I am a computer scientist with a specialization in distributed systems and networking and
Internet measurement. My current focus is on anycast deployments with particular interest in
mitigation of growing DDoS attacks against the Domain Name System (DNS) and maintaining 100%
availability. Previously, I focused on privacy and security issues in the DNS, transport
protocols and congestion control in mobile networks, and transport layer security. See my
cv for details.
Two Papers Accepted to PAM 2016!
Our papers on characterizing and modeling client DNS traffic and the emergence of HTTP/2 in
the wild have both been accepted to the Passive and
Active Measurement Conference in Crete, Greece on March 31, 2016. Come hear about the work
we have been doing!
Enabling Secure In-Network Functionality in TLS
Transport Layer Security (TLS), is the de facto protocol supporting secure HTTP. However, TLS
makes the fundamental assumption that all functionality resides solely at the endpoints, and is thus
unable to utilize the many in-network services that optimize network resource usage, improve user
experience, and protect clients and servers from security threats. See our solution for
re-introducing in-network functionality into secure TLS sessions at
Sigcomm 2015. Check out the project
Measuring HTTP/2 Deployment
Check out our work on the current status of HTTP/2 in the wild
here. The protocol specification was finalized
in May and there are already quite a few Websites that support it. For the latest updates, see
the Web dashboard at isthewebhttp2yet.com.
During the course of several research projects, we have explored a variety of vulnerabilities
in the DNS. Many of these vulnerabilities can directly impact end users. In an effort to make
DNS resolution more transparent to users, I wrote a tool that when run scans the resolvers used
and determines whether they are vulnerable to a variety of attacks. Curious how your resolver
stacks up? Go here to find out!
DNS Resolvers Considered Harmful
Our paper on the dangers of using DNS resolvers is apppearing at the HotNets 2014 workshop on the University of
Southern California campus on October 28th, 2014. In this work, we suggest another approach to
resolution and show some initial results indicating the potential of this approach.
Research Internship with Telefónica I+D
On September 1st, 2014, I will begin a three month research internship with
Telefónica I+D in Barcelona, Spain. Telefónica is one of the largest telecommunications
companies in the world providing both broadband and mobile solutions to customers and
Telefónica I+D is the research and development company of the Telefónica group.
Talk at NANOG 61
At NANOG 61 in Bellevue, WA on
June 3rd, 2014, I will be presenting further findings on DNS vulnerabilities in forwarding
DNS servers. Our research suggests that these devices are typically home routers and
therefore present in nearly all ISP networks. At NANOG, I will be informing the community
of the danger these home routers pose and motivating action to mitigate the risk. (slides)
Assessing the DNS Vulnerability to Record Injection
I will be presenting our recent measurement work on DNS record injection attacks at the Passive and Active Measurement Conference on March 10th,
2014. In this work, we show that there are still a significant number of DNS servers that are
vulnerable to attacks that have been known for years. Further, we introduce a newly discovered
vulnerability in so called "forwarding" DNS servers which utilize another server to perform
recursive resolution on their behalf.
On Measuring the Client-Side DNS Infrastructure
Next month in Barcelona, Spain, I will present the recent work we have done on measuring the
client-side DNS infrastructure at the
Internet Measurement Conference. We demonstrate the diverse structures that have arisen to
improve the performance of DNS transactions and mitigate load. Further, as a demonstration of
our measurement techniques, we show how the infrastucture handles caching of DNS records.