Skip to main content
Resources

ICANN Grant Program First Cycle of Funded Projects

Deployment of IPv6 In African Countries

Grantee: African Telecommunications Union (Kenya)

Grant Amount: $398,040.50

Many countries in Africa still rely heavily on IPv4, which is running out of available IP addresses. There is an urgent need to deploy IPv6 in Africa. The adoption of IPv6 in Africa lags behind other regions, ranging between 10-15% of the global average of 30%, according to the latest IPv6 deployment statistics from Google. Deploying IPv6 in Africa will require multifaceted strategies combining technical, organizational and policy innovations. This project aims to provide awareness, capacity building, infrastructure an technical  support, collaboration, roadmap and monitoring to IPv6 transition for Governments in about 30 less developed countries such as  Benin, Burkina Faso, Burundi, Cabo Verde, Central Africa Republic Comoros, Djibouti, Eswatini, Gabon, Gambia, Guinea, Guinea Bissau, Liberia, Madagascar, Malawi, Mali, Mauritania, Niger, Republic of Congo, Sao Tome and Principe, Sierra Leone, Somalia, South Sudan, Sudan, Chad and Togo, to be done in phases within two years.

Passive DNSSEC Data Collection Platform (GUPPY)

Grantee: Ajman University (United Arab Emirates)

Grant Amount: $410,300.00

Ajman University will develop a Passive DNSSEC Data Collection Platform (GUPPY) that passively crawls all gTLDs & ccTLD Zones frequently and stores all the DNSSEC records related to every DNS zone for diagnostic and passive monitoring purposes. This platform shall be accessible complimentary to the global Internet Community, and shall be useful for identifying DNSSEC deployment gaps, other DNSSEC diagnostics, error troubleshooting and protection against zero-day DNSS attacks. As part of this project, Ajman University will also develop a small DNSSEC research lab that will host the Passive DNSSEC platform and shall also support the DNSSEC related research activities in the Ajman University. The infrastructure will help train community and students of Ajman University around DNSSEC and relevant areas.

Enhancing Digital Inclusivity and Universal Acceptance through Educational Outreach

Grantee: Asociación A Favor De Lo Mejor, A.C. (Mexico)

Grant Amount: $500,000.00

Our initiative, Enhancing Digital Inclusivity and Universal Acceptance through Educational Outreach, focuses on integrating a cutting-edge digital platform to promote universal acceptance and digital inclusivity. This platform will enable users across Mexico and Latin America to access educational content that foster understanding and implementation of internationalized domain names (IDNs) and multilingual email addresses. By providing tools and resources that are universally accessible, the project aims to make significant strides towards a more inclusive and interconnected digital world, where every community member can navigate the Internet without linguistic or cultural barriers. 

African Internet Observatory for Assessing Resilience of Critical Cyber Infrastructure

Grantee: Carnegie Mellon University (United States)

Grant Amount: $450,389.00

Today content and services are hosted externally in Europe and traffic between countries in Africa is circuitous, often through Europe. These connectivity challenges impact the availability and cyber resilience of critical services, e.g., the fiber outage in west Africa left many without power because the national power company’s payment system was hosted externally. Moreover, the additional latency and network jitter impacts the network’s ability to host many crucial and emerging services, e.g., live streaming, and federated learning. The African Internet Observatory is a measurement platform with measurement analysis techniques aimed at shedding light on the digital connectivity landscape in Africa. To this end, our goals are to deploy a large ecosystem of assessment devices, to develop statistical analysis techniques to ensure representative and context aware analysis, and to create frameworks to simulate/investigate the implications of intervention activities.

Closing the DNSSEC Maturity Gap Through Automation

Grantee: deSEC e.V. (Germany)

Grant Amount: $399,912.00

Our goal is the standardization and broad implementation of automation for managing DNSSEC delegations (i.e., DS record provisioning and related tasks) accompanied by capacity building for continued deployment of these solutions on a global level. Unlike a DNS operator’s internal operations, delegation management is a multi-party process (involving child and parent) and has not seen significant automation. Unless automated, DNSSEC remains incomplete and cannot deliver on its promise to reliably enable authentic connections. Misconfigurations followed by outages are common, causing skepticism towards the technology. This is in contrast to both ICANN’s call for full deployment and its mission, which includes ensuring the stable and secure DNS operation. The objective thus is to push the DNSSEC ecosystem towards greater completeness, reliability, and maturity.

