french internet resilience observatory
play

French Internet Resilience Observatory Franois Contat, Guillaume - PowerPoint PPT Presentation

Jul 21, 2023 •589 likes •1.04k views

French Internet Resilience Observatory Franois Contat, Guillaume Valadon Agence nationale de la scurit des systmes d'information http://www.ssi.gouv.fr/en RIPE 67 - October 15 th , 2013 ANSSI - http://www.ssi.gouv.fr/observatoire 1/31

  1. French Internet Resilience Observatory François Contat, Guillaume Valadon Agence nationale de la sécurité des systèmes d'information http://www.ssi.gouv.fr/en RIPE 67 - October 15 th , 2013 ANSSI - http://www.ssi.gouv.fr/observatoire 1/31

  2. The observatory in a nutshell Prior issues Some of our objectives ANSSI - http://www.ssi.gouv.fr/observatoire 2/31 • the Internet is misunderstood; • network incidents analysis are rarely France-oriented; • the usage of best current practices is unknown. • study the French Internet in details; • develop technical interactions with the networking community; • publish anonymized results; • publish recommendations and best practices.

  3. Internet resilience? «Resilience is the ability to respond to a major crisis and to quickly restore a normal service.» The French White Paper on defence and national security, 2008 The Internet is often considered as a regular industry . Its resilience is mainly studied through: technical point of view. ANSSI - http://www.ssi.gouv.fr/observatoire 3/31 • the dependency on electricity; • the location of physical infrastructures. The observatory aims to study the Internet resilience from a

  4. Who? The observatory is under the supervision of the ANSSI. . Created on July 7th 2009, the ANSSI is the national authority for the defence and the security of information systems: d’information; Main missions are: One of its priorities is the Internet resilience. http://www.ssi.gouv.fr/en/ ANSSI - http://www.ssi.gouv.fr/observatoire 4/31 • in French, ANSSI, Agence nationale de la sécurité des systèmes • in English, French Network and Information Security Agency. • prevention; • defence of information systems.

  5. Who else? . Afnic The French Registry for the .fr zone as well as overseas territories. http://www.afnic.fr/en/ Afnic has been co-leading the project since the beginning. French network actors ISPs, IXP, transit providers… ANSSI - http://www.ssi.gouv.fr/observatoire 5/31

  6. What can be observed? Two main possible directions: through BGP and DNS. ANSSI - http://www.ssi.gouv.fr/observatoire 6/31 • services (HTTPS usage, mail…); • Internet structure (routing, name services). Today, the observatory is focusing solely on the Internet structure

  7. How to observe? Several technical indicators were defined: In the report, each indicator contains: 1. a description; 2. a methodology and its limitations; 3. an analysis. ANSSI - http://www.ssi.gouv.fr/observatoire 7/31 • 7 indicators for BGP (route objects, hijacks, RPKI…); • 5 indicators for DNS (topological distribution, DNSSEC…).

  8. Border Gateway Protocol

  9. Data and indicators RIS project - BGP updates Data: AS origin, prefix, AS_PATH… Indicators: hijacks classification, connectivity, IPv6, BCP… RIPE-NCC Whois database Data: route, route6, aut-num… Indicators: hijacks classification, connectivity, IPv6, BCP… ANSSI - http://www.ssi.gouv.fr/observatoire 9/31

  10. Identifying the French Internet Exisiting databases are not adequate: some ASes are missing. Finding French AS ing algorithm. Results ANSSI - http://www.ssi.gouv.fr/observatoire 10/31 • more than 40,000 ASes in the Internet; • automatically identify French ASes using an unsupervised learn- • 1270 French ASes; • compared to existing public databases (Cymru, RIPE): • 9 ASes missing in our database; • 40 and 70 more ASes.

  11. Connectivity Motivations Methodology ANSSI - http://www.ssi.gouv.fr/observatoire 11/31 • are French ASes well connected to each other? • are there Single Point Of Failure (SPOF)? • build a representative graph of the French Internet: • use AS_PATH seen by the RIS collectors; • extract the subgraph of French ASes. • identify the critical ASes (SPOF) for the French Internet: • highlight ASes whose loss can lead to a loss of connectivity.

  12. Connectivity IPv4 Blue: French ASes. Red: ASes whose loss leads to a loss of connectivity. . . There are few ASes whose loss can significantly impact the French Internet. ANSSI - http://www.ssi.gouv.fr/observatoire 12/31 . .

  13. Connectivity IPv4 Blue: French ASes. Red: ASes whose loss leads to a loss of connectivity. . . There are few ASes whose loss can significantly impact the French Internet. ANSSI - http://www.ssi.gouv.fr/observatoire 12/31 . .

  14. both ASes announce the same prefix: hijack? This conflict must be named differently: event. Prefix conflicts 192.0.2.0/24 ANSSI - http://www.ssi.gouv.fr/observatoire could be anycast, DDoS protection, customer… BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . . . 192.0.2.0/24 . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged;

  15. This conflict must be named differently: event. Prefix conflicts . ANSSI - http://www.ssi.gouv.fr/observatoire could be anycast, DDoS protection, customer… BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . 192.0.2.0/24 . 192.0.2.0/24 . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged; • both ASes announce the same prefix: hijack?

  16. This conflict must be named differently: event. Prefix conflicts . ANSSI - http://www.ssi.gouv.fr/observatoire BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . 192.0.2.0/24 . 192.0.2.0/24 . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged; • both ASes announce the same prefix: hijack? • could be anycast, DDoS protection, customer…

  17. Prefix conflicts 192.0.2.0/24 ANSSI - http://www.ssi.gouv.fr/observatoire BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . 192.0.2.0/24 . . . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged; • both ASes announce the same prefix: hijack? • could be anycast, DDoS protection, customer… This conflict must be named differently: event.

  18. How can we classify an announcement as valid? Route object example . BGP In this example, we look for the prefix 192.0.2.0/24 in whois database: $ whois -T route 192.0.2.0/24 descr: route: 192.0.2.0/24 AS2 AS1 192.0.2.0/24 origin: AS4 mnt-by: AS1-MNT ANSSI - http://www.ssi.gouv.fr/observatoire 192.0.2.0/24 AS4 . . 192.0.2.0/24 . AS1 . . AS3 . . AS4 . . 192.0.2.0/24 . 192.0.2.0/24 . 14/31 . AS2

  19. How can we classify an announcement as valid? Route object example . BGP In this example, we look for the prefix 192.0.2.0/24 in whois database: $ whois -T route 192.0.2.0/24 descr: route: 192.0.2.0/24 AS2 AS1 192.0.2.0/24 origin: AS4 mnt-by: AS1-MNT ANSSI - http://www.ssi.gouv.fr/observatoire 192.0.2.0/24 AS4 . . 192.0.2.0/24 . AS1 . . AS3 . . AS4 . . 192.0.2.0/24 . 192.0.2.0/24 . 14/31 . AS2

  20. Classifying events . 3600 . Number of events . 100 % . events . events events 3200 . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire . . . 400 . . valid . connected . abnormal . 0 . . 2800 800 . 1200 . 1600 . 2000 . 2400 . 15/31

  21. Classifying events . 3600 . Number of events . 29 % . 71 % . events events 3200 . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire . . . 400 . . valid . connected . abnormal . 0 . . 2800 800 . 1200 . 1600 . 2000 . 2400 . 15/31

  22. Classifying events 23 % . 3600 . Number of events . 29 % . 48 % . . . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire 3200 2800 . . . . valid . connected . abnormal . 0 400 . . 800 . 1200 . 1600 . 2000 . 2400 15/31

  23. Classifying events 23 % . 3600 . Number of events . 29 % . 48 % . . . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire 3200 2800 . . . . valid . connected . abnormal . 0 400 . . 800 . 1200 . 1600 . 2000 . 2400 15/31

  24. Cross-check routing table and whois database 660 . unused route objects: 1183 . matched route objects: 2588 . 31% of route objects are unused in 2012 . uncovered prefixes: . . prefixes covered: 3629 . 15% of French prefixes could be blackholed . . prefixes announced with BGP should be cov- ered by route objects; preliminary step to RPKI. ANSSI - http://www.ssi.gouv.fr/observatoire matched route objects unused route objects . . . . 4289 French prefixes . 3771 French route objects . RIS LINX . Whois database RIS LINX . . Whois database . Prefix filtering . Whois consistency . uncovered prefixes . prefixes covered 16/31

Recommend

Observatory of Internet Resilience in France Franois Contat ANSSI Agence nationale de la

Observatory of Internet Resilience in France Franois Contat ANSSI Agence nationale de la

Observatory of Internet Resilience in France Franois Contat ANSSI Agence nationale de la scurit des systmes d'information http://www.ssi.gouv.fr/en RIPE 68 - May 12 th , 2014 ANSSI - http://www.ssi.gouv.fr/bonnes-pratiques-bgp 1/14

289 views • 17 slides
What The Observatory Tool is and how it can be useful for YOU The Global Internet

What The Observatory Tool is and how it can be useful for YOU The Global Internet

TECHNICAL DEVELOPMENT OF THE ONLINE PLATFORM FOR THE GLOBAL INTERNET POLICY OBSERVATORY SMART 2014/0026 What The Observatory Tool is and how it can be useful for YOU The

547 views • 20 slides
French National Observatory of the impact of Erasmus+ Who is involved Researchers and Impact

French National Observatory of the impact of Erasmus+ Who is involved Researchers and Impact

French National Observatory of the impact of Erasmus+ Who is involved Researchers and Impact assessment specialists Erasmus + project holders and stakeholders Representatives from Ministry, and the EC Several units of the French NA

153 views • 13 slides
French Activities Presentations First French Asian Workshop on Next Generation Internet INRIA

French Activities Presentations First French Asian Workshop on Next Generation Internet INRIA

French Activities Presentations First French Asian Workshop on Next Generation Internet INRIA Sophia Antipolis September 21 st -23 rd Walid Dabbous Outline The context the STIC-ASIA project Teams involved in this workshop

719 views • 42 slides
the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our research focus: the Internet AS-level ecosystem Why is it important? To identify Internet topological properties and drawbacks To build realistic

452 views • 23 slides
High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris

High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris

High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris International Center for Scientific workshops (CIAS) CEA/IRFU Internet, coffee breaks etc Internet Co ff ee breaks USB key - Talk pdf

667 views • 18 slides
the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our research interest: the Internet AS-level ecosystem Why is it important? To identify Internet topological properties and drawbacks To build

371 views • 22 slides
GEOBS : TOWARD AN OBSERVATORY PROTOTYPE OF THE 65 FRENCH SDI S M ATTHIEU N OUCHER (CNRS UMR

GEOBS : TOWARD AN OBSERVATORY PROTOTYPE OF THE 65 FRENCH SDI S M ATTHIEU N OUCHER (CNRS UMR

GEOBS : TOWARD AN OBSERVATORY PROTOTYPE OF THE 65 FRENCH SDI S M ATTHIEU N OUCHER (CNRS UMR ADESS) F RANOISE G OURMELON (CNRS UMR LETG) J ADE G EORIS -C REUSEVEAU (CNRS - UMR ADESS) Financial parterns : Region Aquitaine, CNRS, Universit

260 views • 22 slides
the real-time Internet routing observatory Pietro G. Giardina Enrico Gregori Alessandro

the real-time Internet routing observatory Pietro G. Giardina Enrico Gregori Alessandro

the real-time Internet routing observatory Pietro G. Giardina Enrico Gregori Alessandro Improta Luciano Lenzini Alessandro Pischedda Lorenzo Rossi Luca Sani Internet Everyone knows the role of the Internet in our society, but

402 views • 22 slides
the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Unveiling the Internet structure with BGP data BGP route collectors BGP data collected up to date has been unvaluable to reveal the Internet

230 views • 22 slides
the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the

the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the

the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the Internet structure Everyone knows the role of the Internet in our society, but since its commercialization in 1995, no one knows its complete

424 views • 29 slides
Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics Problem to Address: Lack of Digital Resilience Breaches are all too common Marriott is just the latest 500 million customers affected

