MapKIT: Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation

In collaboration with Paul Barford (University of Wisconsin-Madison), we seek to develop methodologies to highlight and quantify macroscopic vulnerabilities of the Internet infrastructure, especially from the perspective of cyberterrorist attacks and cyber-conflicts between nation-states.

As of August 2021, the MapKIT project has moved to Georgia Tech with PI Alberto Dainotti.

Sponsored by:
National Science Foundation (NSF)

Principal Investigators: Alberto Dainotti Amogh Dhamdhere Alberto Dainotti

Funding source:  CNS-1705024 Period of performance: August 1, 2017 - December 31, 2021. (Funding actually ended as of July 2021)


Project Summary

To apply a military analogy to Internet research, the science of cybersecurity has focused heavily on weapons and tactics, but has largely neglected terrain. Strategic points in the macroscopic Internet topology constitute key terrain in the cyberspace battlefield. Adversaries/hackers, terrorists or nationstates - can disrupt, intercept or manipulate the Internet traffic of entire countries or regions by targeting structural weaknesses of the Internet topology. Despite much recent interest and a large body of research on cyber-attack vectors and mechanisms, we lack rigorous tools to reason about how the macroscopic Internet topology of a country or a region exposes its critical communication infrastructure to compromise through targeted attacks. Part of the problem is that collecting and interpreting data about the Internet connectivity, configurations and associated vulnerabilities is challenging. Due to the massive scale and broadly distributed nature of Internet infrastructure and the scarcity of publicly available data, we must resort to complex measurement and inference methodologies that require significant effort in design, implementation, and validation.

The first step of this project is to identify important components of the Internet topology of a country/region -- Autonomous Systems (ASes), Internet Exchange Points (IXPs), PoPs, colocation facilities, and physical cable systems which represent the "key terrain" in cyberspace. To achieve this goal we will undertake a novel multi-layer mapping effort to discover the key components, relationships between them, and their geographic properties, MapKIT (Mapping Key Internet Terrain). In the second phase, we will develop methods to identify components that represent potential topological weaknesses, i.e., compromising a few such components would allow an attacker to disrupt, intercept or manipulate Internet traffic of that country. Our multi-layer view of the system will enable an assessment of weaknesses, holistically as well as at specific layers, under various assumptions about the capabilities and knowledge of attackers. Geographic annotations will enable us to consider risks related to the geographic distribution of critical components of the communication infrastructure.

Understanding topological weaknesses for countries or regions is of significant interest to not just the research and operational communities, but also national security agencies, policy bodies, and in daily life. The project also promises significant advances in elucidating relationships between logical topologies at the AS-level and the physical topology of cables and Internet exchanges. We will make tools and data sets developed over the course of the project openly available to the community.

Proposed Timeline of Tasks

The schedule of work below shows how we plan to accomplish the proposed tasks in three years of the project.

Subtask Description Year 1 Year 2 Year 3 Status
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
Task 1: Constructing a multi-layer topology map at the country/region level
1.1 Identify ASes active in a country Q1 done
1.2 Infer logical connectivity between ASes active in a country Q2 Q3 done
1.3 Develop techniques to map logical connectivity to the router, exchange and facility level Q3 Q4 Q1 Q2
1.4 Identify and map Internet physical infrastructure Q3 Q4 Q1 Q2 Q3 Q4 in progress
1.5 Expand the perspective of connectivity within a country Q1 Q2 Q3 Q4 in progress
Task 2: Identifying and quantifying susceptibility to attacks
2.1 Create graph representations for the multi-layer map Q1 Q2
2.2 Compute the strategic value of topological components Q3 Q4 Q1 in progress
2.3 Identify topological components with high strategic value and quantify risk Q3 Q4 Q1 Q2 Q3 Q4 in progress
2.4 Study the evolution of the topology and topological weaknesses of countries/regions over time Q1 Q2 Q3 Q4

We will organize a project Workshop in Year 2.


Additional Content

Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation - Proposal

An abbreviated version of the funded proposal

Published
Last Modified