Computer scientist performing Internet measurement research at Cisco ThousandEyes. My areas of interested are distributed systems, networking, and Internet measurement. My current focus is on anycast routing and mitigation of DDoS attacks, specifically against the DNS. Previously, I studied privacy and security issues in the DNS, transport protocols and congestion control in mobile networks, and encryption in the presence of middleboxes. See my cv
for details.
Akamai DNS at SIGCOMM 2020
Check out our work sharing many details of the architecture of Akamai's DNS authoritative nameserver
infrastructure that appeared in ACM SIGCOMM 2020.
Akamai DNS is one of the largest authoritative DNS
infrastructures in the world, and supports the Akamai content delivery network (CDN) as well as authoritative DNS hosting and
DNS-based load balancing services for many enterprises.
Paper Accepted to IMC 2019
Our work with collaborators at Case Western Reserve University has been accepted
to Internet Measurement Conference 2019.
In this work, we investigate the current state of EDNS-Client-Subnet (ECS) deployment and
the behavior of recursive resolvers implementing the specification. We find many potential
pitfalls and corner cases in deploying ECS that in some cases negate the potential benefits.
Come listen to the talk or watch for the publication of the paper to learn more!
Presented at DNS-OARC 30
I presented work on DNS recursive resolver delegation selection algorithms at
DNS-OARC 30 in Bangkok, Thailand.
Check out the talk on YouTube and
get the slides here. This talk will also
be presented at NDD 2019.
Presenting at PAM 2018
Work done with my 2017 summer intern Rami Al-Dalky was accepted into the
Passive and Active Measurement Conference in Berlin, Germany on March 26, 2018. I will be
presenting our results on March 27.
Two Papers Accepted to PAM 2016!
Our papers on characterizing and modeling client DNS traffic and the emergence of HTTP/2 in
the wild have both been accepted to the Passive and
Active Measurement Conference in Crete, Greece on March 31, 2016. Come hear about the work
we have been doing!
Enabling Secure In-Network Functionality in TLS
Transport Layer Security (TLS), is the de facto protocol supporting secure HTTP. However, TLS
makes the fundamental assumption that all functionality resides solely at the endpoints, and is thus
unable to utilize the many in-network services that optimize network resource usage, improve user
experience, and protect clients and servers from security threats. See our solution for
re-introducing in-network functionality into secure TLS sessions at
Sigcomm 2015. Check out the project
website here.
Measuring HTTP/2 Deployment
Check out our work on the current status of HTTP/2 in the wild
here. The protocol specification was finalized
in May and there are already quite a few Websites that support it. For the latest updates, see
the Web dashboard at isthewebhttp2yet.com.
During the course of several research projects, we have explored a variety of vulnerabilities
in the DNS. Many of these vulnerabilities can directly impact end users. In an effort to make
DNS resolution more transparent to users, I wrote a tool that when run scans the resolvers used
and determines whether they are vulnerable to a variety of attacks. Curious how your resolver
stacks up? Go here to find out!
DNS Resolvers Considered Harmful
Our paper on the dangers of using DNS resolvers is apppearing at the HotNets 2014 workshop on the University of
Southern California campus on October 28th, 2014. In this work, we suggest another approach to
resolution and show some initial results indicating the potential of this approach.
Research Internship with Telefónica I+D
On September 1st, 2014, I will begin a three month research internship with
Telefónica I+D in Barcelona, Spain. Telefónica is one of the largest telecommunications
companies in the world providing both broadband and mobile solutions to customers and
Telefónica I+D is the research and development company of the Telefónica group.
Talk at NANOG 61
At NANOG 61 in Bellevue, WA on
June 3rd, 2014, I will be presenting further findings on DNS vulnerabilities in forwarding
DNS servers. Our research suggests that these devices are typically home routers and
therefore present in nearly all ISP networks. At NANOG, I will be informing the community
of the danger these home routers pose and motivating action to mitigate the risk. (slides)
Assessing the DNS Vulnerability to Record Injection
I will be presenting our recent measurement work on DNS record injection attacks at the Passive and Active Measurement Conference on March 10th,
2014. In this work, we show that there are still a significant number of DNS servers that are
vulnerable to attacks that have been known for years. Further, we introduce a newly discovered
vulnerability in so called "forwarding" DNS servers which utilize another server to perform
recursive resolution on their behalf.
On Measuring the Client-Side DNS Infrastructure
Next month in Barcelona, Spain, I will present the recent work we have done on measuring the
client-side DNS infrastructure at the
Internet Measurement Conference. We demonstrate the diverse structures that have arisen to
improve the performance of DNS transactions and mitigate load. Further, as a demonstration of
our measurement techniques, we show how the infrastucture handles caching of DNS records.