EAGER: USBRCCR: Researching Internet Routing Security in the Wild
EAGER:USBRCCR:野外研究互联网路由安全
基本信息
- 批准号:1740883
- 负责人:
- 金额:$ 30万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2017
- 资助国家:美国
- 起止时间:2017-09-01 至 2021-08-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
The Internet provides a control plane to establish routes to destinations and a data plane to send traffic, and the protocols for both lack authentication. The lack of authentication allows networks to claim ownership of routes to other networks' addresses in order to siphon traffic (prefix hijacking), and allows devices to claim that their traffic came from a different source (source spoofing). These vulnerabilities form the basis for denial-of-service attacks, traffic interception and snooping, Bitcoin theft, and compromises of Tor's anonymity. Because of these vulnerabilities, routing research is a critical aspect of cybersecurity research. However, researchers lack experimental approaches that let them perform Internet routing experiments that are both realistic and controlled. This project aims to extend the public PEERING research testbed to enable classes of security-focused routing research that are beyond the reach of academic researchers today, and to subsequently develop techniques to identify which networks allow or are vulnerable to prefix hijacks and source spoofing. Results from this project will empower novel routing security research, help identify vulnerable networks, map bot populations, and serve as a step towards improved routing security in the Internet.The project will extend the PEERING research testbed with security-related functionality, including the ability to execute containers on routers, integrating PEERING prefixes with the RPKI (an infrastructure for securing aspects of Internet routing), and making the testbed more reliable. It will also develop algorithms to (1) locate the sources of spoofed attack traffic and to (2) track the adoption of RPKI-based protection against prefix hijacking and identify possible problems in its application. The algorithms will use PEERING's ability to manipulate routing and its extensions developed in this project to force route changes and observe the impact on the volume of spoofed traffic received from each peer and which vantage points do/do not use routes that violate the RPKI. The algorithms will need to address challenges related to limited visibility of Internet routes, lack of ground truth about routing policies, and lack of control of routing decisions of other networks. The researchers will investigate how the algorithms can systematically change routes in order to narrow the set of feasible explanations to those consistent with all observations, yielding more precise inferences. The project's extensions to the testbed will allow others to conduct novel routing security research, and the algorithms from the project will identify vulnerable networks, a key step forwards in addressing the Internet's lack of authentication for traffic and routing.
互联网提供了一个控制平面来建立到目的地的路由,提供了一个数据平面来发送流量,并且用于这两者的协议都缺乏认证。 缺乏身份验证允许网络声称拥有到其他网络地址的路由,以便虹吸流量(前缀劫持),并允许设备声称其流量来自不同的来源(来源欺骗)。 这些漏洞构成了拒绝服务攻击、流量拦截和窥探、比特币盗窃以及Tor匿名性妥协的基础。 由于这些漏洞,路由研究是网络安全研究的一个重要方面。 然而,研究人员缺乏实验方法,让他们执行互联网路由实验,既现实和控制。 该项目的目的是扩展公共PEGNET研究测试平台,以实现当今学术研究人员无法实现的以安全为中心的路由研究,并随后开发技术来识别哪些网络允许或容易受到前缀劫持和源欺骗。该项目的结果将推动新型路由安全研究,帮助识别易受攻击的网络,绘制机器人种群地图,并作为改善互联网路由安全的一步。该项目将通过安全相关功能扩展PEERING研究测试平台,包括在路由器上执行容器的能力,将PEERING前缀与RPKI集成(一种用于保护互联网路由方面的基础设施),并使测试床更加可靠。它还将开发算法,以(1)定位欺骗攻击流量的来源,(2)跟踪基于RPKI的保护措施的采用情况,以防止前缀劫持,并确定其应用中可能存在的问题。该算法将使用PENDIX的能力来操纵路由及其在本项目中开发的扩展,以强制路由更改,并观察对从每个对等体接收的欺骗流量的影响,以及哪些Vantage位置使用/不使用违反RPKI的路由。 这些算法需要解决与互联网路由可见性有限、路由策略缺乏基本事实以及缺乏对其他网络路由决策的控制相关的挑战。 研究人员将研究这些算法如何系统地改变路线,以便将可行的解释集缩小到与所有观察结果一致的解释集,从而得出更精确的推断。 该项目对测试平台的扩展将允许其他人进行新的路由安全研究,该项目的算法将识别易受攻击的网络,这是解决互联网缺乏流量和路由认证的关键一步。
项目成果
期刊论文数量(8)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Tracking Down Sources of Spoofed IP Packets
追踪欺骗性 IP 数据包的来源
- DOI:10.1145/3360468.3368175
- 发表时间:2020
- 期刊:
- 影响因子:0
- 作者:Fonseca, Osvaldo;Cunha, Ítalo;Fazzion, Elverton;Meira, Wagner;Junior, Brivaldo;Ferreira, Ronaldo A.;Katz-Bassett, Ethan
