IMR: MT: Tools for Measuring Route Origin Validation in Resource Public Key Infrastructure (RPKI) at Scale

IMR：MT：用于大规模测量资源公钥基础设施 (RPKI) 中的路由源验证的工具

• 批准号: 2323137
• 负责人: Taejoong Chung
• 金额: $ 60万
• 依托单位: Virginia Polytechnic Institute and State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-12-15 至 2025-11-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2323137&HistoricalAwards=false
• 关键词: IMR; MT; Tools; Measuring; Route

The initial design of the Internet's global routing lacked security mechanisms, leaving it vulnerable to various attacks, including BGP (Border Gateway Protocol) hijacking. To address this issue, a security protocol called RPKI (Resource Public Key Infrastructure) was introduced. At its core, RPKI aims to enhance security by enabling routers to verify the legitimacy of the route and its authorized owner through a process known as Route Origin Validation (ROV). By implementing ROV, routers can ensure that the routes they receive originate from legitimate sources, thereby mitigating the risks associated with unauthorized route hijacking.This proposal aims to develop and enhance a dedicated tool, designed to measure and evaluate the Route Origin Validation (ROV) status of network operators. The project will involve implementing automated processes to collect measurable hosts within Autonomous Systems (ASes) and assess the ROV status of ASes on a large scale by leveraging the in-the-wild RPKI-invalid prefixes and applying IP-ID side-channel technique. A significant challenge lies in obtaining accurate ground truth datasets from network operators. To overcome this challenge, we will utilize periodic surveys and manual efforts to gather ground truth information from network operators, ensuring reliable and comprehensive data for analysis.This project's significance lies in its ability to facilitate valuable research. By providing reliable sources of information regarding network operators, it will enable a deeper understanding of the overall security level of Internet routing. Additionally, the project's findings can be utilized to estimate the adoption and deployment of potential new standards like ASPA (Autonomous System Provider Authorization). Through these insights, the project will contribute to advancing the understanding and development of secure Internet routing practices.The tools, datasets, and source codes will be thoroughly documented and accessible for download as well. Furthermore, there are plans to maintain the tools for the foreseeable future, ensuring continued availability and support for users interested in leveraging its capabilities.This award is jointly supported by the Networking Technology and Systems (NeTS) Program and the Secure and Trustworthy Cyberspace (SaTC) Program in the Computer and Network Systems Division, and by the Office of Advanced Cyberinfrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网全球路由的最初设计缺乏安全机制，使其容易受到包括BGP(边界网关协议)劫持在内的各种攻击。为了解决这个问题，人们引入了一种称为RPKI(资源公钥基础设施)的安全协议。RPKI的核心是通过使路由器能够通过称为路由起源验证(ROV)的过程来验证路由及其授权所有者的合法性，从而增强安全性。通过实施ROV，路由器可以确保它们接收的路由来自合法来源，从而降低与未经授权的路由劫持相关的风险。该提案旨在开发和增强一种专用工具，旨在测量和评估网络运营商的路由起源验证(ROV)状态。该项目将涉及实施自动化过程，以收集自治系统(AS)内的可测量主机，并通过利用野外RPKI无效前缀和应用IP-ID侧通道技术来大规模评估AS的ROV状态。一个重大的挑战在于从网络运营商那里获得准确的地面真实数据集。为了克服这一挑战，我们将利用定期调查和手动从网络运营商那里收集地面真实信息，确保可靠和全面的数据用于分析。这个项目的意义在于它能够促进有价值的研究。通过提供有关网络运营商的可靠信息来源，它将使人们能够更深入地了解互联网路由的整体安全水平。此外，该项目的发现可以用来估计潜在的新标准的采用和部署，如ASPA(自治系统提供商授权)。通过这些见解，该项目将有助于促进对安全互联网路由实践的理解和发展。工具、数据集和源代码将得到全面记录，并可供下载。此外，还计划在可预见的将来维护这些工具，确保对利用其功能感兴趣的用户继续提供和支持。该奖项由计算机和网络系统部门的网络技术和系统(NETS)计划以及安全和值得信赖的网络空间(SATC)计划以及高级网络基础设施办公室联合支持。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。