Selected past and current projects

DHS funded project:
Monitoring Tools for DNS Security Deployment (MOTDS)
(in collaboration with Colorado State)

The deployment of DNS Security Extensions (DNSSEC) is a critical step towards securing cyberspace. Because virtually every Internet application relies on the reliable operation of DNS services, the lack of source authentication and data integrity checking in DNS operations leave nearly all Internet services vulnerable to attacks. After over 10 years of research and development efforts, the DNSSEC design has gone through a series of revisions and the latest outcome (tentatively RFCs 4033, 4034, and 4035) are now poised for deployment. In addition to the specification, preliminary operational practices collected from testbed trials are also being documented. As the demands for dependable Internet service accelerates, the challenge facing us now is to quickly roll out DNSSEC in the operational Internet. To help enable the deployment of DNSSEC, we propose to develop a DNSSEC monitoring and verification toolset. We believe this toolset will serve as an essential component in the process of rolling out DNSSEC. Our results from previous measurement efforts [SIGCOMM04, SIGCOMM-nets04] show that, after 20 years of deployment, the actual operations in today's (non-secure) DNS system differ substantially from the design specification and guidelines, and that human errors such as misconfigurations exist to a surprising extent. Distributed management is crucial in achieving DNS system's scalability, but it also leads to inconsistencies due to mistakes in coordinating zone configurations and changes. Such inconsistencies and mistakes will not be eliminated by the addition of DNSSEC. In fact, the complex DNSSEC requirements are likely make the problems of inconsistencies and mistakes much worse. DNSSEC is among the first attempts to deploy cryptographic protection mechanisms in a global- scale system. Both its operations and operational guidelines are more complex than the existing DNS system. There is limited deployment experience and rollout will require a learning process for operators. While it is a well-known fact that human makes errors, deployment of an unfamiliar and more complex technology across multiple administrative boundaries, compounded with the need for a close coordination, creates conditions that are more prone to errors. We believe operational errors and deviations from operational guidelines will inevitably occur in DNSSEC deployment, and increase as the deployment extends to more administrative domains. Furthermore, these errors and deviations will likely have a much bigger impact on DNS availability than what we have today. A misconfiguration in today's DNS operation may reduce service redundancy for the zone but (typically) does not affect zone availability in most cases. With DNSSEC, however, a mismatch between DS and DNSKEY records in the parent and child zone will cause the child zone to appear invalid. We cannot eliminate errors, but we can build systems to detect and defend against errors. We believe that DNSSEC deployment will not succeed without an effective monitoring and verification system. In particular, we believe deployment requires monitoring tools that can
1) provide DNSSEC operators with assurance that their secure zones are running properly,
2) identify common operational errors that need to be addressed by changing operational guidelines (and in the worst case, change protocol specifications),
3) identify infrastructure limitations that are a barrier to DNSSEC, and
4) measure the deployment behavior from the very beginning of DNSSEC deployment.
Our proposed monitoring system will provide a measure of current DNSSEC deployment progress, a much needed verification toolset for zones who newly deploy DNSSEC, and essential feedback on the success (and failures) of operational practices.

NSF funded project:
Optimization and Games in Inter-domain Routing
(Collaboration with Professors Steven Low and John Doyle of CalTech)

Connectivity between various networks in the Internet is established in the context of economic relationships between the organizations that own and control the network resources. These organizations coordinate, only to the extend necessary, to jointly provide the global Internet data delivery service, while competing with each other to advance individuals market positions. In this broader scope, the interconnectivity between networks and the inter-domain routing protocol running on top of it, namely BGP, can be viewed simply as the means to implement these relationships. Although the Internet routing infrastructure is critical for the robustness of the entire system and the protocol technologies impose constraints on the types of relationships that are implementable, examinations of technical details alone are insufficient to understand the current behavior, or predict future requirements, of global connectivity without taking into account the dynamics of the economic relationships they implement. Our goal in this project is to develop a theoretical framework together with experimental capability to understand the interplay between economics and technologies that implement Internet connectivity.

