Our Publications
318 results
2024
Zero-setup Intermediate-rate Communication Guarantees in a Global Internet.
In Proceedings of the USENIX Security Symposium 2024.
Research Area: Distributed Denial of Service Defenses
On Building Secure Wide-Area Networks over Public Internet Service Providers.
In International Conference on Cyber Conflict (NATO CCDCOE CyCon) 2024.
Debuglet: Programmable and Verifiable Inter-domain Network Telemetry.
In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS) 2024.
SPArch: A hardware-oriented sketch-based architecture for high-speed network flow measurements.
In ACM Transactions on Privacy and Security 2024.
Charting Censorship Resilience & Global Internet Reachability: A Quantitative Approach.
2024. (arXiv version)
DNS Congestion Control in Adversarial Settings.
In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP) 2024.
CAMP: Compositional Amplification Attacks against DNS.
In Proceedings of the USENIX Security Symposium 2024.
Toward Global Latency Transparency.
In IEEE/IFIP Networking, recent results track 2024. (arXiv version)
An Empirical Study of Consensus Protocols’ DoS Resilience.
In In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2024 2024.
The SA4P Framework: Sensing and Actuation as a Privilege.
In In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2024 2024.
2023
ALBUS: a Probabilistic Monitoring Algorithm to Counter Burst-Flood Attacks.
In Proceedings of the Symposium on Reliable Distributed Systems (SRDS) 2023.
A Formal Framework for End-to-End DNS Resolution.
In Proceedings of ACM SIGCOMM 2023.
SAGE: Software-based Attestation for GPU Execution.
In Proceedings of USENIX Annual Technical Conference (ATC) 2023.
Carbon-Aware Global Routing in Path-Aware Networks.
In Proceedings of ACM International Conference on Future Energy Systems (e-Energy) 2023. (Among the 6 Best-Paper Candidates)
Hercules: High-Speed Bulk-Transfer over SCION.
In Proceedings of IFIP Networking 2023.
Qualitative Intention-aware Attribute-based Access Control Policy Refinement.
In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT) 2023.
DMTP: Deadline-aware Multipath Transport Protocol.
In Proceedings of IFIP Networking 2023.
Demystifying Web3 Centralization: The Case of Off-Chain NFT Hijacking.
In Proceedings of International Conference on Financial Cryptography and Data Security (FC) 2023.
Trusted Introductions For Secure Messaging.
In Proceedings of International Workshop on Security Protocols 2023.
Determining an Economic Value of High Assurance for Commodity Software Security.
In Proceedings of Twenty-eighth International Workshop on Security Protocols 2023.
Inter-Domain Routing with Extensible Criteria.
2023.
Quality Competition Among Internet Service Providers.
In Proceedings of the International Symposium on Computer Performance, Modeling, Measurements and Evaluation (PERFORMANCE) 2023.
Did the Shark Eat the Watchdog in the NTP Pool? Deceiving the NTP Pool’s Monitoring System.
In Proceedings of the USENIX Security Symposium 2023.
FABRID: Flexible Attestation-Based Routing for Inter-Domain Networks.
In Proceedings of the USENIX Security Symposium 2023. (arXiv version)
RHINE: Robust and High-performance Internet Naming with E2E Authenticity.
In 20th USENIX Symposium on Networked Systems Design and Implementation (NSDI) 2023.
Hey Kimya, Is My Smart Speaker Spying on Me? Taking Control of Sensor Privacy Through Isolation and Amnesia.
In Proceedings of the USENIX Security Symposium 2023.
Bayesian Sketching for Volume Estimation in Data Streams.
In Proceedings of the International Conference on Very Large Databases (VLDB) 2023.
2022
Tango or Square Dance? How Tightly Should we Integrate Network Functionality in Browsers?.
In to appear in Proceedings of the ACM Workshop on Hot Topics in Networks (HotNets) 2022. (arXiv version:2210.04791)
N-Tube: Formally Verified Secure Bandwidth Reservation in Path-Aware Internet Architectures.
In Proceedings of IEEE Computer Security Foundations Symposium (CSF) 2022.
QCSD: A QUIC Client-Side Website-Fingerprinting Defence Framework.
In Proceedings of the USENIX Security Symposium 2022.
Ubiquitous Secure Communication in a Future Internet Architecture.
In SN Computer Science 3 (5) 2022.
Evaluating Susceptibility of VPN Implementations to DoS Attacks Using Adversarial Testing.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2022.
Protecting Critical Inter-Domain Communication through Flyover Reservations.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2022.
Research Area: Distributed Denial of Service Defenses
DoCile: Taming Denial-of-Capability Attacks in Inter-Domain Communications.
In Proceedings of the IEEE/ACM International Symposium on Quality of Service (IWQoS) 2022.
Research Area: Distributed Denial of Service Defenses
Model-Based Insights on the Performance, Fairness, and Stability of BBR.
In Proceedings of the Internet Measurement Conference (IMC) 2022. (
Winner of the Applied Networking Research Prize (ANRP) 2023)
SAGE: Software-based Attestation for GPU Execution.
In 2022. (arXiv version:2209.03125)
NeVerMore: Exploiting RDMA mistakes in NVMe-oF storage applications.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2022.
Creating a Secure Underlay for the Internet.
