profile picture

Krik van der Vinne

Research Student SCION/Internet at AMS-IX (Master Thesis) / Master student Security & Network Engineering at the University of Amsterdam

Languages

  • Dutch (Native)
  • English (Proficiency)

Interests

About me

A passionate Security and Network Engineering student interested in networking, automation, Infrastructure as Code and designing infrastructures. Always interested in learning something new.

Experiences

Research Student SCION/Internet (Master Thesis)

Jun 2022 - Present
AMS-IX

Researching the role of Internet Exchanges in a SCION ecosystem/Internet.

SCION[1] is a promising future internet architecture that guarantees secure end-to-end communication and enhanced route control. Together with failure isolation and explicit trust, it has attracted the attention not only from multiple researchers and institutions but also from the networking industry. Although SCION is targeting a lot the ISP world, it is interesting to investigate how it is possible to combine the low-latency paths of an Internet Exchange Point with the SCION architecture without disrupting its added benefits and functionalities.

The students of this project are called to discover all the critical SCION functionalities that an IXP needs to adopt to respect the new architecture. Based on the previous outcome, the students can design a SCION IXP and build a small PoC that can run on the 2STiC testbed[2]. For saving time in the implementation part, the students can utilize the SCION code [3] of SIDN Labs and proceed to necessary modifications in order to prove their theory. As a last step, the students will compare their research against the real-life scenario [4] of swiss-ix where few SCION enabled networks are connected to it.

[1] https://scion-architecture.net/
[2] https://2stic.nl/testbed.html
[3] https://github.com/sidn/p4-scion
[4] https://www.swissix.ch/public/scion_flyer.pdf

Founder

Dec 2020 - Present
Alpine North

Alpine North is a networking company providing network management, support, expansion, consulting and various hosting services.

Network Engineer

Jul 2021 - Aug 2021
Fusix Networks B.V., Amsterdam Area

Intern Network Engineer

Feb 2021 - Jul 2021
Fusix Networks B.V., Amsterdam Area

During my graduation internship I researched various methods of protecting ISP networks against DDoS attacks and implemented a DDoS detection and mitigation service. During this period I gained hands-on experience with an assortment of enterprise network equipment and learned a lot about ways to protect ISP networks.

Intern DevOps Engineer

Feb 2020 - Jul 2020
ODC-Noord, Groningen

During my internship I researched how IPv6 could be implemented within the Kubernetes environment of ODC-Noord in a way that would make future IPv6 end-to-end connectivity possible. I learned a lot about the internals of Kubernetes and the pro’s and cons of various networking plugins.

Bakery

2014 - 2015
Albert Heijn, Hoofddorp

I have worked at the supermarket chain Albert Heijn as a side job. My job activities included baking bread, stocking shelves, locking up the bakery and being the point of contact for customers.

Education

MSc in Security and Network Engineering (OS3)

2021 - Expected graduation in 2022
University of Amsterdam

Formerly known as System and Network Engineering, the Security and Network Engineering (SNE) master education is a one-year time-intensive course given at the University of Amsterdam. The focus of the master education lies on Open Standards, Open Software and Open Security, which is where the OS3 name comes from.

The courses covered during the education are: Security of Systems and Networks, Classical Internet Applications, Large Systems, InterNetworking and Routing, CyberCrime and Forensics, Advanced Networking, Offensive Technologies and Advanced Security. In combination with these courses two four-week research projects take place. During the first research project we researched the topic of Segment Routing over IPv6 (SRv6) and compared it to MPLS in existing ISP networks. To conclude the study we researched the role of Internet Exchanges in a SCION ecosystem for our second research project.

BSc in Network and Security Engineering

2017 - 2021
Hanze University of Applied Sciences Groningen

During my study at the Hanze I have gotten acquainted with various skills important for a Network/Security Engineer. We started by learning multiple programming languages (Python, Java, PHP, C & SQL) and shifted over to project management (Agile, Scrum & Waterfall). Computer systems and Infrastructures were also a big part of the curriculum. During the security classes we learned about CISSP (Certified Information Systems Security Professional) and during the Infrastructure classes and workshops we got acquainted with Cisco’s CCNA. During the final year we learned about IT Forensic Research and during the final project we set up a University Infrastructure.

