Researching Internet Routing Security in the Wild
Protocolo do SIGProj: 278881.1429.12378.28072017
De:01/09/2017 à 31/08/2019
UFMS - Universidade Federal de Mato Grosso do Sul
FACOM - Faculdade de Computaçăo
Unidade de Origem
GAB/FACOM - Gabinete do Diretor
Resumo da Ação de Extensão
The Internet provides a control plane to establish routes to destinations and a data plane to send traffic. Unfortunately, both planes lack authentication. The lack of authentication allows networks to claim ownership of routes to other networks’ addresses in order to siphon traffic (BGP prefix hijacking), and allows hosts to spoof their source addresses. These vulnerabilities form the basis for denial-of-service attacks, traffic interception and snooping, and Bitcoin theft.
Because of these vulnerabilities and the centrality of the Internet in today’s world, routing research is a critical aspect of cybersecurity research. However, researchers cannot perform Internet routing experiments that are both controlled and realistic: existing measurement techniques measure routes as-is, and limitations in our ability to measure the Internet mean that simulations lack realism. Uncontrolled measurements of the Internet as-is cannot differentiate between competing explanations for observed routes, and so current techniques cannot achieve accuracy, precision, and coverage in measuring which networks allow spoofed traffic or hijacked routes. A researcher could achieve realism and control if a network operator ceded control of the network’s routing and traffic. We are left with a Catch-22: without real-world evaluation, networks are unlikely to deploy new approaches; without deployment, researchers cannot conduct real-world evaluation.
This project aims to (1) enable classes of security-focused routing research that are beyond the reach of academic researchers today, via extending the PEERING testbed, and to subsequently (2) develop techniques that use the testbed to identify which networks allow data and control traffic that uses unauthorized IP addresses.
Internet, routing, security, prefix hijacks, community testbed.
Atividade EM ANDAMENTO