CICI: SSC: Robust and Secure Internet Infrastructure for Scientific Collaboration
University Of Connecticut, Storrs CT
Investigators
Abstract
Scientific collaboration increasingly relies on the Internet as a critical communication infrastructure. However, the Internet is vulnerable to congestion and Denial-of-Service (DoS) attacks, which can cause devastating losses of research resources and results, disrupting scientific collaboration, as well as to other services. The goal of this project is to develop and deploy defenses to facilitate robust and secure Internet communication for scientific collaboration. The developed defenses will address two major connectivity concerns: minimizing congestion by mitigating amplification DoS attacks, and preventing route hijacking, that is, circumventing devastating attacks on inter-domain routing that can prevent communication between remote sites. Throughout this research, the PIs work closely with the network operators of the University of Connecticut, the Connecticut Educational Network, and other Research and Education networks. The project generates tested tools, protocols and free open- source software, which can be directly integrated into operational networks. The protection mechanisms developed in this project significantly benefits the scientific community and the society in general. This project addresses two of the biggest, long-standing challenges to Internet Infrastructure robustness and security. Firstly, the project develops new defenses against amplification bandwidth-DoS attacks; these attacks and subsequent tools are particularly relevant to university networks. These defenses combine the emerging Resource Public Key Infrastructure (RPKI) standard, with an improved Reverse Path Forwarding (RPF) technique, to effectively filter spoofed packets received from peers. Secondly, the project develops, implements and deploys an improved RPKI validator for secure inter-domain routing. This validator addresses deployment concerns and challenges, in particular concerns about false positives, and provides additional security and functionality improvements to facilitate wide deployment. Amongst RPKI's benefits, correct deployment of RPKI prevents route hijacking, which is the most common type of attacks on Internet inter-domain routing. Route hijacking may be abused in many ways, including eavesdropping, spoofing and preventing communication between remote sites. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →