The Biden administration recently rolled out a federal Roadmap to Enhance Internet Routing Security. The work behind that roadmap includes research and tools developed by Taejoong “Tijay” Chung, assistant professor of computer science in the College of Engineering at Virginia Tech. Chung’s work, which was also cited by the Federal Communications Commission (FCC) and the National Telecommunications and Information Administration, is playing a crucial role in shaping the U.S. response to threats facing internet users across government, commerce, industry, and the general public.
Every device connected to the internet has a unique IP address that is broadcast to the larger network of routers that funnel users to the correct content. But attackers can hijack a valuable website by passing off a fake IP address as the correct place for routers to send internet traffic.
Chung pointed to an infamous case from Pakistan wherein the government was able to divert YouTube users to its own IP addresses — effectively blocking its citizens from accessing YouTube content.
“Because of gaps in security for IP addresses, this kind of attack is still happening,” Chung said.
In 2018, users of the blockchain-based MyEtherWallet were redirected to a server in Russia, which proceeded to empty the users’ wallets of crypto assets. Two years after that, an attacker was able to steal $235,000 in cryptocurrency by hijacking the routing protocol for Celer Bridge, a cryptocurrency service.
To stop these kinds of attacks, the Biden administration and the Cybersecurity and Infrastructure Security Agency “are advocating that all the major network internet service providers (ISP) deploy a security protocol called Resource Public Key Infrastructure to better secure internet traffic,” Chung said. “But there’s a problem.”
How will customers and the government know which ISPs are using Resource Public Key Infrastructure — and which are not?
“We don’t know because we simply don’t have access to their systems,” Chung said. “So what we did was create a technique to infer the routing policy and activity of ISPs without any special connections or access. From that, we developed a searchable tool called RoVISTA.”
The tool was also introduced by the FCC in its recently proposed Internet Routing Security Reporting Requirements and the National Telecommunications and Information Administration in its published comments on the Notice of Proposed Rulemaking regarding Reporting on Border Gateway Protocol Risk Mitigation Progress. RoVista serves as an approach for understanding Resource Public Key Infrastructure adoption.
The tool runs in real time, is open to the public, and is updated and published daily. Work on it is funded by the U.S. National Science Foundation, Comcast, and Google.
Fast facts
- Bad actors can hijack vulnerable IP addresses (called Border Gateway Protocol, or BGP, hijacking) and intercept and reroute Internet traffic.
- BGP hijacking can lead to censorship, national security disruptions, and financial and other types of fraud.
- Safety protocols exist to secure IP addresses, but not all providers implement them.
- Information about network security can be difficult to find.
- Tijay Chung and his collaborators have developed an open source tool called RoVista that monitors IP security in real time.
Chung is available for media interviews, except Oct. 14-18 when he will be attending a conference.
About Chung
Taejoong “Tijay” Chung is an assistant professor of computer science at Virginia Tech. His work focuses on Internet security and Internet measurement. He received the National Science Foundation CAREER Award and Outstanding New Assistant Professor at the College of Engineering, Virginia Tech in 2024.
Interview
To schedule interviews with this expert, contact Margaret Ashburn in the media relations office at mkashburn@vt.edu or 540-529-0814.
