I am a researcher in computer science focusing on network measurement. I obtained my Ph.D. from the Electrical Engineering and Computer Science department of Case Western Reserve University in 2016. My advisor is Michael Rabinovich.
|email:||first dot last at gmail|
|phone:||610 563 five four seven three|
I am a computer scientist with a specialization in distributed systems and networking and Internet measurement. My current focus is on anycast deployments with particular interest in mitigation of growing DDoS attacks against the Domain Name System (DNS) and maintaining 100% availability. Previously, I focused on privacy and security issues in the DNS, transport protocols and congestion control in mobile networks, and transport layer security. See my cv for details.
Our papers on characterizing and modeling client DNS traffic and the emergence of HTTP/2 in the wild have both been accepted to the Passive and Active Measurement Conference in Crete, Greece on March 31, 2016. Come hear about the work we have been doing!
Transport Layer Security (TLS), is the de facto protocol supporting secure HTTP. However, TLS makes the fundamental assumption that all functionality resides solely at the endpoints, and is thus unable to utilize the many in-network services that optimize network resource usage, improve user experience, and protect clients and servers from security threats. See our solution for re-introducing in-network functionality into secure TLS sessions at Sigcomm 2015. Check out the project website here.
Check out our work on the current status of HTTP/2 in the wild here. The protocol specification was finalized in May and there are already quite a few Websites that support it. For the latest updates, see the Web dashboard at isthewebhttp2yet.com.
During the course of several research projects, we have explored a variety of vulnerabilities in the DNS. Many of these vulnerabilities can directly impact end users. In an effort to make DNS resolution more transparent to users, I wrote a tool that when run scans the resolvers used and determines whether they are vulnerable to a variety of attacks. Curious how your resolver stacks up? Go here to find out!
Our paper on the dangers of using DNS resolvers is apppearing at the HotNets 2014 workshop on the University of Southern California campus on October 28th, 2014. In this work, we suggest another approach to resolution and show some initial results indicating the potential of this approach.
On September 1st, 2014, I will begin a three month research internship with Telefónica I+D in Barcelona, Spain. Telefónica is one of the largest telecommunications companies in the world providing both broadband and mobile solutions to customers and Telefónica I+D is the research and development company of the Telefónica group.
At NANOG 61 in Bellevue, WA on June 3rd, 2014, I will be presenting further findings on DNS vulnerabilities in forwarding DNS servers. Our research suggests that these devices are typically home routers and therefore present in nearly all ISP networks. At NANOG, I will be informing the community of the danger these home routers pose and motivating action to mitigate the risk. (slides)
I will be presenting our recent measurement work on DNS record injection attacks at the Passive and Active Measurement Conference on March 10th, 2014. In this work, we show that there are still a significant number of DNS servers that are vulnerable to attacks that have been known for years. Further, we introduce a newly discovered vulnerability in so called "forwarding" DNS servers which utilize another server to perform recursive resolution on their behalf.
Next month in Barcelona, Spain, I will present the recent work we have done on measuring the client-side DNS infrastructure at the Internet Measurement Conference. We demonstrate the diverse structures that have arisen to improve the performance of DNS transactions and mitigate load. Further, as a demonstration of our measurement techniques, we show how the infrastucture handles caching of DNS records.