-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathproject.html
More file actions
258 lines (233 loc) · 14.3 KB
/
project.html
File metadata and controls
258 lines (233 loc) · 14.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Project | MIRAGE</title>
<!-- Bootstrap core CSS -->
<link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="css/styles.css" rel="stylesheet">
<script src="https://cdn.userway.org/widget.js" data-account="yBY9xhLTf4" data-size="large"></script>
</head>
<body>
<!-- Navigation -->
<nav class="navbar fixed-top navbar-expand-lg navbar-dark bg-dark fixed-top">
<div class="container">
<a class="navbar-brand" href="index.html">Mirage</a>
<button class="navbar-toggler navbar-toggler-right" type="button" data-toggle="collapse"
data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false"
aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarResponsive">
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link" href="index.html">Home</a>
</li>
<li class="nav-item">
<a class="nav-link" href="partners.html">Partners</a>
</li>
<li class="nav-item">
<a class="nav-link" href="project.html">The Project</a>
</li>
<!-- <li class="nav-item">
<a class="nav-link" href="progress.html">Progress</a>
</li> -->
<li class="nav-item">
<a class="nav-link" href="https://bgpartemis.org/">Artemis</a>
</li>
<!-- <li class="nav-item">
<a class="nav-link" href="publications.html">Publications</a>
</li> -->
<li class="nav-item">
<a class="nav-link" href="contact.html">Contact</a>
</li>
<!-- <li class="nav-item">
<a class="nav-link" href="news.html">News</a>
</li> -->
<li class="nav-item px-3">
<a class="nav-link" href="el/project.html">EL</a>
</li>
</ul>
</div>
</div>
</nav>
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent"
aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto mx-auto">
<li class="nav-item">
<a class="nav-link" href="#antikeimeno">Scope</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#stoxoi">Objectives</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#mobile_artemis">Mobile ARTEMIS</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#artemis_as_a_service">ARTEMIS-as-a-service</a>
</li>
</ul>
</div>
</nav>
<!-- Page Content -->
<div class="container pb-5">
<!-- Overview Section -->
<div class="row">
<div class="col-lg-12">
<h1>Scope and Objectives of the Project</h1>
<hr>
<h3 class="section" id="antikeimeno">Scope</h3>
<p>
The Internet is a network of autonomous networks / systems that are interconnected in order to
provide communication services to end users (individuals, businesses, public organizations),
communicating with each other to route information packets. This communication is implemented at the
control plane level with the BGP protocol, based on which the policies of incoming and outgoing
packet flows are applied to each network through the announcement and selection of paths to Internet
address areas (IP prefixes).
</p>
<p>
BGP was designed without inherent security mechanisms (e.g. authentication) of the exchanged data
routing information. Such a serious shortcoming often leads (for decades now) to attacks known as
"BGP prefix hijacking", where one or more networks, either due to human error or (malicious) intent,
report false routing information. This information is disseminated throughout the Internet via the
BGP and leads to the redirection of data to invalid destinations, where they may be subject to
destruction (and interruption of relevant services), interception and/or alteration.
</p>
<p>
The available defence mechanisms against such attacks either act in advance, based on the
authentication of routing information (RPKI, BGPsec, etc.), or take place after the event (detection
and non-automated response). Ex-ante defense mechanisms are usually limited and ineffective. In
particular, they require implementation by most networks, compliance with central certification
authorities, as well as changes to the BGP, requirements that have historically been extremely
difficult to achieve. Ex-post detection and response systems are delayed and/or require third
parties to operate and maintain them properly. It often takes hours or even days to recover the full
functionality of a network after such attacks, resulting in immeasurable financial losses. For
example, in 2018, for hours, half the population of Japan was left without Internet access due to a
misconfiguration of the Google network.
</p>
<p>
The scope of the “MIRAGE” project (Mitigation of Internet Routing Attacks Globally and Efficiently)
is to develop an advanced system based on new features and services around the ARTEMIS open-source
tool, developed by FORTH's INSPIRE research team. ARTEMIS aims to monitor the level of control of
the Internet and the accurate and complete detection of BGP prefix hijacking attacks. A key
advantage of ARTEMIS is that it significantly reduces detection-response time from hours or days to
seconds, as confirmed by real-world experiments, making it state-of-the-art internationally among
the respective protection services available. The results of the implementation of the basic version
of ARTEMIS have been published in leading scientific journals (IEEE / ACM Transactions on
Networking) and have attracted the interest of international media and blogs from reputable bodies
(APNIC, IBM). It has also been adopted by network interconnectors with hundreds of client networks
to protect their network resources.