462 views • 12 slides
the real-time Internet routing observatory Luca Sani luca.sani@iit.cnr.it RIPE NCC SEE 6, Budva,

the real-time Internet routing observatory Luca Sani luca.sani@iit.cnr.it RIPE NCC SEE 6, Budva,

the real-time Internet routing observatory Luca Sani luca.sani@iit.cnr.it RIPE NCC SEE 6, Budva, 12-13 June 2017 Our research interest: the Internet AS-level ecosystem Why is it important? To identify Internet topological properties and

695 views • 20 slides
Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely Internet Measurement Village 2020 Ram Sundara Raman June 26, 2020 Measuring Censorship is a Complex Problem! Internet censorship practices are

644 views • 52 slides
WHO ACTUALLY BENEFITS FROM THE USE OF THE INTERNET ? Realities of empowerment in France in the

WHO ACTUALLY BENEFITS FROM THE USE OF THE INTERNET ? Realities of empowerment in France in the

WHO ACTUALLY BENEFITS FROM THE USE OF THE INTERNET ? Realities of empowerment in France in the digital era M@rsouin Network at the WIP Forum Moscow, 5-7 of July 2017 The Context of French national survey 3 RESEARCH CONTEXT Do all French

874 views • 19 slides
Isolario: the real-time Internet routing observatory Alessandro Improta Luca Sani

Isolario: the real-time Internet routing observatory Alessandro Improta Luca Sani

Isolario: the real-time Internet routing observatory Alessandro Improta Luca Sani alessandro.improta@iit.cnr.it luca.sani@iit.cnr.it 1/40 What we aim to do Research field Internet inter-domain measurement and analysis Why? - 1969 -

571 views • 40 slides
The French baccalaureate until 2020 1. What is the French Baccalaureate or the Bac? The French

The French baccalaureate until 2020 1. What is the French Baccalaureate or the Bac? The French

The French baccalaureate until 2020 1. What is the French Baccalaureate or the Bac? The French Baccalaureate is a three-year college-preparatory program. To succeed, students must demonstrate thorough knowledge in a wide variety of compulsory

420 views • 11 slides
Internet Science 2 Impact of social behavior for critical infrastructure resilience Ren e

Internet Science 2 Impact of social behavior for critical infrastructure resilience Ren e

Internet Science 2 Impact of social behavior for critical infrastructure resilience Ren e Milzarek Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen June 14, 2013 Ren e

506 views • 34 slides
Building Digital Resilience Barcelona presentation February, 2013 Internet access creates vast

Building Digital Resilience Barcelona presentation February, 2013 Internet access creates vast

Building Digital Resilience Barcelona presentation February, 2013 Internet access creates vast economic benefits ... A 10% increase in Internet penetration... ... increases new business creation by 1% ... increases GDP by more than 1% Source:

720 views • 16 slides
resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

How to improve our resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the process of adapting well in the face of adversity, trauma, tragedy, threats or significant sources of stress Resilience is

287 views • 9 slides
French on the Internet Prof. SJ. Darmoni, MD, PhD TIBS, LITIS Lab Rouen University Hospital

French on the Internet Prof. SJ. Darmoni, MD, PhD TIBS, LITIS Lab Rouen University Hospital

CISMeF Catalog & Index of Health Resources in French on the Internet Prof. SJ. Darmoni, MD, PhD TIBS, LITIS Lab Rouen University Hospital & Rouen Medical School, France Email: Stefan.Darmoni@chu-rouen.fr MIE Oslo August 2011 2

387 views • 26 slides
French People - who we are French People - Studio of design, situated in Shanghai former French

French People - who we are French People - Studio of design, situated in Shanghai former French

French People - who we are French People - Studio of design, situated in Shanghai former French Concession, was founded by a team of French people with a strong expertise in mens fashion design, combined with an international vision and heritage.

547 views • 26 slides
Small UAV A French MoD perspective and planning French ISTAR segmentation French ISTAR

Small UAV A French MoD perspective and planning French ISTAR segmentation French ISTAR

Small UAV A French MoD perspective and planning French ISTAR segmentation French ISTAR segmentation System volume Technology limit : data links (Satcom) e r u t Satellites c u HALE r t s a r f n i MALE Fighter Aircrafts

351 views • 20 slides
Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What do you think resilience means? 3. Write your ideas in a Circle Map. Unit 3 Stories of Resilience 1. Write your definition of Resilience is...

455 views • 6 slides

More recommend