In Proceedings of the USENIX Security Symposium 2022. (arXiv version:2206.06879)
BLAP: Bluetooth Link Key Extraction and Page Blocking Attacks.
In Proceedings of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2022.
Hopper: Per-Device Nano Segmentation for the Industrial IoT.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2022.
F-PKI: Enabling Innovation and Trust Flexibility in the HTTPS Public-Key Infrastructure.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2022.
Research Area: Public Key Infrastructures
Consent Routing: Towards Bilaterally Trusted Communication Paths.
In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS) 2022.
Supporting Dynamic Secure Interdomain Routing.
In Proceedings of the ICNP Workshop on New IP and Beyond (NIB'22) 2022.
The Complete Guide to SCION. From Design Principles to Formal Verification.
Publisher: Springer International Publishing AG, 2022.
G-SINC: Global Synchronization Infrastructure for Network Clocks.
In Proceedings of the Symposium on Reliable Distributed Systems (SRDS) 2022. (arXiv version)
Data-Plane Energy Efficiency of a Next-Generation Internet Architecture.
In IEEE Symposium on Computers and Communications (ISCC) 2022.
2021
Website fingerprinting in the age of QUIC.
In Proceedings on Privacy Enhancing Technologies (PoPETs) 2021.
Enabling Novel Interconnection Agreements with Path-Aware Networking Architectures.
In Proceedings of the International Conference on Dependable Systems and Networks (DSN) 2021.
Secure and Scalable QoS for Critical Applications.
In Proceedings of the IEEE/ACM International Symposium on Quality of Service (IWQoS) 2021.
Research Area: Distributed Denial of Service Defenses
Global Distributed Secure Mapping of Network Addresses.
In Proceedings of the ACM SIGCOMM Workshop on Technologies, Applications, and Uses of a Responsible Internet (TAURIN) 2021.
Security, Anonymity, Privacy, and Trust.
Chapter in Future Networks, Services and Management 2021.
Low-Rate Overuse Flow Tracer (LOFT): An Efficient and Scalable Algorithm for Detecting Overuse Flows.
In Proceedings of the Symposium on Reliable Distributed Systems (SRDS) 2021.
An Axiomatic Perspective on the Performance Effects of End-Host Path Selection.
In Proceedings of the International Symposium on Computer Performance, Modeling, Measurements and Evaluation (PERFORMANCE) 2021.
Speed Records in Network Flow Measurement on FPGA.
In Proceedings of the International Conference on Field-Programmable Logic (FPL) 2021.
ReDMArk: Bypassing RDMA Security Mechanisms.
In Proceedings of the USENIX Security Symposium 2021.
MONDRIAN: Comprehensive Inter-domain Network Zoning Architecture.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2021.
Pervasive Internet-Wide Low-Latency Authentication.
In Proceedings of the International Conference on Computer Communications and Networks (ICCCN) 2021.
SpeedCam: Towards Efficient Flow Monitoring for Multipath Communication.
In Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM) 2021.
ICARUS: Attacking low Earth orbit satellite networks.
In USENIX Annual Technical Conference (USENIX ATC) 2021. (Supplemental material and code available.)
GMA: A Pareto Optimal Distributed Resource-Allocation Algorithm.
In Proceedings of the International Colloquium on Structural Information and Communication Complexity (SIROCCO) 2021.
Research Area: Distributed Denial of Service Defenses
Deployment and Scalability of an Inter-Domain Multi-Path Routing Infrastructure.
In International Conference on emerging Networking EXperiments and Technologies (CoNEXT ’21) 2021. (Best Paper Award)
Colibri: A Cooperative Lightweight Inter-domain Bandwidth-Reservation Infrastructure.
In International Conference on emerging Networking EXperiments and Technologies (CoNEXT ’21) 2021.
LINC: Low-Cost Inter-Domain Connectivity for Industrial Systems.
In Proceedings of the ACM SIGCOMM Demo's and Posters 2021.
Tableau: Future-Proof Zoning for OT Networks.
In Critical Information Infrastructures Security 2021.
2020
SoK: Delegation and Revocation, the Missing Links in the Web’s Chain of Trust.
In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P) 2020.
Research Area: Public Key Infrastructures
A Formally Verified Protocol for Log Replication with Byzantine Fault Tolerance.
In Proceedings of the International Symposium on Reliable Distributed Systems (SRDS) 2020.
Incentivizing Stable Path Selection in Future Internet Architectures.
In Proceedings of the International Symposium on Computer Performance, Modeling, Measurements and Evaluation (PERFORMANCE) 2020.
EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet.
In Proceedings of the USENIX Security Symposium 2020.
Internet Backbones in Space.
In ACM SIGCOMM Computer Comunication Review (CCR) 50 (1) 2020. (Submission code)
sRDMA: Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access.
In Proceedings of the USENIX Annual Technical Conference (USENIX ATC) 2020.
The Value of Information in Selfish Routing.
In Proceedings of the International Colloquium on Structural Information and Communication Complexity (SIROCCO) 2020.
PISKES: Pragmatic Internet-Scale Key-Establishment System.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2020.
SVLAN: Secure & Scalable Network Virtualization.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2020.
SCIONLab: A Next-Generation Internet Testbed.