- 通讯作者:Katz-Bassett, Ethan
Cloud Provider Connectivity in the Flat Internet
扁平互联网中的云提供商连接
- DOI:10.1145/3419394.3423613
- 发表时间:2020
- 期刊:
- 影响因子:0
- 作者:Arnold, Todd;He, Jia;Jiang, Weifan;Calder, Matt;Cunha, Italo;Giotsas, Vasileios;Katz-Bassett, Ethan
- 通讯作者:Katz-Bassett, Ethan
PEERING: virtualizing BGP at the edge for research
对等:在边缘虚拟化 BGP 以进行研究
- DOI:10.1145/3359989.3365414
- 发表时间:2019
- 期刊:
- 影响因子:0
- 作者:Schlinker, Brandon;Arnold, Todd;Cunha, Italo;Katz-Bassett, Ethan
- 通讯作者:Katz-Bassett, Ethan
On the Deployment of Default Routes in Inter-domain Routing
浅谈域间路由中默认路由的部署
- DOI:10.1145/3472951.3473505
- 发表时间:2021
- 期刊:
- 影响因子:0
- 作者:Rodday, Nils;Kaltenbach, Lukas;Cunha, Italo;Bush, Randy;Katz-Bassett, Ethan;Rodosek, Gabi Dreo;Schmidt, Thomas C.;Wählisch, Matthias
- 通讯作者:Wählisch, Matthias
DISCO: Sidestepping RPKI's Deployment Barriers
- DOI:10.14722/ndss.2020.24355
- 发表时间:2020
- 期刊:
- 影响因子:0
- 作者:Tom Hlavacek;Ítalo F. S. Cunha;Y. Gilad;A. Herzberg;Ethan Katz-Bassett;Michael Schapira;Haya Schulmann
- 通讯作者:Tom Hlavacek;Ítalo F. S. Cunha;Y. Gilad;A. Herzberg;Ethan Katz-Bassett;Michael Schapira;Haya Schulmann
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Ethan Katz-Bassett其他文献
Ethan Katz-Bassett的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Ethan Katz-Bassett', 18)}}的其他基金
NSF-BSF: NeTS: Small: Making BGP work for real-time interactive applications
NSF-BSF:NeTS:小型:使 BGP 适用于实时交互式应用程序
- 批准号:
2344761 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
IMR:MT: Internet Routing Experiments for the Cloud Era
IMR:MT:云时代的互联网路由实验
- 批准号:
2323307 - 财政年份:2023
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: CNS Core: Medium: A Traffic Map for the Internet
合作研究:CNS 核心:媒介:互联网流量地图
- 批准号:
2212479 - 财政年份:2022
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
RAPID: Collaborative Research: The Internet under Widespread Shelter-in-Place: Resilience, Response, and Lessons for the Future
RAPID:协作研究:广泛就地庇护下的互联网:弹性、响应和未来的教训
- 批准号:
2028550 - 财政年份:2020
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
CSR: NeTS: Medium: Collaborative Research: Cloud Support for Latency-Sensitive Web Services
CSR:NeTS:媒介:协作研究:对延迟敏感的 Web 服务的云支持
- 批准号:
1835253 - 财政年份:2018
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
CI-New: Collaborative Research: An Open Platform for Internet Routing Experiments
CI-New:协作研究:互联网路由实验的开放平台
- 批准号:
1835252 - 财政年份:2018
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
CAREER: Routing for the Emerging Topologies of Modern Internet Services
职业:现代互联网服务新兴拓扑的路由
- 批准号:
1836872 - 财政年份:2018
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
CSR: NeTS: Medium: Collaborative Research: Cloud Support for Latency-Sensitive Web Services
CSR:NeTS:媒介:协作研究:对延迟敏感的 Web 服务的云支持
- 批准号:
1564242 - 财政年份:2016
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
CI-New: Collaborative Research: An Open Platform for Internet Routing Experiments
CI-New:协作研究:互联网路由实验的开放平台
- 批准号:
1406042 - 财政年份:2015
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
CAREER: Routing for the Emerging Topologies of Modern Internet Services
职业:现代互联网服务新兴拓扑的路由
- 批准号:
1351100 - 财政年份:2014
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
相似海外基金
EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures
EAGER:USBRCCR:协作:物联网基础设施中信息流的轻量级策略执行
- 批准号:
1740916 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Collaborative: Securing Networks in the Programmable Data Plane Era
EAGER:USBRCCR:协作:确保可编程数据平面时代的网络安全
- 批准号:
1740791 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures
EAGER:USBRCCR:协作:物联网基础设施中信息流的轻量级策略执行
- 批准号:
1740897 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Collaborative: Securing Networks in the Programmable Data Plane Era
EAGER:USBRCCR:协作:确保可编程数据平面时代的网络安全
- 批准号:
1740911 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
EAGER: USBRCCR: HealthSense: Assessing and Protecting Privacy in Wireless Wearable Sensor-Generated Medical Data
EAGER:USBRCCR:HealthSense:评估和保护无线可穿戴传感器生成的医疗数据中的隐私
- 批准号:
1740907 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Improving Network Security at the Network Edge
EAGER:USBRCCR:提高网络边缘的网络安全性
- 批准号:
1740895 - 财政年份:2017
- 资助金额:
$ 30万 - 项目类别:
Standard Grant