![[CAIDA - Center for Applied Internet Data Analysis logo]](/images/caida_globe_faded.png "Go to CAIDA home page")
Sponsored by:
This is a collaborative project co-led by Matthew Luckie of the University of Waikato's Computing & Mathematical Sciences Department. The overarching objective of our project is to promote using Source Address Validation Best Current Practices (SAV BCP) by networks around the world.
Principal Investigator(s): kc claffy
Funding source: DHS S&T contract 140D7018C0010. Period of performance: September 20, 2018 - September 19, 2020.
Statement of Work
With previous DHS funding, we have re-designed, re-implemented, deployed, and operated a secure measurement infrastructure Spoofer that supports large-scale studies of anti-spoofing measures deployed (or not) in the global Internet. Yet, we have realized that there is a gap between generating security hygiene data and achieving remediation at scale. Thus, the tasks for the current project are focused on remediation efforts.
- Year 1 : Spoofer System Development and Improvement
- Year 2 : Analysis of the Extent and Impact of Wide Spoofer Deployment
Year 1 - Spoofer System Development and Improvement
| Task 1: Continue Spoofer operations and improve the project reporting web site. | ||||
| 1.1 | Operate Spoofer platform | |||
| 1.2 | Support Spoofer users, process their feedback, and improve their experience | |||
| 1.3 | Upgrade the operating system on the spoofer servers to a supported version of FreeBSD | |||
| 1.4 | Upgrade the community software used in the project:
(a) Apache webserver (b) MySQL database (c) PHP web scripting language |
|||
| 1.5 | Improve the reporting web site:
(a) parameterize the storage of traces in the database (b) implement timestamp validation in the reporting software module (c) produce quarterly reports on the project web site |
|||
| 1.6 | Update the server software to respond to clients behind NATs | |||
| 1.7 | Update the Spoofer client-server software as needed to keep up with updates in popular OSes | |||
| Task 2: Explore methods to stimulate remediation activities | ||||
| 2.1 | Improve the content and targeting of automated email notifications sent to network operator groups (NOGs) | |||
| 2.2 | Participate in forums and meetings of region-specific NOGs | |||
| 2.3 | Create region-level automated reporting of networks repeatedly ignoring our notifications and failing to deploy anti-spoofing measures | |||
| 2.4 | Develop a system for ASes to register for ongoing notifications about their SAV status | |||
Milestones and Deliverables Year 1
| # | Milestone | Deliverable | Date | Status |
|---|---|---|---|---|
| 1 | Status report on deployment of anti-spoofing best practices | Report | Quarterly | done |
| 2 | Expand our contacts with regional NOGs | Jan 20, 2019 | done | |
| 3 | Deploy updated reporting web site | Software | Mar 20, 2019 | done |
| 4 | Open up registration for automated AS-specific reporting | Mar 20, 2019 | done | |
| 5 | Release client-server testing software | Software | Jun 20, 2019 | done |
| 6 | Start sending notifications to registered ASes | Jul 20, 2019 | done | |
| 7 | Update approach to measuring deployment of SAV BCP | Report | Sep 20, 2019 | done |
| 8 | Update client/server software for compatibility with newer OSes | Software | Jul 03, 2019 | done |
Year 2 - Analysis of the Extent and Impact of Wide Spoofer Deployment
| Task 1: Continue Spoofer operations and improve the project reporting web site. | ||||
| 1.1 | Operate Spoofer platform | |||
| 1.2 | Support Spoofer users, process their feedback, and improve their experience | |||
| 1.3 | Improve the reporting web site:
(a) implement traceroute parsing to look up and store ASN of traceroute hops (b) incorporate router addresses into the public AS-level graph (c) add AS names to the public AS-level graph (d) produce quarterly reports on the project web site (e) produce non-anonymized reports for authorized users |
|||
| 1.4 | Promote and maintain the OpenWrt version of Spoofer client | |||
| 1.5 | Explore Spoofer implementations for other open source home router platforms | |||
| 1.6 | Update the Spoofer client-server software as needed to keep up with updates in popular OSes | |||
| Task 2: Explore economic and regulatory levers for SAV deployment. | ||||
| 2.1 | Analyze data on remediation efforts from networks in different countries | |||
| 2.2 | Expand notifications to include more countries | |||
| 2.3 | Analyze the advantages of using the registration system vs. unverified contacts
• compare the incidents of remediation between registered and non-registered ASes |
|||
| 2.4 | Report on investigation, analysis, and execution of incentive-creation scenarios for SAV deployment
(a) include feedback from public/private sector stakeholders (b) present the results to operational community (NANOGs, RIPE) (c) present the results to academic researchers (TPRC) (d) market use of Spoofer data for security risk analysis and risk management (insurance) |
|||
Milestones and Deliverables Year 2
| # | Milestone | Deliverable | Date | Status |
|---|---|---|---|---|
| 1 | Status report on deployment of anti-spoofing best practices | Report | Quarterly | done |
| 2 | Release client-server testing software | Software | Dec 20, 2019 | done |
| 3 | AS-level registration system | Software | May 20, 2020 | done |
| 4 | Final release of Spoofer client-server | Software | Jun 20, 2020 | done |
| 5 | Improved AS-level graph visualization Software | Software | Jul 20, 2020 | done |
| 6 | Finish analysis of marketing/technology transition efforts | Paper | Sep 20, 2020 | done |
| 7 | Update approach to measuring deployment of SAV BCP | Report | Sep 20, 2020 | done, done, and done |
| 8 | Update client/server software for compatibility with newer OSes | Software | Jul 03, 2019 | done |
Acknowledgement of awarding agency's support
This project is the result of funding provided by the Science and Technology Directorate of the United States Department of Homeland Security under contract number 140D7018C0010. The published material represents the position of the author(s) and not necessarily that of DHS.