My research focuses on computer security and privacy, with an emphasis on real-world problems that impact society and public policy. In this talk, I'll describe recent results on two such problems: discovering vulnerabilities in deployed systems, and resisting Internet censorship. Each line of work combines ideas from systems and crypto to suggest a new direction for defensive security research.
First, I'll present a new methodology for discovering vulnerabilities in heterogeneous deployed systems, based on analysis of large network measurement datasets. Collaborators and I used this approach to examine the security of public-key cryptography in use across the Internet. We performed the largest ever network survey of TLS and SSH servers and discovered that an alarming fraction of RSA and DSA public keys used for these protocols were insecurely generated. We were able to efficiently factor the RSA moduli used by almost 0.5% of all HTTPS servers and obtain the corresponding private keys. By clustering and investigating the vulnerable hosts, we exposed implementational flaws in headless and embedded network devices manufactured by more than 60 companies and uncovered a critical design flaw in the Linux kernel. In order to help other researchers apply similar techniques, we developed ZMap, a network probing tool optimized for Internet-wide scans that can enumerate all public IP addresses listening on a given port in under 45 minutes.
Next, I'll turn to state-sponsored Internet censorship, which increasingly makes use of advanced networking techniques such as deep-packet inspection (DPI). I'll introduce Telex, a new approach to censorship resistance that shows how DPI can be repurposed, in combination with novel public key steganography, to construct a robust anticensorship system that could one day serve as a state-level response to state-level censorship.