During these four years I was also one of the class representatives.

Minor Security Lab

Sep 2019 - Feb 2020
Rotterdam University of Applied Sciences

During my minor Security Lab at the Rotterdam University of Applied Sciences we took part in 4 projects during which we learned more about social engineering, code reviewing, security auditing and security engineering. For our final project we build the Drone Raptor which is a consumer drone defence system that can not only monitor the sky for unauthorized drones, but also attempt to let them gracefully land or return them to their take-off spot. With this project we won the most technically complex prototype prize.

Projects

During my study and spare time I have worked on multiple projects. The projects I'm most proud of are listed below.

AS60557 - In my spare time I operate AS60557. This is the network for my company with which I'm able to expand my networking skills. It is connected via multiple upstream providers, is connected to a variety of Internet Exchanges and spans various data centers. The network and infrastructure surrounding it is managed by Ansible.
The role of IXPs in a SCION ecosystem - SCION[1] is a promising future internet architecture that guarantees secure end-to-end communication and enhanced route control. Together with failure isolation and explicit trust, it has attracted the attention not only from multiple researchers and institutions but also from the networking industry. Although SCION is targeting a lot the ISP world, it is interesting to investigate how it is possible to combine the low-latency paths of an Internet Exchange Point with the SCION architecture without disrupting its added benefits and functionalities. The students of this project are called to discover all the critical SCION functionalities that an IXP needs to adopt to respect the new architecture. Based on the previous outcome, the students can design a SCION IXP and build a small PoC that can run on the 2STiC testbed[2]. For saving time in the implementation part, the students can utilize the SCION code [3] of SIDN Labs and proceed to necessary modifications in order to prove their theory. As a last step, the students will compare their research against the real-life scenario [4] of swiss-ix where few SCION enabled networks are connected to it. [1] https://scion-architecture.net/ [2] https://2stic.nl/testbed.html [3] https://github.com/sidn/p4-scion [4] https://www.swissix.ch/public/scion_flyer.pdf
Future proofing networks: On core routing and SRv6 - IPv6 was introduced in 1998 and is intended to be the successor of IPv4. The address space of IPv6 is 2^96 bigger than IPv4 and the transition period to IPv6 has now been going on for two decades. When there is the ability to move away from MPLS, SRv6 might become an alternative. LDP is used over IPv4/IPv6 to exchange labels in MPLS environments. How can this task be accomplished in SRv6? Would it be possible to operate both stacks subsequently while moving away from MPLS towards SRv6? How does 4PE differ from the SRv6 technology and can they be related at all? And does SRv6 have the same key capabilities as MPLS like L2VPN’s? It is interesting to take a look at how SRv6 can be implemented in existing environments instead of focussing on greenfield situations. This project focuses on the working of routing IPv4 traffic over SRv6. Additionally it will involve routing exchange mechanisms using MP-BGP and the difference between the OSPF and ISIS extensions for SRv6. This research project will answer the question whether the switch from MPLS towards SRv6 would be feasible in an existing environment while providing comparable features.
Drone Raptor - As the final project for my minor (https://security-lab.nl) we had to create the next generation of prototypes. We decided to build a counter drone system that detects and takes down consumer drones, on which we worked hard for eight weeks. A jury of security experts decided that we have developed the most technically complex prototype out of nine security teams.

Certifications

Over the years I obtained multiple certificates. The most important ones are listed below.

  • Certified Secure Server Security Specialist
    • Certified Secure
    Issued Sep 2019, No Expiration Date
  • Certified Secure Web Security Specialist
    • Certified Secure
    Issued Sep 2019, No Expiration Date
  • Certified Secure Forensic Specialist
    • Certified Secure
    Issued Sep 2019, No Expiration Date
  • Hurricane Electric IPv6 Sage
    • Hurricane Electric
    Issued Jun 2019, No Expiration Date
  • Anglia English AcCEPT PROFICIENCY (CEFR C1)
    • Anglia Examinations
    Issued 2015, No Expiration Date