NSF Award
2323137
The initial design of the Internet's global routing lacked security mechanisms, leaving it vulnerable to various attacks, including BGP (Border Gateway Protocol) hijacking. To address this issue, a security protocol called RPKI (Resource Public Key Infrastructure) was introduced. At its core, RPKI aims to enhance security by enabling routers to verify the legitimacy of the route and its authorized owner through a process known as Route Origin Validation (ROV). By implementing ROV, routers can ensure that the routes they receive originate from legitimate sources, thereby mitigating the risks associated with unauthorized route hijacking.<br/><br/>This proposal aims to develop and enhance a dedicated tool, designed to measure and evaluate the Route Origin Validation (ROV) status of network operators. The project will involve implementing automated processes to collect measurable hosts within Autonomous Systems (ASes) and assess the ROV status of ASes on a large scale by leveraging the in-the-wild RPKI-invalid prefixes and applying IP-ID side-channel technique. A significant challenge lies in obtaining accurate ground truth datasets from network operators. To overcome this challenge, we will utilize periodic surveys and manual efforts to gather ground truth information from network operators, ensuring reliable and comprehensive data for analysis.<br/><br/>This project's significance lies in its ability to facilitate valuable research. By providing reliable sources of information regarding network operators, it will enable a deeper understanding of the overall security level of Internet routing. Additionally, the project's findings can be utilized to estimate the adoption and deployment of potential new standards like ASPA (Autonomous System Provider Authorization). Through these insights, the project will contribute to advancing the understanding and development of secure Internet routing practices.<br/><br/>The tools, datasets, and source codes will be thoroughly documented and accessible for download as well. Furthermore, there are plans to maintain the tools for the foreseeable future, ensuring continued availability and support for users interested in leveraging its capabilities.<br/><br/>This award is jointly supported by the Networking Technology and Systems (NeTS) Program and the Secure and Trustworthy Cyberspace (SaTC) Program in the Computer and Network Systems Division, and by the Office of Advanced Cyberinfrastructure.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
