CAREER: Securing and Evolving Internet Security Protocols for Naming and Routing

职业：保护和发展用于命名和路由的互联网安全协议

• 批准号: 2339378
• 负责人: Taejoong Chung
• 金额: $ 69.13万
• 依托单位: Virginia Polytechnic Institute and State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-05-01 至 2029-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2339378&HistoricalAwards=false
• 关键词: CAREER; Securing; Evolving; Internet; Security

Internet's naming relies on the Domain Name System (DNS). Security Extensions of DNS (DNSSEC) and Resource Public Key Infrastructure (RPKI) safeguard the Internet's two critical aspects: naming through DNSSEC and routing through Border Gateway Protocol (BGP) using RPKI. Despite their pivotal importance, fully grasping the principles of RPKI and DNSSEC and managing them securely and effectively presents challenges, given their complexity and the diverse ways they are deployed and implemented across various entities. This project aims to improve the visibility, understanding, administration, and security of these essential components of Internet infrastructure.The project targets three main objectives. Firstly, it introduces a technique for evaluating DNS and RPKI clients at scale, leveraging residential virtual private network (VPN) proxies and perturbation techniques such as fuzzing and genetic algorithms to pinpoint and address security vulnerabilities. Secondly, it plans to analyze the causes of configuration errors from administrators' viewpoints, aiming to create machine learning-based tools for automatic correction of errors. Lastly, it plans to leverage RPKI and DNSSEC to improve the security of other network protocols, focusing on TLS revocation trust issues and the security assessment of critical infrastructure communication channels.By providing a clearer understanding and effective management tools for DNSSEC and RPKI, the project addresses fundamental challenges in ensuring the Internet remains a secure and trustworthy environment. This is important for maintaining the integrity and reliability of Internet naming and routing, which are foundational to the global digital ecosystem. The project's outcomes will be to help minimize mismanagement and vulnerabilities, towards enhancing the overall security and resilience of the Internet.The project's resources, including tools, datasets, and source code, will be made available at https://projects.netsecurelab.org, ensuring long-term access for researchers, practitioners, and policymakers interested in Internet security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网的命名依赖于域名系统（DNS）。DNS安全扩展（DNSSEC）和资源公钥基础设施（RPKI）保护互联网的两个关键方面：通过DNSSEC命名和使用RPKI通过边界网关协议（BGP）路由。尽管RPKI和DNSSEC至关重要，但鉴于其复杂性以及在不同实体中部署和实施的不同方式，完全掌握RPKI和DNSSEC的原则并安全有效地管理它们仍然存在挑战。该项目旨在提高互联网基础设施这些重要组成部分的可见性、理解、管理和安全性。首先，它介绍了一种大规模评估DNS和RPKI客户端的技术，利用住宅虚拟专用网（VPN）代理和干扰技术，如模糊和遗传算法来查明和解决安全漏洞。其次，它计划从管理员的角度分析配置错误的原因，旨在创建基于机器学习的工具来自动纠正错误。最后，该项目计划利用RPKI和DNSSEC来提高其他网络协议的安全性，重点关注TLS撤销信任问题和关键基础设施通信通道的安全评估，通过提供对DNSSEC和RPKI更清晰的理解和有效的管理工具，该项目解决了确保互联网保持安全和可信环境的根本挑战。这对于维护互联网命名和路由的完整性和可靠性至关重要，而这是全球数字生态系统的基础。该项目的成果将有助于最大限度地减少管理不善和脆弱性，以提高互联网的整体安全性和弹性。该项目的资源，包括工具，数据集和源代码，将在www.example.com上提供https://projects.netsecurelab.org，确保研究人员，从业人员，该奖项反映了NSF的法定使命，并通过评估被认为值得支持使用基金会的知识价值和更广泛的影响审查标准。