NSF funded project:
DNS Security Revisited: Enabling Cryptographic Defenses in Large-Scale Distributed Systems
(Collaboration with Prof. Songwu Lu of UCLA and Prof. Dan Massey of Colorado State)

This project identifies and addresses fundamental technical challenges that must be overcome in order to successfully deploy the DNS Security Extensions (DNSSEC) in the global Internet. DNSSEC is among the first attempts to add cryptographic protection into an Internet scale system, and plans for its real deployment are being discussed by both government and industry. The DNSSEC design aims at two simple goals, adding data origin authentication and data integrity checking into the DNS. On the surface, it may appear that these two moderate goals are easily met by existing cryptographic solutions. But despite over ten years of effort, DNSSEC is still not deployed. Some of the challenges in deploying DNSSEC are non-technical or could be handled by operational practices. However a number of important technical challenges still remain and the research community needs to address these challenges. Our initial investigation of the major issues facing DNSSEC deployment shows the existence of a substantial gap between a cryptographic design and its deployment in operational systems.

We propose to conduct a systematic assessment of the gap between the DNSSEC specification and the deployment constraints. We do not intend to propose another new design that overhauls the existing DNSSEC base standard. Instead, we devise new enabling techniques that work with the current DNSSEC standard. For each identified technical challenge, we will propose, implement, and evaluate specific solutions and will integrate such solutions into a unified design improvement. Our preliminary work has already shown promising results. We have collected a list that includes all major issues DNSSEC effort has encountered so far, as well as a number of new issues discovered in the process. We believe DNSSEC deployment is critical to enhanced security in cyberspace, and our goal is to help move it forward by foreseeing obstacles on the road, and clearing the obstacles by developing enabling techniques.

Beyond BGP

Interdomain routing performs the critical function of gluing together individual pieces of the Internet topology to create a connected data delivery infrastructure. However despite its importance, current measurements and analysis have not led to a basic understanding of BGP's dynamics, performance under stress, fundamental weaknesses, and potential breaking points (if any). In order for the Internet to continue its unprecedented growth, the interdomain routing protocol must continue to evolve to meet ever increasing and sometimes contradictory requirements. In this project, we develop measurement methodologies and rigorous design and analysis to evaluate the current state of BGP, to be able to meet the future demands of Internet's Inter-domain routing needs.

Exploratory Case Study: Critical Examination of Domain Name System

The global DNS system is a critically important infrastructure for the proper Internet operations. The original DNS system design is an example of great engineering which has been proven extremely successful in achieving the original design goal. However, as with most, or perhaps all the other Internet protocols that were developed during 70’s and 80’s, the DNS system design solely focused on its functionality and robustness against physical failures and data losses. It virtually gave no consideration to the issues of other types of faults, such as operational errors (e.g., misconfiguration), intentional or unintended abuses, let alone malicious attacks. As a starting point towards understanding the design requirements for building truly resilient global scale systems, this project is to examine existing and potential faults of various types in today’s DNS system and develop insights into consequential system properties of various design choices.


As a joint effort between UCLA, Colorado State, and the Oregon Route-Views engineering team at University of Oregon, the NetPath project addresses the challenges in learning the characteristics and state of global Internet routing. As of today, we are yet to achieve a comprehensive picture of the global routing system. Multi-homing, path diversity, and multiple connections provide the opportunity for more resilient communication, but these factors can only be fully exploited if end systems have access to information about the global routing characteristics and topological redundancy. Overall there is a lack of basic understanding and assessment of today's Internet routing infrastructure, the properties of its physical connectivity and the dynamics of routing changes. To this end, our proposed work will expand the essential routing monitoring infrastructure, provide analysis tools, and contribute to the general understanding of the global connectivity needed by end systems, researchers, and the Internet community in general.