Empowering Māori in Internet Governance and DNS Management: A Culturally Tailored Educational Programme for Enhancing Equitable & Indigenous Participation in Aotearoa New Zealand's Digital Landscape

Grantee: Digital Natives Academy Charitable Trust (New Zealand)

Grant Amount: $350,000.00

Our project aims to bridge the digital literacy and internet governance gap for Māori communities, aligning with ICANN's mission to ensure a stable, secure, and interoperable internet. This project will focus on education and capacity building in the domain name system (DNS) and internet governance, providing an NZQA-accredited programme tailored to the needs of indigenous Māori learners. This initiative enhances the participation of indigenous communities in global internet governance, fostering diversity and inclusion. By equipping Māori with the necessary skills and knowledge for active engagement in DNS management, internet governance and policy development, we contribute to the development, distribution, and evolution of a unified internet. Our project empowers indigenous Māori communities and enhances the resiliency and sustainability of the Internet at the local, national, or global level.

Assessing GeoTLD's Performance for Enhanced Internet Accessibility: An Open Source Methodological Approach

Grantee: Fundació privada puntCAT (Spain)

Grant Amount: $346,655.27

This project investigates GeoTLD performance in search engines, including AI-powered ones. We aim to assess their effectiveness in improving online access and discoverability for specific communities, regions, or languages. The GeoTLD performance will be compared with the main TLD domains, hoping to identify and remove barriers hindering online participation for underrepresented groups and encourage their use by relevant communities while ensuring effortless information access for all. This systematic approach aligns with Universal Acceptance principles, ensuring all domain names are recognized globally and contributing to a more inclusive and accessible internet experience. Our findings could inform best practices for the next ICANN Round, potentially driving wider GeoTLD adoption and optimizing the online experience for a global audience. Crucially, our methodology will be open-source, freely available for anyone to utilize and build upon in the future.

Shaping the WSIS+20 Review for a Unified Internet Through Multistakeholderism (SWUIM)

Grantee: Global Network Initiative, Inc. (United States)

Grant Amount: $500,000.00

This project seeks to shape the WSIS+20 review to preserve the multistakeholder (MS) model of Internet governance (IG), crucial in preserving the open and globally interoperable nature of the Internet. The project will be implemented through a consortium model comprising Global Network Initiative (prime) and Global Partners Digital, who will work with established civil society (CS) partners from 8 target Global South (GS) countries to i) build national stakeholders’ awareness and capacity about IG and multistakeholderism; ii) collate national multistakeholder perspectives through research and national MS dialogues, iii) facilitate GS CS and technical community representation in the WSIS through travel funding and coordination efforts. In doing so, the project will address the lack of meaningful representation of GS CS and the technical community voices in global IG discussions and ensure they are informed by technical considerations and local on the ground realities.

Consumer-Focused Transformation of the Official Publication Site for the RFC Series

Grantee: IETF Administration LLC (United States)

Grant Amount: $455,487.00

The widespread dissemination, understanding and use of the open standards published in RFCs is critical to the development of an open Internet.  For 25+ years, the official distribution channel has been the RFC editor website (owned and operated by the IETF) which makes all RFCs available free of charge in multiple formats both for online reading and download. However, since inception, this website has been designed primarily around the needs of RFC producers not RFC consumers and user experience research shows a significant gap between consumer expectations and features on the site. This project is for a full reimagination of the RFC Editor website to directly address the needs of RFC consumers, based on specialist user experience research into the types of consumers and their differing needs. This builds on another project currently underway and due to complete in 2024, to redevelop the underlying database for the site and the web framework that connects to this database.

