MapKIT: Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation
In collaboration with Paul Barford (University of Wisconsin-Madison), we seek to develop methodologies to highlight and quantify macroscopic vulnerabilities of the Internet infrastructure, especially from the perspective of cyberterrorist attacks and cyber-conflicts between nation-states.
As of August 2021, the MapKIT project has moved to Georgia Tech with PI Alberto Dainotti.
Principal Investigators: Alberto Dainotti Amogh Dhamdhere Alberto Dainotti
Funding source: CNS-1705024 Period of performance: August 1, 2017 - December 31, 2021. (Funding actually ended as of July 2021)
Project Summary
To apply a military analogy to Internet research, the science of cybersecurity has focused heavily on weapons and tactics, but has largely neglected terrain. Strategic points in the macroscopic Internet topology constitute key terrain in the cyberspace battlefield. Adversaries/hackers, terrorists or nationstates - can disrupt, intercept or manipulate the Internet traffic of entire countries or regions by targeting structural weaknesses of the Internet topology. Despite much recent interest and a large body of research on cyber-attack vectors and mechanisms, we lack rigorous tools to reason about how the macroscopic Internet topology of a country or a region exposes its critical communication infrastructure to compromise through targeted attacks. Part of the problem is that collecting and interpreting data about the Internet connectivity, configurations and associated vulnerabilities is challenging. Due to the massive scale and broadly distributed nature of Internet infrastructure and the scarcity of publicly available data, we must resort to complex measurement and inference methodologies that require significant effort in design, implementation, and validation.
The first step of this project is to identify important components of the Internet topology of a country/region -- Autonomous Systems (ASes), Internet Exchange Points (IXPs), PoPs, colocation facilities, and physical cable systems which represent the "key terrain" in cyberspace. To achieve this goal we will undertake a novel multi-layer mapping effort to discover the key components, relationships between them, and their geographic properties, MapKIT (Mapping Key Internet Terrain). In the second phase, we will develop methods to identify components that represent potential topological weaknesses, i.e., compromising a few such components would allow an attacker to disrupt, intercept or manipulate Internet traffic of that country. Our multi-layer view of the system will enable an assessment of weaknesses, holistically as well as at specific layers, under various assumptions about the capabilities and knowledge of attackers. Geographic annotations will enable us to consider risks related to the geographic distribution of critical components of the communication infrastructure.
Understanding topological weaknesses for countries or regions is of significant interest to not just the research and operational communities, but also national security agencies, policy bodies, and in daily life. The project also promises significant advances in elucidating relationships between logical topologies at the AS-level and the physical topology of cables and Internet exchanges. We will make tools and data sets developed over the course of the project openly available to the community.
Proposed Timeline of Tasks
The schedule of work below shows how we plan to accomplish the proposed tasks in three years of the project.
| Subtask | Description | Year 1 | Year 2 | Year 3 | Status | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | |||
| Task 1: Constructing a multi-layer topology map at the country/region level | ||||||||||||||
| 1.1 | Identify ASes active in a country | Q1 | done | |||||||||||
| 1.2 | Infer logical connectivity between ASes active in a country | Q2 | Q3 | done | ||||||||||
| 1.3 | Develop techniques to map logical connectivity to the router, exchange and facility level | Q3 | Q4 | Q1 | Q2 | |||||||||
| 1.4 | Identify and map Internet physical infrastructure | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | in progress | ||||||
| 1.5 | Expand the perspective of connectivity within a country | Q1 | Q2 | Q3 | Q4 | in progress | ||||||||
| Task 2: Identifying and quantifying susceptibility to attacks | ||||||||||||||
| 2.1 | Create graph representations for the multi-layer map | Q1 | Q2 | |||||||||||
| 2.2 | Compute the strategic value of topological components | Q3 | Q4 | Q1 | in progress | |||||||||
| 2.3 | Identify topological components with high strategic value and quantify risk | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | in progress | ||||||
| 2.4 | Study the evolution of the topology and topological weaknesses of countries/regions over time | Q1 | Q2 | Q3 | Q4 | |||||||||
We will organize a project Workshop in Year 2.
Additional Content
Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation - Proposal
An abbreviated version of the funded proposal