Jolley Hall, Room 309
A Data-driven Approach to Identifying Internet Security Challenges
Public key infrastructures (PKIs) enable secure communication between different entities over an untrusted network. Due to this ability, PKIs are now central to security on the Internet: large-scale PKIs enable the security guarantees provided by protocols like HTTPS, DNSSEC, and the RPKI. Unfortunately, despite these guarantees, there have been numerous security failures involving these protocols; ultimately, most of these failures are rooted in a discordance between how these protocols are designed and how they are actually used in practice.
In this talk, I will present an overview of my recent work that applies large-scale measurement and analysis to understand how security protocols are (mis)used in practice. I will first discuss how my measurements reveal widespread private key sharing between different entities in HTTPS ecosystem, breaking many security assumptions and making certain entities attractive attack targets. I will then describe how my large-scale study of the DNSSEC revealed that over 30% of domains that try to deploy DNSSEC fail to do so correctly, and why it is currently so challenging for domain owners to do so. I conclude with a discussion of my future research directions.
Taejoong Chung is a Postdoctoral Researcher in the College of Computer and Information Science at Northeastern University. He received his Ph.D. in Computer Science and Engineering from Seoul National University in 2015. His work focuses on Internet security, privacy implications, and data science through data-driven approach. He received Distinguished Paper Award at USENIX Security 2017 and Best Paper Award at IEEE Computer Society (ComSoc) Seoul Chapter 2010.