In Proceedings of the IEEE International Conference on Network Protocols (ICNP) 2020. (Best Paper Award)
Research Area: SCION
2019
Liam: An Architectural Framework for Decentralized IoT Networks.
In Proceedings of the IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS) 2019.
Zero-Knowledge User Authentication: An Old Idea Whose Time Has Come.
In Proceedings of the 27th International Workshop on Security Protocols (SPW) 2019.
Retroactive Packet Sampling for Traffic Receipts.
In Proceedings of the ACM Conference on Measurement and Analysis of Computing Systems (SIGMETRICS) 3 (1) 2019.
Network Transparency for Better Internet Security.
In IEEE/ACM Transactions on Networking 27 (5) 2019.
2018
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure.
In Workshop on Blockchain and Sharing Economy Applications (BlockSEA) 2018.
Research Area: Public Key Infrastructures
Networking in Heaven as on Earth.
In Proceedings of the ACM Workshop on Hot Topics in Networks (HotNets) 2018.
Three Bits Suffice: Efficient Support for Passive Two-Way Latency Measurement in QUIC and TCP.
In Proceedings of the Internet Measurement Conference (IMC) 2018.
Secure Opportunistic Multipath Key Exchange.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2018.
Bootstrapping Privacy Services in Today's Internet.
In ACM SIGCOMM Computer Comunication Review (CCR) 48 (5) 2018.
SAFES: Sand-boxed Architecture for Frequent Environment Self-measurement.
In 3rd Workshop on System Software for Trusted Execution (SysTEX) 2018.
Alcatraz: Data Exfiltration-Resilient Corporate Network Architecture.
In 4th IEEE International Conference on Collaboration and Internet Computing (CIC) 2018.
CLEF: Limiting the Damage Caused by Large Flows in the Internet Core.
In International Conference on Cryptology and Network Security (CANS) 2018. (arXiv version:1807.05652)
Towards Sustainable Evolution for the TLS Public-Key Infrastructure.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2018.
SIOTOME: An Edge-ISP Collaborative Architecture for IoT Security.
In Proceedings of the International Workshop on Security and Privacy for the Internet-of-Things (IoTSec) 2018.
TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer.
In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P) 2018.
Research Area: High-speed Anonymous Communication
Adding Path Awareness to the Internet Architecture.
In IEEE Internet Computing 22 (2) 2018.
2017
A Paged Domain Name System for Query Privacy.
In International Conference on Cryptology and Network Security (CANS) 2017.
PHI: Path-Hidden Lightweight Anonymity Protocol at Network Layer.
In Proceedings on Privacy Enhancing Technologies (PoPETs) 2017.
Research Area: High-speed Anonymous Communication
The SCION Internet Architecture.
In Communications of the ACM 60 (6) 2017.
Research Area: SCION
Deadline-Aware Multipath Communication: An Optimization Problem.
In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017.
The Case for In-Network Replay Suppression.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017.
Short Paper: On Deployment of DNS-based Security Enhancements.
In Proceedings of the Financial Cryptography and Data Security 2017.
Internet Kill Switches Demystified.
In Proceedings of the EuroSec 2017.
Authentication Challenges in a Global Environment.
In ACM Transactions on Privacy and Security (TOPS) 20 (1) 2017.
Toward a Taxonomy and Attacker Model for Secure Routing Protocols.
In ACM SIGCOMM Computer Communication Review 47 (1) 2017.
SCION: A Secure Internet Architecture.
Publisher: Springer International Publishing AG, 2017.
Research Area: SCION
2016
Source Accountability with Domain-brokered Privacy.
In Proceedings of the ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT) 2016.
CASTLE: CA Signing in a Touch-Less Environment.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC) 2016.
Modeling Data-Plane Power Consumption of Future Internet Architectures.
In Proceedings of the IEEE Conference on Collaboration and Internet Computing (CIC) 2016.
Communication Based on Per-Packet One-Time Addresses.
In Proceedings of the IEEE Conference on Network Protocols (ICNP) 2016.
Design, Analysis, and Implementation of ARPKI: an Attack-Resilient Public-Key Infrastructure.
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2016.
Research Area: Public Key Infrastructures
SDNsec: Forwarding Accountability for the SDN Data Plane.
In Proceedings of the IEEE International Conference on Computer Communication and Networks (ICCCN) 2016.
SDNsec: Forwarding Accountability for the SDN Data Plane.
Technical report, ETH Zurich 2016.
On the Implementation of Path-Based Dynamic Pricing in Edge-Directed Routing.
In Proceedings of the IEEE Asia-Pacific Conference on Communications (APCC) 2016.
CICADAS: Congesting the Internet with Coordinated And Decentralized Pulsating Attacks.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2016.
RITM: Revocation in the Middle.
In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS) 2016. (Best Paper Award)
Research Area: Public Key Infrastructures
Control-plane isolation and recovery for a secure SDN architecture.
In IEEE NetSoft Conference and Workshops (NetSoft) 2016.
High-Speed Inter-domain Fault Localization.
In Proceedings of the IEEE Symposium on Security and Privacy 2016.
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem.
In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P) 2016.
Research Area: Public Key Infrastructures
SIBRA: Scalable Internet Bandwidth Reservation Architecture.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2016.
