| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 22, 2014 |
| Latest Amendment Date: | July 22, 2014 |
| Award Number: | 1422566 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Kevin Thompson
kthompso@nsf.gov (703)292-4220 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | August 1, 2014 |
| End Date: | July 31, 2017 (Estimated) |
| Total Intended Award Amount: | $172,944.00 |
| Total Awarded Amount to Date: | $172,944.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
W5510 FRANKS MELVILLE MEMORIAL LIBRARY STONY BROOK NY US 11794 (631)632-9949 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
WEST 5510 FRK MEL LIB Stony Brook NY US 11794-3362 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Recent reports have highlighted incidents of massive Internet traffic interception executed by re-routing Border Gateway Protocol (BGP) paths across the globe (affecting banks, governments, entire network service providers, etc.). The potential impact of these attacks can range from massive eavesdropping to identity-spoofing or selective content modification. In addition, executing such attacks does not require access or proximity to the affected links and networks, posing increasing risks to national security. Worse yet, the impact of traffic interception on the Internet is practically unknown, with even large-scale and long-lasting events apparently going unnoticed by the victims.
Because of the complex dynamics and number of different actors involved on a global scale, devising effective methodologies for the detection and characterization of traffic interception events requires empirical and timely data (e.g., acquired while the event is still ongoing). Such data must be a combination of passive BGP measurements and active measurements (such as Traceroute), since the mechanism triggering the attack operates on the inter-domain routing control plane, but the actual impact is only verifiable in the data plane.
By leveraging our measurement and data processing infrastructure, this project aims to: (i) investigate, develop, and experimentally evaluate novel methodologies to automatically detect traffic interception events and to characterize their extent, frequency, and impact; (ii) extend the research team's measurement infrastructure to detect in near-real-time and report episodes of traffic interception based on BGP hijacking; and (iii) document such events, providing datasets to researchers and summary statistics and reports to operators, emergency response teams, law enforcement agencies, and policy makers.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
This award funded investigation of routing security on the Internet at Stony Brook University, in collaboration with researchers at the Center for Applied Internet Data Analysis (CAIDA) at the University of California -- San Diego. The goal of this proposal was to develop a real time system to detect hijacking and interception of Internet traffic. Hijacks and interceptions of Internet traffic are surprisingly easy to execute, owing to vulnerabilities in the Internet’s de facto routing protocol, the Border Gateway Protocol (BGP). The approach of this proposal was novel in that it combined real-time analysis of routing data to identify anomalies in BGP messages with on-demand measurements of the paths taken by traffic in the network. This allowed the research to detect and verify that anomalous BGP announcements were indeed indicative of routing hijacks or interceptions.
This proposal funded two PhD students at Stony Brook University (SUNY) as well as the PI to advise and mentor these students on their work. These two students prepared and defended Master’s level theses on the subject of this grant. They also produced a paper published in the Internet Measurement Conference 2015, and a presentation at the Applied Networking Research Workshop, also in 2015. Since completing their theses these students have moved on to successful careers in industry with positions at Cisco and Microsoft, respectively. The grant funded one of these students to visit the collaborating institution CAIDA to incorporate code into the real-time data analysis pipeline located at CAIDA.
The PI is continuing work on this project with a female PhD student who will visit CAIDA to perform evaluations of the tools and techniques developed as part of this work.
Last Modified: 02/19/2018
Modified by: Phillipa Gill
Please report errors in award information by writing to: awardsearch@nsf.gov.
