CAREER: Securing and Evolving Internet Security Protocols for Naming and Routing

职业：保护和发展用于命名和路由的互联网安全协议

• 批准号: 2339378
• 负责人: Taejoong Chung
• 金额: $ 69.13万
• 依托单位: Virginia Polytechnic Institute and State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-05-01 至 2029-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2339378&HistoricalAwards=false
• 关键词: CAREER; Securing; Evolving; Internet; Security

Internet's naming relies on the Domain Name System (DNS). Security Extensions of DNS (DNSSEC) and Resource Public Key Infrastructure (RPKI) safeguard the Internet's two critical aspects: naming through DNSSEC and routing through Border Gateway Protocol (BGP) using RPKI. Despite their pivotal importance, fully grasping the principles of RPKI and DNSSEC and managing them securely and effectively presents challenges, given their complexity and the diverse ways they are deployed and implemented across various entities. This project aims to improve the visibility, understanding, administration, and security of these essential components of Internet infrastructure.The project targets three main objectives. Firstly, it introduces a technique for evaluating DNS and RPKI clients at scale, leveraging residential virtual private network (VPN) proxies and perturbation techniques such as fuzzing and genetic algorithms to pinpoint and address security vulnerabilities. Secondly, it plans to analyze the causes of configuration errors from administrators' viewpoints, aiming to create machine learning-based tools for automatic correction of errors. Lastly, it plans to leverage RPKI and DNSSEC to improve the security of other network protocols, focusing on TLS revocation trust issues and the security assessment of critical infrastructure communication channels.By providing a clearer understanding and effective management tools for DNSSEC and RPKI, the project addresses fundamental challenges in ensuring the Internet remains a secure and trustworthy environment. This is important for maintaining the integrity and reliability of Internet naming and routing, which are foundational to the global digital ecosystem. The project's outcomes will be to help minimize mismanagement and vulnerabilities, towards enhancing the overall security and resilience of the Internet.The project's resources, including tools, datasets, and source code, will be made available at https://projects.netsecurelab.org, ensuring long-term access for researchers, practitioners, and policymakers interested in Internet security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Internet的命名依赖于域名系统（DNS）。 DNS（DNSSEC）和资源公共密钥基础架构（RPKI）的安全扩展保护Internet的两个关键方面：通过DNSSEC命名和使用RPKI通过边界网关协议（BGP）进行路由。尽管它们的重要性至关重要，但鉴于它们的复杂性以及它们在各个实体中部署和实施的方式，完全掌握了RPKI和DNSSEC的原则，并安全有效地提出了挑战。该项目旨在提高互联网基础架构这些基本组成部分的可见性，理解，管理和安全性。该项目针对三个主要目标。首先，它引入了一种用于评估DNS和RPKI客户端的技术，利用住宅虚拟专用网络（VPN）代理和扰动技术（例如模糊和遗传算法）来确定和解决安全漏洞。其次，它计划从管理员的角度分析配置错误的原因，旨在创建基于机器学习的工具以自动校正错误。 Lastly, it plans to leverage RPKI and DNSSEC to improve the security of other network protocols, focusing on TLS revocation trust issues and the security assessment of critical infrastructure communication channels.By providing a clearer understanding and effective management tools for DNSSEC and RPKI, the project addresses fundamental challenges in ensuring the Internet remains a secure and trustworthy environment.这对于维持互联网命名和路由的完整性和可靠性很重要，这是全球数字生态系统的基础。 The project's outcomes will be to help minimize mismanagement and vulnerabilities, towards enhancing the overall security and resilience of the Internet.The project's resources, including tools, datasets, and source code, will be made available at https://projects.netsecurelab.org, ensuring long-term access for researchers, practitioners, and policymakers interested in Internet security.This award reflects NSF's statutory mission and has使用基金会的知识分子优点和更广泛的审查标准，被认为值得通过评估来支持。