The Network Inside Out: New Vantage Points for Internet Security

Seminar
Tuesday, April 08, 2014
7:00 PM
POB 2.402
Free and open to the public

My research focuses on computer security and privacy, with an emphasis on real-world problems that impact society and public policy. In this talk, I'll describe recent results on two such problems: discovering vulnerabilities in deployed systems, and resisting Internet censorship. Each line of work combines ideas from systems and crypto to suggest a new direction for defensive security research.

First, I'll present a new methodology for discovering vulnerabilities in heterogeneous deployed systems, based on analysis of large network measurement datasets. Collaborators and I used this approach to examine the security of public-key cryptography in use across the Internet. We performed the largest ever network survey of TLS and SSH servers and discovered that an alarming fraction of RSA and DSA public keys used for these protocols were insecurely generated. We were able to efficiently factor the RSA moduli used by almost 0.5% of all HTTPS servers and obtain the corresponding private keys. By clustering and investigating the vulnerable hosts, we exposed implementational flaws in headless and embedded network devices manufactured by more than 60 companies and uncovered a critical design flaw in the Linux kernel. In order to help other researchers apply similar techniques, we developed ZMap, a network probing tool optimized for Internet-wide scans that can enumerate all public IP addresses listening on a given port in under 45 minutes.

Next, I'll turn to state-sponsored Internet censorship, which increasingly makes use of advanced networking techniques such as deep-packet inspection (DPI). I'll introduce Telex, a new approach to censorship resistance that shows how DPI can be repurposed, in combination with novel public key steganography, to construct a robust anticensorship system that could one day serve as a state-level response to state-level censorship.

x x

Speaker

J. Alex Halderman

J. Alex Halderman

Assistant Professor
University of Michigan

J. Alex Halderman is an assistant professor of computer science and engineering at the University of Michigan. He is well known for developing the "cold boot" attack against disk encryption, which altered widespread security assumptions about the behavior of RAM, influenced computer forensics practice, and inspired the creation of a new subfield of theoretical cryptography. A noted expert on electronic voting security, he helped lead the first independent review of the election technology used by half a billion voters in India, which prompted the national government to undertake major technical reforms. His work has won numerous distinctions, including two best paper awards from the Usenix Security conference. He received his Ph.D. in computer science from Princeton in 2009.