Improving DNS Security with a Focus on PKI

Grantee: Internet Security Research Group (United States)

Grant Amount: $375,000.00

Let’s Encrypt relies heavily on DNS lookups to perform issuance and renewal of TLS certificates. As the world’s largest CA, Let’s Encrypt performs on average over 345 billion lookups daily. This project will increase the security of DNS in the TLS cert issuance and renewal process through two initiatives. The first initiative is advancement and implementation of Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS (RFC 9539). We will add RFC 9539 to the Open Source DNS Resolver, Hickory, and replace Let’s Encrypt's current resolver with it. We also aim to increase awareness of RFC 9539. The second initiative is the development of a method for Let’s Encrypt Subscribers to opt-in to requiring Encrypted Recursive-to-Authoritative DNS during domain control validation. This will advance the optional benefits of the first initiative by ensuring that DNS records obtained for domain validation during TLS cert issuance by Let’s Encrypt have not been tampered with.

Strengthening Open Source Tools for Managing IP Address Assignments via DHCP

Grantee: Internet Systems Consortium, Inc (United States)

Grant Amount: $495,000.00

BIND 9, ISC’s Domain Name System (DNS) software program, is the most widely deployed open source DNS software.  DNS requires IP addresses. Most Internet-connected devices in the world obtain their IP addresses from DHCP devices.  Kea DHCP (https://www.isc.org/kea/) is ISC’s newest DHCP software, and is designed for modular extension, dynamic reconfiguration, and high performance. Stork (https://gitlab.isc.org/isc-projects/stork) is a new web-based graphical management platform we are developing to make it easier for people to manage Kea DHCP server deployments. This proposal has two major goals: Conduct an external code audit of both the Kea and Stork open source software systems, focused on security, and address reported issues; expand Stork to extend the functionality significantly and create a more comprehensive DHCP and DNS management system.

Strengthening Kenya's Cybersecurity Posture: Inclusive Capacity Building across Five Regions

Grantee: Kenya Education Network Registered Trustees (Kenya)

Grant Amount: $500,000.00

The recent rise in cybersecurity attacks in Kenya highlights the need for resilient cybersecurity hygiene. To address this, KENET has been conducting cybersecurity and campus network design capacity building workshops to its members at very subsidized costs. Despite KENET's efforts to provide training programs at its headquarters and cover the expenses for the trainer's time, institutions still struggle to send their staff for these critical training due to budgetary constraints thus limiting their access to essential training. The project aims to address the surge in the attacks by offering robust training in DNS and email security, IPv6 security, network security, and identity management; accessible to participants across five regions in the country for inclusivity. We shall employ the Train the Trainer (ToT) model to educate others in the institutions, as we continually create comprehensive course materials accessible through our e-learning portal for continuous remote learning.

Capacity Building And Community Engagement in ccTLDs and gTLDs Management Across Africa

Grantee: Kenya Network Information Centre (Kenya)

Grant Amount: $500,000.00

The internet's stability, security, and interoperability rely on the effective management of country code top-level domains (ccTLDs) by registrars. In Africa, there is a growing need to enhance the capacity of ccTLD registrars to meet the demands of the digital economy. This proposal outlines a collaborative initiative between the African Advanced Level Telecommunications Institute (AFRALTI) and the Kenya Network Information Centre (KENIC) aimed at promoting capacity development and research initiatives among ccTLD registrars across Africa. With the global move to the digital economy, it is imperative for registries and registrars to stay updated with the latest industry trends, regulatory changes, and technological advancements to maintain operational excellence and meet the growing demands of the domain ecosystem.

Investigating the Impact of DNS Centralization and Regional Discrepancies on the Security, Stability, Performance, and Resilience of DNS-dependent Applications

Grantee: Ruhr-Universität Bochum (Germany)

Grant Amount: $499,912.38

The research project "Investigating the Impact of DNS Centralization and Regional Discrepancies on the Security, Stability, Performance, and Resilience of DNS-dependent Applications" aims to examine how various forms of DNS centralization and regional differences affect applications and services that depend on DNS. We quantitatively assess the costs, risks, and challenges posed of modern DNS deployments on applications, and identify approaches to improve the resilience and performance of DNS globally, breaking away from the traditional focus on DNS security and performance in well-developed countries and for well-connected endpoints. It contributes to a broader understanding grounded in empirical data of how the increasing DNS centralization and regional discrepancies impact DNS-dependent applications, which will help mitigate risks and foster a more resilient and inclusive DNS ecosystem.