Research Area: Distributed Denial of Service Defenses
PsyBoG: A scalable botnet detection method for large-scale DNS traffic.
In Computer Networks 2016.
2015
HORNET: High-speed Onion Routing at the Network Layer.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2015.
Research Area: High-speed Anonymous Communication
On Building Onion Routing into Future Internet Architectures.
In IFIP WG 11.4 International Workshop (iNetSec). Revised Selected Papers (Kesdogan, Dogan, Camenisch, Jan, eds.) 2015.
Research Area: High-speed Anonymous Communication
Efficient Gossip Protocols for Verifying the Consistency of Certificate Logs.
In Proceedings of the IEEE Conference on Communications and Network Security (CNS) 2015.
Research Area: Public Key Infrastructures
SCION Five Years Later: Revisiting Scalability, Control, and Isolation on Next-Generation Networks.
In arXiv e-prints 2015. (arXiv:1508.01651)
Research Area: SCION
Bootstrapping Real-world Deployment of Future Internet Architectures.
arXiv preprint 2015. (arXiv:1508.02240)
Secure broadcast in distributed networks with strong adversaries.
In Security and Communication Networks 2015.
ECO-DNS: Expected Consistency Optimization for DNS.
In Proceedings of the IEEE International Conference on Distributed Computing System (ICDCS) 2015.
Source-Based Path Selection: The Data Plane Perspective.
In Proceedings of the ACM Conference on Future Internet Technologies (CFI) 2015.
ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data.
In IEEE Symposium on Security and Privacy (Oakland) 2015.
Deployment Challenges in Log-Based PKI Enhancements.
In Proceedings of the Eighth European Workshop on System Security (EuroSec) 2015.
Research Area: Public Key Infrastructures
Lightweight Protection of Group Content Distribution.
In Proceedings of the ASIACCS Workshop on IoT Privacy, Trust, and Security (IoTPTS) 2015.
Establishing Software-Only Root of Trust on Embedded Systems: Facts and Fiction.
In Proceedings of the International Workshop on Security Protocols (SPW) 2015.
Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS.
In Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT) 2015.
Research Area: Public Key Infrastructures
Transparency Instead of Neutrality.
In Proceedings of the ACM Workshop on Hot Topics in Networks (HotNets) 2015.
A Practical System for Guaranteed Access in the Presence of DDoS Attacks and Flash Crowds.
In Proceedings of the IEEE International Conference on Network Protocols (ICNP) 2015.
Research Area: Distributed Denial of Service Defenses
FAIR: Forwarding Accountability for Internet Reputability.
In Proceedings of the IEEE International Conference on Network Protocols (ICNP) 2015.
Research Area: Distributed Denial of Service Defenses
Forwarding Accountability: A Challenging Necessity of the Future Data Plane.
In Post-Proceedings of the IFIP WG 11.4 Workshop on Open Research Problems in Network Security (iNetSec) 2015.
Research Area: Distributed Denial of Service Defenses
What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks.
In Proceedings of the International Conference on Passwords 2015.
2014
PoliCert: Secure and Flexible TLS Certificate Management.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2014.
Research Area: Public Key Infrastructures
ARPKI: Attack Resilient Public-Key Infrastructure.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2014.
Research Area: Public Key Infrastructures
Mechanized Network Origin and Path Authenticity Proofs.
In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) 2014.
Accountability in Future Internet Architectures.
In Communications of the ACM 57 (9) 2014.
cTPM: A Cloud TPM for Cross-Device Trusted Applications.
In 39 (4) 2014.
Lightweight Source Authentication and Path Validation.
In Proceedings of the ACM SIGCOMM 2014.
Fleet: defending SDNs from malicious administrators.
In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking (HotSDN) 2014.
MiniBox: A Two-Way Sandbox for x86 Native Code.
In Proceedings of the USENIX Annual Technical Conference (USENIX ATC) 2014.
MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles.
In Proceedings of the ACM conference on Security and Privacy in Wireless & Mobile Networks (WiSec) 2014. (Short paper)
MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles.
Technical report, Carnegie Mellon University 2014.
cTPM: a cloud TPM for cross-device trusted applications.
In Proceedings of the USENIX Conference on Networked Systems Design and Implementation (NSDI) 2014.
MiniBox: A Two-Way Sandbox for x86 Native Code.
Technical report, Carnegie Mellon University 2014.
2013
OASIS: On Achieving a Sanctuary for Integrity and Secrecy on Untrusted Platforms.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2013.
SafeSlinger: Easy-to-Use and Secure Public-Key Exchange.
In Proceedings of the ACM Annual International Conference on Mobile Computing and Networking (MobiCom) 2013.
KISS: "Key it Simple and Secure" Corporate Key Management.
In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST) 2013.
Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework.
In Proceedings of the IEEE Symposium on Security and Privacy 2013.
Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure.
In Proceedings of the International World Wide Web Conference (WWW) 2013.
Research Area: Public Key Infrastructures
STRIDE: Sanctuary Trail – Refuge from Internet DDoS Entrapment.
In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2013.
Research Area: Distributed Denial of Service Defenses
Soulmate or Acquaintance? Visualizing Tie Strength for Trust Inference.
In Proceedings of the Workshop on Usable Security (USEC) 2013.
