affairs and Communications Hiroshi Yoshida stated, "We particularly think GPAI should be more inclusive so that we encourage more developing countries to join." Mr Chandrasekhar stated, "Inclusion of lower and middle-income countries is absolutely core to the GPAI mission," and added that Senegal has become a member of the steering group.

India's role in integrating agribusiness into the AI agenda was covered in a paragraph. The proclamation states, "We embrace the use of AI innovation in supporting sustainable agriculture as a new thematic priority for GPAI."

Conclusion

The New Delhi Declaration, which was adopted at the GPAI Summit, highlights the cooperative determination of 29 member nations to use AI for the benefit of all people. GPAI, which will be led by India in 2024, intends to influence AI research with an emphasis on healthcare, agriculture, and resolving ethical issues. Prime Minister Narendra Modi stressed the need to use AI responsibly and build clarity and confidence. Legislative concerns, India's potential for leadership, employment effects, and the difficulty of deepfakes were noted. The conference emphasized the importance of having an AI strategy in enterprises and covered battle tactics, with a focus on GPAI's objective, which includes tolerance for developing nations. Taken as a whole, the summit presents GPAI as an essential tool for navigating the rapidly changing AI field.

References

• https://www.thehindu.com/news/national/ai-summit-adopts-new-delhi-declaration-on-inclusiveness-collaboration/article67635398.ece
• https://www.livemint.com/news/india/gpai-meet-adopts-new-delhi-ai-declaration-11702487342900.html
• https://startup.outlookindia.com/sector/policy/global-partnership-on-ai-member-nations-unanimously-adopt-new-delhi-declaration-news-10065
• https://gpai.ai/