Safeguarding Cyberspace Stability: Understanding and Mitigating the Impacts of Internet Fragmentation in the Black Sea Region

Grantee: Scientific Cyber Security Association (Georgia)

Grant Amount: $138,860.00

As the internet becomes central to communication and commerce, a worrying trend of fragmentation threatens its stability. This project tackles this critical issue by examining how internet fragmentation impacts stability of cyberspace by studying the issue in the Black Sea region, a zone of geopolitical tensions. By analyzing various forms of fragmentation and their influence on critical infrastructure and international connectivity, the project aims to develop strategies to mitigate these negative effects. This will not only safeguard the Black Sea's cyberspace but also promote regional security, economic development, and international cooperation. The project's innovative approach includes creating mathematical models to understand fragmentation and its mitigation, making it a valuable contribution to this emerging field. The research planned within the project will allow not only scientists, but practitioners to approach the issue at the start thereof.

Universal Acceptance to the IDNs - Bottom-up Approach - Push 2.0

Grantee: Seva Sahayog Foundation (India)

Grant Amount: $387,487.50

Universal Acceptance to the Internationalized Domain Names is not just a technical challenge, but also a socio-economic challenge. Many efforts to get them going are on, most of which take the "top-down" approach assuming that availability of services would drive the consumer traffic/behavior. However, if one goes by the "first-principle" approach, one has to be absolutely sure that as long as the demand from the user/consumer side does not pick up, mere offering of the services cannot be a starting of a successful venture. In this project we not only plan to take IDNs to those who may just want/use them, but also to those whose involvement in IDNs will expose the presence of the IDNs to a vast amount of user community who can potentially drive the demands for the IDNs up. We term this as a "bottom-up" approach to the UA efforts and are confident that this will bring in necessary impetus to the overall growth of the IDN ecosystem.

Carbon.txt: Use DNS to Discover Sustainability and Energy Data and Reduce the Internet’s Emissions

Grantee: Stichting The Green Web Foundation (Netherlands)

Grant Amount: $495,000.00

Carbon.txt is an open source project that helps people discover sustainability data using internet protocols and DNS. It allows the disclosure of structured, machine-readable data that reports what energy sources digital infrastructure runs on. It’s inspired by security.txt and leverages the internet’s unique identifier systems. To our knowledge no other project connects such data like this. We tap into the unique affordances of DNS and unlock the potential for every internet user to discover sustainability information where it has previously been hard to find, unstructured and unaffordable. We’ll: 1. expand carbon.txt to support sustainability reporting standards in more jurisdictions outside the EU. 2. provide an easy way to perform automated DNS lookups through connecting carbon.txt to our existing open-source software library CO2.js, already used by Mozilla Firefox, WebPageTest & more. 3. build prototypes to showcase how to use these lookups in a meaningful and actionable way.

Secure Time for a Safe Internet

Grantee: Stichting Trifecta Tech Foundation (Netherlands)

Grant Amount: $437,121.00

Security on the internet, such as certificates, relies on a fully secure shared notion of time between all parties. Despite this requirement, most systems today still rely on insecure plain NTP to synchronize their clock. NTS was developed as a way to secure NTP traffic, but its adoption is low. We see two reasons: low availability of client software, as well as low availability and need for explicit selection of NTS servers. Our project aims to solve both issues: we modify the primary time synchronization client on Linux to support NTS, and provide a pool of NTS servers that is easy to use for end users. As the creators of ntpd-rs, one of three implementations of NTP and NTS, we feel we are in the perfect position to make this happen. Our experience working on NTPv5 in the IETF working group gives us the background to work toward the consensus needed for an open and flourishing NTS ecosystem.

