Topic and Goals of the Project

The objective of the Peeroskop project is the design and development of a system for the observational analysis of the Internet part’s relevant for Germany, as well as the proactive and reactive protection of the backbone routing. Core components of the project are mechanisms for information fusion and information classification based on passive and active measurements which discover vulnerabilities in the Internet peering beforehand and bypass emerging disruptions.

Point of Departure: Easily Attackable, Decentralized Internet Infrastructure

In many countries, the Internet is a critical communications infrastructure for almost every public and industrial organization as well as for substantial parts of the social life. At the same time, the core communication process, i.e. BGP routing, is widely unprotected against misconfiguration and malicious manipulation. The inherent complexity of the distributed BGP routing becomes apparent when errors by single participants lead to global disruptions. Incidents like the “hijacking” of the YouTube network traffic by Pakistan Telecom in early 2008 or the redirection of a major part of the US-american network traffic via China Telecom in April 2010 illustrate how small “anomalies” can implicate wide consequences for single actors as well as whole nations. The importance of the Internet makes it an increasingly attractive target for attacks. This is reflected in organized cyber-crime and cyber-war. Facing these challenges requires a structural understanding of the the dependencies and capabilities to prevent the propagation of anomalies.

Vulnerability of the Internet Infrastructure

The Internet is vulnerable on three levels: (a) the physical structure, e.g. by the breakdown of exchange points; (b) the logical structure, by redirecting network traffic through incorrect intermediate nodes; (c) by direct attacks on host systems. Traditionally, levels (a) and (c) are in the focus of security efforts. However, to implement the vision of completely secure IT systems, a thorough understanding and protection of the logical Internet infrastructure is needed. To this end, on the one hand, it is necessary to identify and classify the relevant Internet participants of a nation. On the other hand, robust and verifiable paths in the network need to be discovered and protection mechanisms must be provided. Peeroskop follows this approach by its observation and reaction system for the protection of the Internet infrastructure of a nation.

Objective: Analysis and Protection System for the Internet relevant for Germany

This joint research project focuses on two objectives:

1. The identification and capturing of the current Internet structure that is relevevant for a country, including a preventative risk analysis. This results in a nation-centric mapping of the Internet as well as a peering oracle.
2. The observation of the topological evolution and its temporal analysis, which results in a continuous detection of anomalies and the development bypass schemes in case of interruptions.

Subcomponents

Peeroskop intends to enable Internet Service Providers (ISPs) and Internet Exchange Points (IXPs) to critically evaluate transition points and establish other or additional peering relations before incidents occur. New views and structural analyses of the Internet backbone will show dependencies between nations and between business sectors with respect to routing, and will help to quantify their effects. Context-sensitive analyzers supported by intuitive visualizations permit the identification of critical systems and emerging anomalies. A sheet anchor concept on the level of autonomous systems shall mitigate long-lasting outages.

Towards a Proof of Concept

The objectives and solutions will be achieved in close cooperation with operators of the Internet infrastructure. The delevoped concepts will be demonstrated as a proof of concept for the “German” Internet. In a testbed that is distributed among Berlin, Hamburg, Frankfurt, and Munich, the controlled injection of errors between real autonomous systems will help to evaluate and refine the developed techniques.

(Data)