IMR: MT: Tools for Measuring Route Origin Validation in Resource Public Key Infrastructure (RPKI) at Scale

IMR：MT：用于大规模测量资源公钥基础设施 (RPKI) 中的路由源验证的工具

• 批准号: 2323137
• 负责人: Taejoong Chung
• 金额: $ 60万
• 依托单位: Virginia Polytechnic Institute and State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-12-15 至 2025-11-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2323137&HistoricalAwards=false
• 关键词: IMR; MT; Tools; Measuring; Route

The initial design of the Internet's global routing lacked security mechanisms, leaving it vulnerable to various attacks, including BGP (Border Gateway Protocol) hijacking. To address this issue, a security protocol called RPKI (Resource Public Key Infrastructure) was introduced. At its core, RPKI aims to enhance security by enabling routers to verify the legitimacy of the route and its authorized owner through a process known as Route Origin Validation (ROV). By implementing ROV, routers can ensure that the routes they receive originate from legitimate sources, thereby mitigating the risks associated with unauthorized route hijacking.This proposal aims to develop and enhance a dedicated tool, designed to measure and evaluate the Route Origin Validation (ROV) status of network operators. The project will involve implementing automated processes to collect measurable hosts within Autonomous Systems (ASes) and assess the ROV status of ASes on a large scale by leveraging the in-the-wild RPKI-invalid prefixes and applying IP-ID side-channel technique. A significant challenge lies in obtaining accurate ground truth datasets from network operators. To overcome this challenge, we will utilize periodic surveys and manual efforts to gather ground truth information from network operators, ensuring reliable and comprehensive data for analysis.This project's significance lies in its ability to facilitate valuable research. By providing reliable sources of information regarding network operators, it will enable a deeper understanding of the overall security level of Internet routing. Additionally, the project's findings can be utilized to estimate the adoption and deployment of potential new standards like ASPA (Autonomous System Provider Authorization). Through these insights, the project will contribute to advancing the understanding and development of secure Internet routing practices.The tools, datasets, and source codes will be thoroughly documented and accessible for download as well. Furthermore, there are plans to maintain the tools for the foreseeable future, ensuring continued availability and support for users interested in leveraging its capabilities.This award is jointly supported by the Networking Technology and Systems (NeTS) Program and the Secure and Trustworthy Cyberspace (SaTC) Program in the Computer and Network Systems Division, and by the Office of Advanced Cyberinfrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网全球路由的最初设计缺乏安全机制，容易受到各种攻击，包括BGP（边界网关协议）劫持。为了解决这个问题，引入了称为 RPKI（资源公钥基础设施）的安全协议。 RPKI 的核心目标是让路由器能够通过称为路由源验证 (ROV) 的过程来验证路由及其授权所有者的合法性，从而增强安全性。通过实施ROV，路由器可以确保它们接收的路由来自合法来源，从而减轻与未经授权的路由劫持相关的风险。该提案旨在开发和增强专用工具，旨在测量和评估路由来源验证（ROV）网络运营商的状况。该项目将涉及实施自动化流程来收集自治系统（ASes）内的可测量主机，并通过利用野外 RPKI 无效前缀和应用 IP-ID 侧信道技术大规模评估 ASes 的 ROV 状态。一个重大挑战在于从网络运营商那里获取准确的地面实况数据集。为了克服这一挑战，我们将利用定期调查和人工从网络运营商收集地面真实信息，确保可靠和全面的数据进行分析。该项目的意义在于它能够促进有价值的研究。通过提供有关网络运营商的可靠信息来源，它将能够更深入地了解互联网路由的整体安全级别。此外，该项目的研究结果还可用于估计 ASPA（自治系统提供商授权）等潜在新标准的采用和部署。通过这些见解，该项目将有助于促进对安全互联网路由实践的理解和开发。工具、数据集和源代码将被完整记录并可供下载。此外，计划在可预见的未来维护这些工具，确保对有兴趣利用其功能的用户持续可用和支持。该奖项由网络技术和系统 (NeTS) 计划和安全可信网络空间 (SaTC) 联合支持）计算机和网络系统部门的计划，并由高级网络基础设施办公室颁发。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。