RelationGram: Tie-Strength Visualization for User-Controlled Online Identity Authentication.
In Proceedings of the Financial Cryptography and Data Security 2013.
ReDABLS: Revisiting Device Attestation with Bounded Leakage of Secrets.
In Proceedings of the International Workshop on Security Protocols 2013.
Towards Verifiable Resource Accounting for Outsourced Computation.
In Proceedings of the International Conference on Virtual Execution Environments (VEE) 2013.
2012
Using Trustworthy Host-Based Information in the Network.
In Proceedings of the ACM Workshop on Scalable Trusted Computing (STC) 2012.
OTO: Online Trust Oracle for User-Centric Trust Establishment.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2012.
Transparent Key Integrity (TKI): A Proposal for a Public-Key Validation Infrastructure.
Technical report, Carnegie Mellon University 2012.
Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms.
In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST) 2012.
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems.
In Proceedings of the USENIX Annual Technical Conference (USENIX ATC) 2012.
Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me?.
In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST) 2012.
Secure and Scalable Network Fault Localization under Dynamic Traffic Patterns.
In Proceedings of the IEEE Symposium on Security and Privacy 2012.
CARMA: A Hardware Tamper-Resistant Isolated Execution Environment on Commodity x86 Platforms.
In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2012.
LAP: Lightweight Anonymity and Privacy.
In Proceedings of the IEEE Symposium on Security and Privacy 2012.
Research Area: High-speed Anonymous Communication
Street-Level Trust Semantics for Attribute Authentication.
In Proceedings of the International Workshop on Security Protocols 2012.
ACCessory: Keystroke Inference using Accelerometers on Smartphones.
In Procceedings of Workshop on Mobile Computing Systems and Applications (HotMobile) 2012.
Cyber-Physical Security of a Smart Grid Infrastructure.
In Proceedings of the IEEE 100 (1) 2012.
ACComplice: Location Inference using Accelerometers on Smartphones.
In Proceedings of the International Conference on Communication Systems and Networks (COMSNETS) 2012.
GeoPKI: Converting Spatial Trust into Certificate Trust.
In Proceedings of the European PKI Workshop (EuroPKI) 2012.
ShortMAC: Efficient Data Plane Fault Localization.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2012.
2011
PFS: Probabilistic Filter Scheduling Against Distributed Denial-of-Service Attacks.
In Proceedings of the IEEE Conference on Local Computer Networks (LCN) 2011.
Bootstrapping Trust in Modern Computers.
Publisher: Springer Briefs in Computer Science, 2011.
Uplink Traffic Control in Home 802.11 Wireless Networks.
In Proceedings of the ACM SIGCOMM Workshop on Home Networks (HomeNets) 2011.
A Picture is Worth a Thousand Words: Improving Usability and Robustness of Online Recommendation Systems.
In Proceedings of the IEEE International Conference on Computer Communications and Networks (ICCCN) 2011.
Short Paper: Jamming-Resilient Multipath Routing Leveraging Availability-Based Correlation.
In Proceedings of the ACM Conference on Wireless Network Security (WiSec) 2011.
Efficient and Secure Threshold-based Event Validation for VANETs.
In Proceedings of the ACM Conference on Wireless Network Security (WiSec) 2011.
OMAP:One-way Memory Attestation Protocol for Smart Meters.
In The International Workshop on Smart Grid Security and Communications (SGSC) 2011.
Secure and Efficient Capability-based Power Management in the Smart Grid.
In The International Workshop on Smart Grid Security and Communications (SGSC) 2011.
SCION: Scalability, Control, and Isolation On Next-Generation Networks.
In Proceedings of the IEEE Symposium on Security and Privacy 2011.
Research Area: SCION
Access Right Assignment Mechanisms for Secure Home Networks.
In Journal of Communications and Networks 13 (2) 2011.
XTRec: Secure Real-time Execution Trace Recording on Commodity Platforms.
In Proceedings of the IEEE Hawaii International Conference in System Sciences (HICSS) 2011.
Network Fault Localization with Small TCB.
In Proceedings of the IEEE International Conference on Network Protocols (ICNP) 2011.
VIPER: Verifying the Integrity of Peripherals' Firmware.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2011.
RelationGrams: Tie-Strength Visualization for User-Controlled Online Identity Authentication.
Technical report, Carnegie Mellon University 2011.
Flooding-Resilient Broadcast Authentication for VANETs.
In In Proceedings of the ACM Annual International Conference on Mobile Computing and Networking (MobiCom) 2011.
Secure Distributed Data Aggregation.
In Journal of Foundations and Trends in Databases 3 (3) 2011.
2010
Ho-Po Key: Leveraging Physical Constraints on Human Motion to Authentically Exchange Information in a Group.
Technical report, Carnegie Mellon University 2010.
Correlation-Resilient Path Selection in Multi-Path Routing.
In Proceedings of the IEEE Global Communications Conference (Globecom) 2010.
VANET Alert Endorsement Using Multi-Source Filters.
In Proceedings of the ACM International Workshop on Vehicular Ad Hoc Networks (VANET) 2010.
Challenges in Access Right Assignment for Secure Home Networks.
In Proceedings of the USENIX Workshop on Hot Topics in Security (HotSec) 2010.
Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers.
In Proceedings of the International Cryptology Conference (CRYPTO) 2010.
SBAP: Software-Based Attestation for Peripherals.
In Proceedings of the International Conference on Trust and Trustworthy Computing (Trust) 2010.
Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture.
In Proceedings of the International Conference on Trust and Trustworthy Computing (Trust) 2010.
Bootstrapping Trust in Commodity Computers.
In Proceedings of the IEEE Symposium on Security and Privacy 2010.
More is Less: Denial-of-Service Attacks and Solutions in Many-Core On-Chip Networks..
In Poster at IEEE Symposium on Security and Privacy 2010.
Round-Effcient Broadcast Authentication Protocols for Fixed Topology Classes.
In Proceedings of the IEEE Symposium on Security and Privacy 2010.
TrustVisor: Efficient TCB Reduction and Attestation.
In Proceedings of the IEEE Symposium on Security and Privacy 2010.
Refutation of "On the Difficulty of Software-Based Attestation of Embedded Devices".
2010.
Mobile User Location-specific Encryption (MULE): Using Your Office as Your Password.
In Proceedings of the ACM Conference on Wireless Network Security (WISEC) 2010.
SPATE: Small-Group PKI-Less Authenticated Trust Establishment.
In IEEE Transactions on Mobile Computing 2010.
Dependable Connection Setup for Network Capabilities.
In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2010.
2009
Privacy-Preserving Relationship Path Discovery in Social Networks.
In Proceedings of the International Conference on Cryptology and Network Security (CANS) 2009.
Flexible, Extensible, and Efficient VANET Authentication.
In Journal of Communications and Networks 11 (6) 2009.
A Study of User-Friendly Hash Comparison Schemes.
In Proceedings of the Computer Security Applications Conference (ACSAC) 2009.
The Coremelt Attack.
In Proceedings of the European Symposium on Research in Computer Security (ESORICS) 2009.
SPATE: Small-group PKI-less Authenticated Trust Establishment.
In Proceedings of the Annual International Conference on Mobile Systems, Applications and Services (MobiSys) 2009.
TACKing Together Efficient Authentication, Revocation, and Privacy in VANETs.
In Proceedings of the IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON) 2009.
Centaur: A Hybrid Approach for Reliable Policy-Based Routing.
In Proceedings of the International Conference on Distributed Computing Systems (ICDCS) 2009.
CLAMP: Practical Prevention of Large-Scale Data Leaks.
In Proceedings of the IEEE Symposium on Security and Privacy 2009.
Safe Passage for Passwords and Other Sensitive Data.
In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS) 2009.
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication.
In International Journal of Security and Networks Special Issue on Secure Spontaneous Interaction 4 (1–2) 2009.
2008
Packet-dropping Adversary Identification for Data Plane Security.
In Proceedings of the ACM SIGCOMM International Conference on emerging Networking EXperiments and Technologies (CoNEXT) 2008.
Flexible, Extensible, and Efficient VANET Authentication.
In Proceedings of the Embedded Security in Cars Workshop (ESCAR) 2008.
Efficient Security Primitives Derived from a Secure Aggregation Algorithm.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2008.
GAnGS: Gather Authenticate 'n Group Securely.
In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom) 2008.
Bootstrapping Trust in a "Trusted" Platform.
In Proceedings of the 3rd USENIX Workshop on Hot Topics in Security (HotSec) 2008.
Unidirectional Key Distribution Across Time and Space with Applications to RFID Security.
In Proceedings of the USENIX Security Symposium 2008.
Mechanisms to Provide Integrity in SCADA and PCS devices.
In Proceedings of the International Workshop on Cyber-Physical Systems Challenges and Applications (CPS-CA) 2008.
Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing.
In Proceedings of the USENIX Annual Technical Conference (USENIX ATC) 2008.
SAKE: Software Attestation for Key Establishment in Sensor Networks.
In Proceedings of the International Conference on Distributed Computing in Sensor Systems (DCOSS) 2008.
Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking.
In ACM SIGOPS Operating System Review (Special Issue on Computer Forensics) 2008.
Flicker: An Execution Infrastructure for TCB Minimization.
In Proceedings of the ACM European Conference in Computer Systems (EuroSys) 2008.
Mind Your Manners: Socially Appropriate Wireless Key Establishment for Groups.
In Proceedings of the First ACM Conference on Wireless Network Security (WiSec '08) 2008.
SNAPP: Stateless Network-Authenticated Path Pinning.
In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2008.
How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution.
In Proceedings of the ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2008.
Countermeasures against Government-Scale Monetary Forgery.
In Proceedings of the Financial Cryptography and Data Security 12th International Conference 2008.
Securing User-controlled Routing Infrastructures.
In IEEE/ACM Transactions on Networking 16 (3) 2008.
2007
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2007.
Don't Sweat Your Privacy: Using Humidity to Detect Human Presence.
In Proceedings of the International Workshop on Privacy in UbiComp (UbiPriv) 2007.
Efficient Mechanisms to Provide Convoy Member and Vehicle Sequence Authentication in VANETs.
In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm) 2007.
Turtles All The Way Down: Research Challenges in User-Based Attestation.
In Proceedings of the Workshop on Hot Topics in Security (HotSec) 2007.
Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks.
In Proceedings of the ACM SIGCOMM 2007.
Minimal TCB Code Execution (Extended Abstract).
In Proceedings of the IEEE Symposium on Security and Privacy 2007.
Multi-Dimensional Range Query over Encrypted Data.
In IEEE Symposium on Security and Privacy 2007.
MiniSec: A Secure Sensor Network Communication Architecture.
In Proceedings of the IEEE International Conference on Information Processing in Sensor Networks (IPSN) 2007.
BASE: An Incrementally Deployable Mechanism for Viable IP Spoofing Prevention.
In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2007.
Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup.
In Usable Security (USEC) 2007.
PRISM: Enabling Personal Verification of Code Integrity, Untampered Execution, and Trusted I/O on Legacy Systems or Human-Verifiable Code Execution.
Technical report, CyLab 2007.
Rapid Trust Establishment for Pervasive Personal Computing.
In IEEE Pervasive Computing 6 (4) 2007.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems.
Chapter in Malware Detection (Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, Cliff Wang, eds.) 2007.
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes.
In Proceedings of the ACM Conference on Operating Systems Principles (SOSP) 2007.
Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes.
In Proceedings of the ACM Conference on Embedded Networked Sensor System (SenSys) 2007.
SIA: Secure Information Aggregation in Sensor Networks.
In Journal of Computer Security (Special Issue on Security of Ad Hoc and Sensor Networks) 15 (1) 2007.
2006
Secure Sensor Network Routing: A Clean-Slate Approach.
In Proceedings of the Conference on Future Networking Technologies (CoNEXT) 2006.
(R)Evolutionary Bootstrapping of a Global PKI for Securing BGP.
In Fifth Workshop on Hot Topics in Networks (HotNets-V) 2006.
Seven Cardinal Properties of Sensor Network Broadcast Authentication.
In Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2006) 2006.
Secure Hierarchical In-network Aggregation for Sensor Networks.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2006.
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense.
In IEEE Journal on Selected Areas in Communications 24 (10) 2006.
SCUBA: Secure Code Update By Attestation in Sensor Networks.
In Proceedings of the ACM Workshop on Wireless Security (WiSe) 2006.
Externally Verifiable Code Execution.
In Communications of the ACM 49 (9) 2006.
Modeling Adoptability of Secure BGP Protocols.
In Proceedings of the ACM SIGCOMM 2006.
A Distributed Stealthy Coordination Mechanism for Worm Synchronization.
In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm) 2006.
Human Selection of Mnemonic Phrase-based Passwords.
In Proceedings of the Symposium on Usable Privacy and Security (SOUPS) 2006.
Bump in the Ether: A Framework for Securing Sensitive User Input.
In Proceedings of the USENIX Annual Technical Conference (USENIX ATC) 2006.
FastPass: Providing First-Packet Delivery.
Technical report, CyLab 2006.
Phoolproof Phishing Prevention.
In Proceedings of the International Conference on Financial Cryptography and Data Security (FC) 2006.
OverDoSe: A Generic DDoS Protection Service Using an Overlay Network.
Technical report, Computer Science Department, Carnegie Mellon University 2006.
Designing an Evaluation Method for Security User Interfaces: Lessons from Studying Secure Wireless Network Configuration.
In ACM Interactions 13 (3) 2006.
Browser Enhancements for Preventing Phishing Attacks.
Chapter in Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft (Markus Jakobsson, Steven Myers, eds.) 2006.
2005
Challenges in Securing Vehicular Networks.
In Proceedings of the Workshop on Hot Topics in Networks (HotNets-IV) 2005.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems.
In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP) 2005.
A Clean-Slate Design for the Next-Generation Secure Internet.
Pittsburgh, PA: Report for NSF Global Environment for Network Innovations (GENI) workshop 2005.
Efficient Constructions for One-way Hash Chains.
In Applied Cryptography and Network Security (ACNS) 2005.
Using Clustering Information for Sensor Network Localization.
In Proceedings of the IEEE Conference on Distributed Computing in Sensor Systems (DCOSS 2005) 2005.
Distributed Detection of Node Replication Attacks in Sensor Networks.
In Proceedings of the IEEE Symposium on Security and Privacy 2005.
BIND: A Fine-grained Attestation Service for Secure Distributed Systems.
In Proceedings of the IEEE Symposium on Security and Privacy 2005.
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication.
In Proceedings of the IEEE Symposium on Security and Privacy 2005.
Detection of Denial-of-Message Attacks on Sensor Network Broadcasts.
In Proceedings of the IEEE Symposium on Security and Privacy 2005.
NATBLASTER: Establishing TCP Connections Between Hosts Behind NATs.
In Proceedings of the ACM SIGCOMM ASIA Workshop 2005.
FIT: Fast Internet Traceback.
In Proceedings of the IEEE Infocom 2005.
PIKE: Peer Intermediaries for Key Establishment in Sensor Networks.
In Proceedings of the IEEE Infocom 2005.
FANFARE for the Common Flow.
Technical report, CyLab 2005.
Empowering Ordinary Consumers to Securely Configure their Mobile Devices and Wireless Networks.
Technical report, CyLab 2005.
Wormhole Attacks in Wireless Networks.
