Measuring the Security of Internet Infrastructure

衡量互联网基础设施的安全性

• 批准号: EP/H018298/1
• 负责人: Ross Anderson
• 金额: $ 37.18万
• 依托单位: University of Cambridge
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2010
• 资助国家: 英国
• 起止时间: 2010 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FH018298%2F1
• 关键词: Measuring; Security; Internet; Infrastructure

The rising tide of spam, phishing and other online crime has shown that it's not enough to leave it to website owners to encrypt traffic. You may be misled or defrauded if you visit the wrong website; or if you visit a website with the right name but at the wrong IP address; or if you visit a site at the right IP address, but hosted in another part of the world. It has thus become clear that we have to protect the Internet at the infrastructure level, which means protecting the naming (DNS) and routing (BGP) mechanisms. The industry is about to deploy DNSSEC, and various ad-hoc mechanisms are being used to protect BGP.However these deployments will take years, and many firms will initially get it wrong. There is a clear case for NPL to monitor the process in order to measure what's working and what isn't; to create pressure on sectors of the economy that lag behind; to help improve both authentication and monitoring tools; and to provide an authoritative voice on the move to a more secure infrastructure. Our research programme will help create this capability at NPL by establishing the monitoring framework. We also plan to develop a BGP reflector system to deal with global routing table growth out of band , along with an authentication and validation system for the route servers used by internet exchanges such as LINX and AMSIX to improve peering point resilience and to prevent a number of possible types of attack.We believe that this is of global importance, and that as players such as the US Department of Commerce and the IETF have got bogged down in political wrangling, a UK / European standards lead has a good chance of developing into global leadership.

垃圾邮件、网络钓鱼和其他在线犯罪的上升趋势表明，仅仅让网站所有者加密流量是不够的。如果您访问错误的网站;或者如果您访问一个名称正确但IP地址错误的网站;或者如果您访问一个IP地址正确但托管在世界其他地方的网站，您可能会被误导或欺诈。因此，很明显，我们必须在基础设施级别保护互联网，这意味着保护命名（DNS）和路由（BGP）机制。业界即将部署DNSSEC，并使用各种特设机制来保护BGP。然而，这些部署将需要数年时间，许多公司最初会弄错。NPL有一个明确的理由来监控这一过程，以衡量什么是有效的，什么是无效的;对落后的经济部门施加压力;帮助改进身份验证和监控工具;并在向更安全的基础设施迈进时提供权威的声音。我们的研究计划将通过建立监测框架，帮助NPL建立这种能力。我们还计划开发一个BGP反射器系统，以处理全球路由表带外增长，沿着用于互联网交换机（如LINX和AMSIX）使用的路由服务器的身份验证和验证系统，以提高对等点弹性并防止许多可能的攻击类型。我们认为这具有全球重要性，随着美国商务部和IETF等参与者陷入政治争论，英国/欧洲标准领导者很有可能发展成为全球领导者。

项目成果

A Study on WHOIS Proxy/Privacy Abuse

WHOIS 代理/隐私滥用研究

• 作者: Richard Clayton (Author)

A Study of Whois Privacy and Proxy Service Abuse

Whois 隐私和代理服务滥用研究

• 发表时间: 2014
• 作者: Clayton R.

Resilience of the Internet Interconnection Ecosystem

互联网互联生态系统的弹性

• 作者: Ross Anderson (Author)

Ethical Dilemmas in Takedown Research

拆除研究中的道德困境

• 作者: Richard Clayton (Author)

Perception Versus Punishment in Cybercrime

网络犯罪中的认知与惩罚

• 发表时间: 2018
• 期刊: Journal of Criminal Law and Criminology
• 影响因子: 1.8
• 作者: Graves J.