The Encrypted Web

Use of encryption (HTTPS) is increasing and, with the recent standardization of HTTP/2, we may be headed toward an encrypted-only Web. A group of researchers from Telefónica I+D, CMU and myself are active measuring the gradual deployment of HTTP/2. The current state of deployment may be viewed here. Further, in-network functionality provided by middleboxes is not currently available in encrypted sessions. We are working on a new protocol to enable middleboxes in encrypted sessions. Check out the paper and a detailed description of the protocol here.

University Resolver Passive DNS Traffic Monitoring

Beginning in April 2014, we will begin monitoring the DNS traffic arriving at the DNS resolvers of a major university. With this dataset, we can observe how the university population utilizes the DNS resolvers. Armed with a better understanding of user behavior we hope to develop new models and protocols to better server naming information.

Home Network DNS Measurement Tool

In our study of DNS resolvers on the Internet, we discovered that many open resolvers are also home routers. We also discovered that many home routers have serious DNS vulnerabilities. In an effort to help users protect themselves and gather further information about DNS in the home network, we are developing a measurement tool that will report security vulnerabilities and performance issues to the user.

Active Scans of the DNS Resolver Infrastructure

We perform scans across the whole Internet looking for open DNS resolvers. All of our scanning probes are DNS queries for names within the domain. Through these scans, we can illuminate the components of the DNS resolver infrastructure and tests their behavior. Two publications have resulted from these scans.