In IEEE Journal on Selected Areas in Communications (JSAC) 2005.
Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks.
In Wireless Networks Journal 11 (1) 2005.
On the Distribution and Revocation of Cryptographic Keys in Sensor Networks.
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2 (3) 2005.
2004
Designing Secure Sensor Networks.
In Wireless Communication Magazine 11 (6) 2004.
Using SWATT for Verifying Embedded Systems in Cars.
In Proceedings of the Embedded Security in Cars Workshop (ESCAR) 2004.
Key Infection: Smart Trust for Smart Dust.
In Proceedings of the IEEE International Conference on Network Protocols (ICNP) 2004.
SPV: Secure Path Vector Routing for Securing BGP.
In Proceedings of the ACM SIGCOMM 2004.
SWATT: Software-based Attestation for Embedded Devices.
In Proceedings of the IEEE Symposium on Security and Privacy 2004.
SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks.
In Proceedings of the IEEE Symposium on Security and Privacy 2004.
The Sybil Attack in Sensor Networks: Analysis and Defenses.
In Proceedings of the IEEE International Conference on Information Processing in Sensor Networks (IPSN) 2004.
Distillation Codes and Applications to DoS Resistant Multicast Authentication.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2004.
ACE: An Emergent Algorithm for Highly Uniform Cluster Formation.
In Proceedings of the European Workshop on Wireless Sensor Networks (EWSN) 2004.
A Survey of Secure Wireless Ad Hoc Routing.
In IEEE Security & Privacy 2 (3) 2004.
Taming IP Packet Flooding Attacks.
In ACM SIGCOMM Computer Communication Review 34 (1) 2004.
2003
Taming IP Packet Flooding Attacks.
In Proceedings of the Workshop on Hot Topics in Networks (HotNets-II) 2003.
SIA: Secure Information Aggregation in Sensor Networks.
In Proceedings of the ACM SenSys 2003.
Security and Privacy in Sensor Networks.
In IEEE Computer Magazine 2003.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols.
In Proceedings of the ACM Workshop on Wireless Security (WiSe) 2003.
Opportunistic Use of Content Addressable Storage for Distributed File Systems.
In Proceedings of the USENIX Annual Technical Conference (USENIX ATC) 2003.
Random Key Predistribution Schemes for Sensor Networks.
In Proceedings of the IEEE Symposium on Security and Privacy 2003.
Pi: A Path Identification Mechanism to Defend against DDoS Attacks.
In Proceedings of the IEEE Symposium on Security and Privacy 2003.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks.
In Proceedings of the IEEE Infocomm 2003.
Efficient Security Mechanisms for Routing Protocols.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2003.
SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks.
In Journal of Ad Hoc Networks 1 (1) 2003.
2002
SPINS: Security Protocols for Sensor Networks.
In Journal of Wireless Networks 8 (5) 2002.
Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks.
In Proceedings of the ACM International Conference on Mobile Computing and Networking (Mobicom) 2002.
Secure Efficient Distance Vector Routing in Mobile Wireless Ad Hoc Networks.
In Proceedings of the IEEE Workshop on Mobile Computing Systems and Applications (WMCSA) 2002.
New Directions for User Authentication: Reflex instead of Reflection.
In Workshop on Human Interactive Proofs 2002.
The TESLA Broadcast Authentication Protocol.
In RSA CryptoBytes 5 (Summer) 2002.
2001
The BiBa One-Time Signature and Broadcast Authentication Protocol.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2001.
SPINS: Security Protocols for Sensor Networks.
In Seventh Annual International Conference on Mobile Computing and Networks (MobiCom) 2001.
AGVI — Automatic Generation, Verification, and Implementation of Security Protocols.
In Proceedings of the Conference on Computer Aided Verification (CAV) 2001.
Communication-Efficient Group Key Agreement.
In International Federation for Information Processing (IFIP SEC) 2001.
ELK, a New Protocol for Efficient Large-Group Key Distribution.
In Proceedings of the IEEE Symposium on Security and Privacy 2001.
SAM: A Flexible and Secure Auction Architecture Using Trusted Hardware.
In First International Workshop on Internet Computing and E-Commerce (ICEC'01) 2001.
Advanced and authenticated marking schemes for IP traceback.
In IEEE Infocom 2001.
Efficient and Secure Source Authentication for Multicast.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2001.
2000
Déjà Vu: A User Study, Using Images for Authentication.
In Proceedings of the USENIX Security Symposium 2000.
Looking for Diamonds in the Desert — Extending Automatic Protocol Generation to Three-Party Authentication and Key Agreement Protocols.
In Proceedings of the Computer Security Foundations Workshop (CSFW) 2000.
Practical Techniques for Searches on Encrypted Data.
In Proceedings of the IEEE Symposium on Security and Privacy 2000.
Efficient Authentication and Signing of Multicast Streams over Lossy Channels.
In IEEE Symposium on Security and Privacy 2000.
A First Step towards the Automatic Generation of Security Protocols.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2000.
Simple and fault-tolerant key agreement for dynamic collaborative groups.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2000.
1999
Hash Visualization: A New Technique to Improve Real-World Security.
In Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC) 1999.
Efficient Collaborative Key Management Protocols for Secure Autonomous Group Communication.
In Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC) 1999.