Funded by NSF grants CNS-1705024 / 2202288 and CNS-1703592, this project is a collaboration between Georgia Tech, University of Wisconsin Madison and CAIDA, UC San Diego. We seek to develop methodologies to highlight and quantify topological weaknesses of the Internet infrastructure which might become the target of cyberterrorist attacks or leveraged in cyber-conflicts between nation-states.
<aside> 👥 Members & Collaborators
</aside>
<aside> 📎 Publications & Outreach
</aside>
<aside> 📎 Workshops
</aside>
Visualization of a topology generated by our iGIS tool. The map features 3916 PoP locations from 42 real world networks from Internet Atlas. Paths between PoPs were generated by submarine cable connections from Telegeography.
Boxplot of distributions of our Country Transit Influence metrics (CTI) for the top-5 ASes in each country.
Our conceptual approach to Internet frontier mapping is to annotatePoPs within ASes with their geolocations, and then to identify all PoP pairs that cross a target country’s border from traceroute measurements to/from that country.
Footprint of state-owned Internet operators. In blue: The maximum between (i) the fraction of address space geolocated in the country that is originated through BGP by ASes owned by the same country and (ii) the fraction of eyeballs (according to APNIC Eyeballs dataset) from ASes owned by the same country. In green (lines): The same calculation but considering ASes owned by other countries.
To apply a military analogy to Internet research, the science of cybersecurity has focused heavily on weapons and tactics, but has largely neglected terrain. Strategic points in the macroscopic Internet topology constitute key terrain in the cyberspace battlefield. Adversaries/hackers, terrorists or nationstates - can disrupt, intercept or manipulate the Internet traffic of entire countries or regions by targeting structural weaknesses of the Internet topology. Despite much recent interest and a large body of research on cyber-attack vectors and mechanisms, we lack rigorous tools to reason about how the macroscopic Internet topology of a country or a region exposes its critical communication infrastructure to compromise through targeted attacks. Part of the problem is that collecting and interpreting data about the Internet connectivity, configurations and associated vulnerabilities is challenging. Due to the massive scale and broadly distributed nature of Internet infrastructure and the scarcity of publicly available data, we must resort to complex measurement and inference methodologies that require significant effort in design, implementation, and validation.
The first step of this project is to identify important components of the Internet topology of a country/region Autonomous Systems (ASes), Internet Exchange Points (IXPs), PoPs, colocation facilities, and physical cable systems which represent the "key terrain" in cyberspace. To achieve this goal we will undertake a novel multi-layer mapping effort to discover the key components, relationships between them, and their geographic properties, MapKIT (Mapping Key Internet Terrain). In the second phase, we will develop methods to identify components that represent potential topological weaknesses, i.e., compromising a few such components would allow an attacker to disrupt, intercept or manipulate Internet traffic of that country. Our multi-layer view of the system will enable an assessment of weaknesses, holistically as well as at specific layers, under various assumptions about the capabilities and knowledge of attackers. Geographic annotations will enable us to consider risks related to the geographic distribution of critical components of the communication infrastructure.
Understanding topological weaknesses for countries or regions is of significant interest to not just the research and operational communities, but also national security agencies, policy bodies, and in daily life. The project also promises significant advances in elucidating relationships between logical topologies at the AS-level and the physical topology of cables and Internet exchanges. We will make tools and data sets developed over the course of the project openly available to the community.
PIs: Alberto Dainotti (Georgia Tech, formerly CAIDA, UC San Diego), Paul Barford (University of Wisconsin Madison), Amogh Dhamdhere (former PI when at CAIDA, UC San Diego)
Funding sources:Â NSF CNS-1705024Â / 2202288 and CNS-1703592 Period of performance: August 1, 2017 - July 31, 2022.
For information email dainotti AT gatech DOT edu or pb AT cs DOT wisc DOT edu
Tip: cmd/ctrl + shift + l to switch to Dark Mode
[Website template inspired by a template from Sam Dickie]
MapKIT::Publications & Outreach