Visible to the public SaTC: CORE: Large: Collaborative: Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and ManipulationConflict Detection Enabled

Project Details

Performance Period

Aug 01, 2017 - Jul 31, 2020


University of California-San Diego

Award Number

Malicious actors such as hackers, terrorists or nation-states can disrupt, intercept or manipulate the Internet traffic of entire countries or regions by targeting structural weaknesses of the Internet. Strategic physical locations exist in the Internet topology. Despite much recent interest and a large body of research on cyber-attack vectors and mechanisms, we lack rigorous tools to reason about how the Internet topology of a country or region exposes its critical communication infrastructure to compromise through targeted attacks. This project develops methodologies to identify potential topological weaknesses of the Internet infrastructure, especially from the perspective of an attacker, and to quantify the potential impact if attackers were to compromise these critical elements. The broader impacts of this project are substantial: understanding structural weaknesses in the Internet topology of countries or regions is of significant interest not just to the research and operational communities, but also to everyday Internet users and policy bodies. More generally, it will secure the critical Internet infrastructure on which our daily activities depend.

This project is a two-phase project. In the first phase, the goal is identifying important components of the Internet topology of a country and region --- Autonomous Systems, Internet Exchange Points, colocation facilities, and physical cable systems that represent key locations of the Internet. The project will undertake a novel multi-layer mapping effort, developing measurement and analysis techniques to discover these components and the relationships between them. The second phase of the project utilizes the multi-layer map and develops methods to identify components that represent potential topological weaknesses, i.e., compromising a few such components would allow an attacker to disrupt, manipulate, or eavesdrop on a large fraction of Internet traffic of that country. The multi-layer view of the system will enable an assessment of weaknesses holistically as well as at specific layers, under various assumptions about the capabilities and knowledge of attackers. Geographic annotations will enable a consideration of risks related to the geographic distribution of critical components of the communication infrastructure.