INDUSTRY
NSF Awards $3.4 Million for Network Security Research
The National Science Foundation (NSF) has awarded the Cooperative Association for Internet Data Analysis (CAIDA) research groupat the San Diego Supercomputer Center (SDSC) a grant for $3.4 million over three years to protect the critical infrastructure of the Internet. The Domain Name System (DNS) is a keystone of the Internet -- without it, the routing of messages to their proper destinations would be crippled. The work by CAIDA and affiliated researchers at the Internet Systems Consortium (ISC) is intended to help “harden” the DNS against malicious attacks and software bugs. “The Domain Name System is key to the operation of the Internet, but it has scaled well past its original design goals and now questions of security, reliability, and robustness are demanding more concerted attention,” said principal investigator K. C. Claffy, the founding director of CAIDA and an Associate Adjunct Professor of Computer Science at UC San Diego. “There are fundamental aspects of traffic dynamics of the DNS and of the Internet in general that have resisted effective modeling.”
The 13 root server computers of the DNS maintain the master lists that enable the system to translate between commonly used “domain names” like www.amazon.com, ucsd.edu, or www.nsf.gov and their corresponding numeric IP addresses. If this information were incorrect or unavailable, the trillions of daily Internet accesses would result in an endless series of “wrong numbers.”
But the DNS has only limited, unsophisticated mechanisms for protecting itself against attacks and malfunctions -- it relies primarily on redundancy to handle traffic bursts and to remain operational in the face of overloads and deliberate attacks. It is not clear whether this strategy will suffice in the future.
“The greatest obstacle to scientific study of the DNS is the lack of relevant data about the system,” Claffy said. "In funding this project, NSF is recognizing the need for a vehicle for disseminating high-quality data to researchers, developing tools to efficiently analyze that data, and sharing lessons learned and deploying new countermeasures to attacks. We hope this project will stimulate the networking community into more empirically grounded research and analysis to support performance, stability, and security of the DNS as it continues to evolve."
CAIDA is an ongoing program at SDSC that creates tools and technologies for Internet measurement, traffic analysis, and network topology visualization for use by network engineers and researchers. ISC operates one of the 13 DNS root servers and develops BIND, the most popular software reference implementation of the DNS protocol used by more than 75 percent of the Internet.
“Our team represents a unique, idealcombination of talents and facilities for achievingour research objectives,” said Paul Vixie, co-principal investigator of the new program and president of ISC.
CAIDA and ISC will coordinate through the Operations, Analysis, and Research Center (OARC), launched by ISC in October 2003. OARC brings together Internet service providers, implementers, and researchers to identify problems, test solutions, and share information. It will provide analysis tools to assist experts with real-time response to anomalous behavior of the DNS and will enable researchers to characterize the operation of the DNS.
DNS-OARC will provide a forum for the DNS operations community to communicate and respond to incidents that affect global DNS operations, including deliberate attacks. Researchers and developers will use the data collected by OARC for long-term analysis of DNS performance and post-mortems of attacks and will promote institutional learning. As with CAIDA and ISC, participation by researchers will be based on mutual trust, to enable commercial and international organizations to participate in the effort without giving up autonomy or confidentiality.
With NSF’s help, DNS-OARC research organizationwill evolve into a “cyberspace network operations center,”with a long-term goal of providing the data for operational DNS research to maintain and enhance the Internet.
“The measurement infrastructure and supporting software tools will remain in place after the three-year NSF grant, and we hope to obtain continued support for the research activities from the many private-sector organizations that depend on a robust, stable Internet,” Vixie said. “Ultimately, DNS-OARC will enhance national and international security by helping to establish and refine mechanisms for emergency response, and it will develop new technologies for prevention, attribution, and remediation of malicious or otherwise misbehaving agents affecting the global DNS.”
For the past two decades, the San Diego Supercomputer Center (SDSC) has enabled science and engineering discoveries through advances in high-performance computing. Continuing this tradition into the era of cyberinfrastructure, SDSC is a strategic resource to science, industry, and academia, extending the reach of scientific accomplishments by providing high-end hardware technologies, integrative software technologies, and deep interdisciplinary expertise to the research community. SDSC offers world-class leadership in the areas of data management, networking, grid computing, bioinformatics, geoinformatics, and high-end computing. An organized research unit of the University of California, San Diego, SDSC has a staff of more than 400 scientists, software developers, and support personnel, and is primarily funded by the National Science Foundation (NSF). For more information, see http://www.sdsc.edu/.
CAIDA is a program at SDSC that creates tools and technologies for Internet measurement, traffic analysis, and network topology visualization for use by network engineers and researchers. CAIDA also sponsors education and outreach efforts. For more information on CAIDA, see http://www.caida.org/. For information on this project, see http://www.caida.org/projects/proposals/dnsitr/index.xml.