Date: June 24 (Monday) - 28 (Friday) 2024, 9:00am - 5:00pm PDT
Place: Conference Room 408, San Diego Supercomputer Center, UCSD Campus, La Jolla, CA

Workshop Overview

The purpose of this third workshop is to review Year 3 GMI3S progress and discuss the different measurement infrastructures in place moving onto the Implementation phase of the project next year.

This workshop will discuss the ways to improve internet security, specifically through measurement.

Participation in this GMI-AIMS workshop is by invitation only.

Agenda

The workshop will begin at 9:00am PDT every day unless noted otherwise.

June 24 (Monday)

• 9AM Morning Start
  • 9:30-11 Overview of plan for week (KC)
    • CAIDA’s GMI3S
    • Review Year 2.5 Annual Report
    • Review Project Execution Plan for Year 3-4
    • Executing active measurements
• Active Measurement
  • Active Measurement: DSL (Matthew Luckie)
    • Python module design and implementation discussion, best practices, and feedback
      • Slides: Towards a Domain Specific Language for Active Measurements, Matthew Luckie et al.
    • Slides: Measurement Studies with Ark and Scamper DSL (Shivani Hariprasad)
• 12PM Lunch
  • Active measurement of Intercontinental Long-Haul Links (Esteban Carisimo)
    • Paper: A hop away from everywhere: A view of the intercontinental long-haul infrastructure
• Active measurement infrastructure research
  • Automated provisioning of new Ark nodes
    • (Debian) Software packaging design/considerations
    • Docker/Podman containers
    • Hosting Site Permissioning Policy
    • Hardware evaluation
  • Active Measurement at IXPs (Bill Herrin)
    • CAIDA Ark IXP Active Measurement at an Internet Exchange Point Slides
  • DREN: capabilities (Phil Dykstra)
    • Slides: Measurement Infrastructure on the Defense Research and Engineering Network (DREN) Slides
• 6PM Dinner

June 25 (Tuesday)

• BGP
  • Existing BGP data platforms (Hans Kuhn, Ties DeKock, Emile Aben)
    • RouteViews Update (Hans Kuhn)
    • RIPE RIS Update (and RPKI flutter) (Ties DeKock, Emile Aben)
  • BGP Convergence Time Measurement (Bernhard Degen)
    • Slides: An Empirical Characterization of Anycast Convergence Time
• Scaling BGP data collection an order of magnitude
  • MVP and GillNet (Thomas Alfroy)
    • MVP (Most Valuable Peer): Measuring Internet Routing from the Most Valuable Points
    • GILL (GillNet) is a new BGP routes collection platform that can collect routes from at least an order of magnitude more routers compared to existing platforms while limiting the increase in human effort and data volume.
      1. Hotnets Internet Science Moonshot: Expanding BGP Data Horizons
      2. SIGCOMM The Next Generation of BGP Data Collection Platforms
• 12PM Lunch
• 1PM Internet2 Policy Group
  • Rotonda, BGP compression (Jasper den Hertog, Luuk Hendriks, NLnet Labs)
    • Docs: Latest Documentation on Rotonda
  • Mitigating Collateral Damage of Route Origin Validation in RPKI (Tijay Chung)
    • Tijay’s CCS paper (risk of de-anonymization)
  • ARK IXP (Bill Herrin)
    • Placing Ark probes at Internet Exchange Points
  • MRT dissection (Bill Herrin)
    • bgp-explain read and explains the contents of a BGP MRT file received from stdin https://gitlab.caida.org/herrin/mrt-tools/-/blob/main/README.md
  • Challenges in parsing BGP data (Johann Schlamp)
    • Insights from developing our own BGP parser, comparison with existing parsers
      • Slides: Challenges in parsing BGP data Slides
  • BGP communities semantics inference (Thomas Krenc)
    • “Inferring City Names From BGP Location Communities”
    • Inferring anycast instance location from geolocation communities, Ideas for future
• 6PM Dinner & BGP Continued
  • Internet Health Report (Romain Fontugne)
    • Slides: Internet Health Report
    • IHR GitHub Repo
    • https://ihr.iijlab.net

June 26 (Wednesday)