Assistance for Domain Name Holders in ICANN's Uniform Dispute Resolution Policy Procedures

Grantee: Universidad Católica del Norte (Chile)

Grant Amount: $500,000.00

The "Assistance for Domain Name Holders in ICANN's Uniform Dispute Resolution Policy Procedures" project addresses the need for legal assistance and education for domain holders, especially those with limited resources, in UDRP disputes. By providing tools, specific knowledge, and legal advice, the project enhances these holders' ability to defend their rights, contributing to the DNS's security and stability. It fosters innovation, improves Internet resilience, and promotes equity by ensuring fair and accessible dispute processes. Additionally, it aligns with ICANN's objectives to strengthen the security, stability, and inclusivity of unique identifier systems, laying the foundation for fairer domain name management practices.

Addressing DNS Abuse in Southern Africa

Grantee: University of Cape Town, Cybersecurity Capacity Centre for Southern Africa - C3SA (South Africa)

Grant Amount: $499,237.68

This research project aims to provide much-needed understanding through awareness-raising and training initiatives aimed at CSIRTs and Registries in southern Africa as part of a Participatory Action Research (PAR) initiative. The project will conduct exploratory research to understand the challenges and opportunities in local contexts while providing context-relevant and much-needed training to CSIRTs and Registries in the region. The project will also raise awareness around the issue of DNS abuse through webinars and social media posts. Practically, data will be collected on the side of training sessions through in-depth interviews and focus group discussions with executives and engineers working at national CSIRTs and Registries in Southern Africa. Data will be analysed using thematic analysis.

Deployability of ILNP at Global Scale

Grantee: University of St Andrews (United Kingdom)

Grant Amount: $496,318.06

We will deliver dynamic multihoming for IPv6 end-systems with existing APIs and applications, without requiring updates to any infrastructure or routing protocols, or use of tunnels or proxies. Using ILNP (RFCs 6740-8) building on IPv6, DNS and existing prototypes tested at IETF Hackathons in 2023/4, we will demonstrate global connectivity on 6 continents. The implementation in FreeBSD will be made publicly available for commercial actors as well as the open source community. Multipath transport and user privacy will be comprehensively demonstrated for TCP, UDP and QUIC. From the start, a work package will be dedicated to running near continuous deployment tests and experiments to demonstrate global deployment and capability improvements as the project progresses. Dynamic multihoming has applications for load balancing, failover, mobility (end-systems and whole networks), IoT / resource-poor devices and resource management in datacenters (see ILNP website and RFC6748).

The DNS Atlas: Assessing Internet Dependency at Scale

Grantee: Universiteit Twente (Netherlands)

Grant Amount: $500,000.00

The DNS serves as a vital element of the Internet nowadays. While its distributed nature has driven DNS's scalability and success, it also introduces risks that undermine its resilience. The successive delegations within the DNS namespace create long dependency chains, increasing the attack surface and compromising the overall stability. Currently, there is a lack of comprehensive characterization of DNS dependency chains. Our project aims to bridge this gap by leveraging built up knowledge of internet measurements and operator economics. We adopt a holistic approach, analyzing the digital supply chain of the DNS ecosystem for critical services such as e-government, healthcare, logistics, finance, and network operators. Our goal is to develop a comprehensive platform that enables companies relying on DNS to assess their direct and indirect dependencies and adopt common best practices across the whole chain, ultimately enhancing the security and stability of the entire ecosystem.

Digital Sovereigns and the Non-Sovereign Internet: A Cautionary Tale (DSNS-ACT)

Grantee: Vrije Universiteit Brussel (Belgium)

Grant Amount: $333,653.00

The infrastructure underlying the internet's global operations has become highly politicised. This project aims to challenge the shift in recent years toward a characterisation of the global internet as a playing field for 'digital sovereigns'. By listening to actors from (separate) communities in different world regions, learning from them, and sharing knowledge amongst them, we hope to help these stakeholders come to terms with the consequences of the new politics of global infrastructures. In this way, we aim to contribute to the efforts to maintain the globally unified internet. By building on our research programme on Digital Sovereignty, our global connections to academic networks (e.g. GigaNet), and policy research institutes (such as the UN University network), we propose a research project that focuses on consolidating conversations and building new understandings of the (un)intended consequences of digital sovereignty discourses and actions.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."