</p>
<hr>
<h3 class="section" id="stoxoi">Objectives</h3>
<ul>
<li>
Research and development of additional innovative technical features of the ARTEMIS system with
commercial interest, namely:
<ol>
<li>
The automation of system configuration pipelines
</li>
<li>
The automation of attack mechanism and
</li>
<li>
Detection of advanced forms of attacks (route leaks)
</li>
</ol>
</li>
<li>
Development of mobile user interface for easy monitoring of the system by mobile devices, and
use of mobile technologies for instant notifications when attacks take place.
</li>
<li>
Development of a new commercial service "ARTEMIS-as-a-service", where the system can be run in
the facilities of hosting service providers (cloud services) and run for each customer a
separate snapshot of the application, thus providing (automatic) escalation of the load-based
system, isolation of virtual customer access areas for greater security, and support for
multiple operating points to provide high availability.
</li>
<li>
Development of educational material (presentations, technical reports, user manuals) required to
educate users of the new system regarding its installation and use as well as dissemination of
results (e.g. through research publications) to both the research community and industry.
</li>
<li>
Implementation of the project as a complete system (current implementation of ARTEMIS,
additional functions, mobile user interface, ARTEMIS-as-a-service) in real networks for the
evaluation of the system under realistic operating conditions and collection of data and
information by the engineers of the network administration center; for the ease of use of the
system and its efficiency.
</li>
<li>
Investigation of commercial utilization mechanisms of the project services by the involved
partners.
</li>
</ul>
<hr>
<h3 class="section" id="mobile_artemis">Mobile ARTEMIS</h3>
<p>
Cytech will design and implement "Mobile ARTEMIS" - a mobile application of the system with an
emphasis on ease of use and its maintenance and support. Specifically, the application can be run on
mobile phones, adapted to the limitations of each mobile platform. It will work on both Android and
iOS devices.
</p>
<p>
In addition, mechanisms will be developed to alert users in real-time (instant notification) of new
attacks, using mobile notification systems (SMS, push notifications, etc.). These mechanisms will
also work on parallel networks such as mobile networks. Using these alerts will allow network
administrators to quickly get basic information wherever they are, so if they want more information
they can use the ARTEMIS web application to deepen and take action to troubleshoot. The notification
system will ensure that the information being transmitted is not sensitive or is encrypted due to
security and privacy reasons.
</p>
<hr>
<h3 class="section" id="artemis_as_a_service">ARTEMIS-as-a-service</h3>
<p>Enartia will design and implement "ARTEMIS-as-a-service", a new cloud hosting service, which will
allow system users to access it from anywhere on the Internet without having to worry about security
issues or performance. Regarding the handling of sensitive data coming from the client network (such
as configuration files, data feeds), the client will be able to choose the location of the cloud
datacenter as well as whether all data will be encrypted. In this way, ARTEMIS-as-a-service will be
available as a service to companies that do not want to install any software in their internal
network or in cases where this process is expensive and time-consuming. Also, this service will be
useful to companies that want access to remote (e.g. on another continent) sources of BGP data
surveillance and network device configuration, since it will not require their physical presence
(e.g. dedicated rackspace), with the extra costs this involves.</p>
</div>
</div>
<!-- /.row -->
</div>
<!-- /.container -->
<a class="btn btn-secondary btn-lg rounded-circle back-to-top" id="scroll_to_top" href="#">^</a>
<!-- Footer -->
<footer class="py-4 bg-dark" id="footer-div">
<div class="container">
<div class="row align-items-center">
<div class="col-lg-6 text-center ">
<img src="images/en/espa.jpg" width="625" height="142" class="img-fluid rounded img_border">
</div>
<div class="col-lg-6 m-0 text-white text-white-50">
The project is implemented in the context of the Action RESEARCH - CREATE - INNOVATE and is
co-financed by the
European Union and national resources through the O.P. Competitiveness, Entrepreneurship &
Innovation
(EPAnEK).
</div>
</div>
</div>
<!-- /.container -->
</footer>
<!-- Bootstrap core JavaScript -->
<script src="js/scroll_top.js"></script>
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
</body>
</html>