World map with attacks on internet infrastructure
The Internet has developed over time and is able to function because of the interplay between various services that are, in turn, operated by a range of different institutions. Frequently, IT security does not play a significant role and, as shown by the latest attacks, we are now paying the price. Institutions are becoming both victims and perpetrators. Researchers at the CISPA Helmholtz Center in Saarbrücken are consequently investigating the global security status of the Internet using formal methods. They are presenting their latest findings at the CEBIT computer expo from 11 June in Hanover, stand F68 in hall 27.
“A growing number of reports and studies indicate that just a few players are having a decisive influence on the overall security of the Internet’s infrastructure”, reports Milivoj Simeonovski, who carries out research at the CISPA Helmholtz Center and is pursuing his PhD at Saarland University. Moreover, in the past we have tended to focus more on analysing the security of individual services, but have given very little thought to researching the relationships between them.
Simeonovski, together with Giancarlo Pellegrino, Professor Christian Rossow, and Professor Michael Backes, founding director of CISPA, has therefore developed a computational model that will allow for better assessment of global online threats.
The researchers are taking a similar approach to documenting genealogical data on family trees as they map out the infrastructure of the Internet. However, the “nodes” on their charts do not represent people, but servers, organisations and autonomous systems. If these are in any way dependent on each other, they are connected using ‘edges’. To render their model more realistic, they expanded it by 1.8 million nodes and 4.7 million relationships. They then used the model to simulate attacks based on three scenarios. One of these was the global “PRISM” surveillance attack in 2013, which was revealed by Edward Snowden.
The results confirmed the researchers’ theory that some players have greater power than others. 14 countries and 14 autonomous systems can directly or indirectly influence the security of 23 percent of all websites. “Our analysis also shows that the United States of America is the most powerful, thanks to the resources it has at its disposal”, explains Simeonovski.
Together with Patrick Speicher, Marcel Steinmetz, Robert Künnemann and Professor Jörg Hoffmann, the researchers are also using the computational model for another project relating to global security. Electronic mail is sent by 3.7 billion people worldwide. E-mail is therefore considered to be the most used – and most important – service, ahead of even the World Wide Web. But IT security fared badly here too. Several approaches have already been discussed to upgrade the worldwide service. The security researchers from Saarbrücken have consequently developed a procedure to automatically calculate the cost-benefit ratio of the possible measures on a global scale.
“The size of the data set places huge demands on the computations, because the best attack strategy for each combination of countermeasures must be determined”, reports Patrick Speicher from Saarland University. The scientists are therefore employing artificial intelligence methods in order to make the best choice as efficiently as possible. “This allows us to determine the extent of the most effective protective measures for a given budget”, explains Speicher, adding that this method can be used not only on a global, but also on a national and company-wide, basis.
- Who Controls the Internet? Analyzing Global Threats using Property Graph Traversals
- Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure