ASPIRE - Augment Spoofer Project to Improve Remediation Efforts

This is a collaborative project co-led by Matthew Luckie of the University of Waikato's Computing & Mathematical Sciences Department. The overarching objective of our project is to promote using Source Address Validation Best Current Practices (SAV BCP) by networks around the world.

Sponsored by:
Department of Homeland Security (DHS)

Principal Investigator: kc claffy

Funding source:  140D7018C0010 Period of performance: September 20, 2018 - October 31, 2020.


Statement of Work

With previous DHS funding, we have re-designed, re-implemented, deployed, and operated a secure measurement infrastructure Spoofer that supports large-scale studies of anti-spoofing measures deployed (or not) in the global Internet. Yet, we have realized that there is a gap between generating security hygiene data and achieving remediation at scale. Thus, the tasks for the current project are focused on remediation efforts.

  •  Year 1 : Spoofer System Development and Improvement
  •  Year 2 : Analysis of the Extent and Impact of Wide Spoofer Deployment

Year 1 - Spoofer System Development and Improvement

Task 1: Continue Spoofer operations and improve the project reporting web site.
1.1 Operate Spoofer platform
1.2 Support Spoofer users, process their feedback, and improve their experience
1.3 Upgrade the operating system on the spoofer servers to a supported version of FreeBSD
1.4 Upgrade the community software used in the project:

(a) Apache webserver
(b) MySQL database
(c) PHP web scripting language
1.5 Improve the reporting web site:

(a) parameterize the storage of traces in the database
(b) implement timestamp validation in the reporting software module
(c) produce quarterly reports on the project web site
1.6 Update the server software to respond to clients behind NATs
1.7 Update the Spoofer client-server software as needed to keep up with updates in popular OSes
Task 2: Explore methods to stimulate remediation activities
2.1 Improve the content and targeting of automated email notifications sent to network operator groups (NOGs)
2.2 Participate in forums and meetings of region-specific NOGs
2.3 Create region-level automated reporting of networks repeatedly ignoring our notifications and failing to deploy anti-spoofing measures
2.4 Develop a system for ASes to register for ongoing notifications about their SAV status

Milestones and Deliverables Year 1

# Milestone Deliverable Date Status 1 Status report on deployment of anti-spoofing best practices Report Quarterly done 2 Expand our contacts with regional NOGs Jan 20, 2019 done 3 Deploy updated reporting web site Software Mar 20, 2019 done 4 Open up registration for automated AS-specific reporting Mar 20, 2019 done 5 Release client-server testing software Software Jun 20, 2019 done 6 Start sending notifications to registered ASes Jul 20, 2019 done 7 Update approach to measuring deployment of SAV BCP Report Sep 20, 2019 done 8 Update client/server software for compatibility with newer OSes Software Jul 03, 2019 done

Year 2 - Analysis of the Extent and Impact of Wide Spoofer Deployment

Task 1: Continue Spoofer operations and improve the project reporting web site.
1.1 Operate Spoofer platform
1.2 Support Spoofer users, process their feedback, and improve their experience
1.3 Improve the reporting web site:

(a) implement traceroute parsing to look up and store ASN of traceroute hops
(b) incorporate router addresses into the public AS-level graph
(c) add AS names to the public AS-level graph
(d) produce quarterly reports on the project web site
(e) produce non-anonymized reports for authorized users
1.4 Promote and maintain the OpenWrt version of Spoofer client
1.5 Explore Spoofer implementations for other open source home router platforms
1.6 Update the Spoofer client-server software as needed to keep up with updates in popular OSes
Task 2: Explore economic and regulatory levers for SAV deployment.
2.1 Analyze data on remediation efforts from networks in different countries
2.2 Expand notifications to include more countries
2.3 Analyze the advantages of using the registration system vs. unverified contacts

• compare the incidents of remediation between registered and non-registered ASes
2.4 Report on investigation, analysis, and execution of incentive-creation scenarios for SAV deployment

(a) include feedback from public/private sector stakeholders
(b) present the results to operational community (NANOGs, RIPE)
(c) present the results to academic researchers (TPRC)
(d) market use of Spoofer data for security risk analysis and risk management (insurance)

Milestones and Deliverables Year 2

# Milestone Deliverable Date Status
1 Status report on deployment of anti-spoofing best practices Report Quarterly done
2 Release client-server testing software Software Dec 20, 2019 done
3 AS-level registration system Software May 20, 2020 done
4 Final release of Spoofer client-server Software Jun 20, 2020 done
5 Improved AS-level graph visualization Software Software Jul 20, 2020 done
6 Finish analysis of marketing/technology transition efforts Paper Sep 20, 2020 done
7 Update approach to measuring deployment of SAV BCP Report Sep 20, 2020 done, done, and done
8 Update client/server software for compatibility with newer OSes Software Jul 03, 2019 done

Acknowledgment of awarding agency's support

Department of Homeland Security (DHS)

This project is the result of funding provided by the Science and Technology Directorate of the United States Department of Homeland Security under contract number 140D7018C0010. The published material represents the position of the author(s) and not necessarily that of DHS.


Additional Content

ASPIRE - Augment Spoofer Project to Improve Remediation Efforts

This is a collaborative project co-led by Professor Matthew Luckie of the University of Waikato’s Computing & Mathematical Sciences Department.

Published
Last Modified