• 9AM DNS Measurement Infrastructure
  • Anycast Census Measurement (Raffaele Sommese, Remi Hendriks)
  • An Index Towards Unifying and Streaming DNS Data (Alfred Arouna, Mattijs Jonker, Ioana Livadariu)
    • Exposing DZDB data via S3
  • Evaluation/Comparison of Reputation Black Lists (RBLs) (Sion Lloyd)
    • Homepage
    • Domain Abuse Activity Reporting
    • Slides: Impact parking/dormant domain on RBLs
    • Slides: A Metric-based Evaluation of Reputation Block Lists
    • Slides: Phish and Chips: Language-agnostic classification of unsolicited emails
  • WHOIS Right? An Analysis of WHOIS and RDAP Consistency (Simon Fernandez, U. Grenoble)
  • Phishing characteristics (Kyungchan Lim, UT Knoxville)
• 12PM Lunch
  • Internet Yellow Pages (Malte Tashiro, Romain Fontugne, Raffaele Sommese)
    • Paper: The Wisdom of the Measurement Crowd: Building a Knowledge Graph for the Internet
    • Slides: Internet Yellow Pages
• DNS Continued
  • Phishing Landscape in 2024 (Greg Aaron)
    • Slides: Phishing Landscape 2023: A Study of the Scope and Distribution of Phishing
    • https://dzdb.caida.org/
    • https://openintel.nl/
  • Certificate Transparency and Derivatives (Mattijs)
    • This Is a Local Domain: On Amassing Country-Code Top-Level Domains from Public Data
  • DarkDNS (Raffaele Sommese)
    • DarkDNS: Revisiting the Value of Rapid Zone Update
    • RFPs
    • The Verisign Shared Registration System: A 25-Year Retrospective
  • DNS-over-TLS and Root-Server Statistics (John Heidemann and Wes Hardaker)
    • DNS-over-TLS was originally proposed to protect the privacy of queries from a DNS stub resolver to the recursive resolver. Recent experimental work has extended it to apply from the recursive resolver to authoritative servers. This talk will examine how this protocol interacts with privacy and with RSSAC-002 statistics expected of root servers. We will examine how b.root-servers.net provides RSSAC-002 statistics that include the DNS-over-TLS queries it receives, and explore where DNS-over-TLS from recursive to authoritative improves privacy and threats that it does not address.
• 6PM Dinner

June 27 (Thursday)

• 9AM Review Takeaways from June 26
• Network Telescope Infrastructure
  • Scanner characterization (Bernhard Degen)
  • Telescope infrastructure update (Ricky Mok)
    • Scalable Technology to Accelerate Research Network Operations Vulnerability Alerts
    • Slides: Analyzing Internet Background Radiation with Practical Telescope Deployments
• 12PM Lunch
  • Operating a NT telescope is hard (Alexander Männel)
    • Slides: Operating a NT Telescope is Hard Slides
    • Observations on telescope address availability
    • Examples of outages and their detection
  • Telescope Event Detection (Max Gao)
    • Paper: DarkSim: A similarity-based time-series analytic framework for darknet traffic
    • Paper: A Scalable Network Event Detection Framework for Darknet Traffic
    • Slides: DarkSim: Slides
  • IPv6 telescope (Hammas Tanveer)
    • Slides: Decoding IPv6 Scan Traffic: Attraction, Analysis, Protection
• BGP, DNS, Traceroute talks
  • Single-homed ISPs (Malte Tashiro)
    • Slides: No Easy Way Out - A Study of Single-homed ISPs
  • DNS Privacy Measurements (Casey Deccio)
  • Pcap parser (Wes Hardaker ISI)
    • Newly created anomaly analysis tool: https://traffic-taffy.readthedocs.io/en/latest/
  • FANTAIL (Bradley Huffaker and Jennifer Sun)
    • FANTAIL Proposal
    • Slides: FANTAIL Facilitating Advances in Network Topology Analysis Slides
• 6PM Dinner

June 28 (Friday)

• 10am-10:30am Morning Late Start
• Closing Talks
  • Flowtrace (Ricky Mok)
    • Detection and Analysis of Infrastructure Bottlenecks in a Cloud-Centric Internet
  • Speedtest: RABBITS, IMR (Ricky Mok)
    • A measurement toolkit for Reproducible Assessment of BroadBand Internet Topology and Speed
  • Internet2 Overview/Updates/Opportunities (James Deaton)
    • GMI-AIMS
  • Starlink Measurement(Hammas Tanveer)
    • Making Sense of Constellations: Methodologies for Understanding Starlink’s Scheduling Algorithms
• 1PM Lunch
  • IP leasing (Ben Du)
    • Paper: Sublet Your Subnet: Inferring IP Leasing in the Wild
  • AS Paths DB (Bradley Huffaker, Bill Herrin)
    • Discussion
  • Workshop Summary: GMI next steps