Description |
Providing Secure Internet Services with Insecure Infrastructure
Yixin SunPrinceton University, PhD Candidate, CE
Faculty Host:Maunel Egele
Refreshments at 11:00 AM
Abstract:The insecurity of Internet services can lead to disastrous consequences – confidential communications can be monitored, financial information can be stolen, and our critical Internet infrastructure can be crippled. However, many prior works on Internet services only focus on the security of an individual network layer in isolation, whereas the adversaries do quite the opposite – they look for opportunities to exploit the interactions across heterogeneous components and layers to compromise the system security. This gap leaves the privacy and security of billions of users as well as our critical infrastructure at risk.
I aim to bridge this gap to build privacy-preserving and secure Internet services. In this talk, I will focus on two Internet services, the Tor network and the Public Key Infrastructure. I have uncovered new vulnerabilities in these services by taking a cross-layer approach to exploit the interdependencies across different network layers. I have demonstrated attacks in the wild (ethically) to evaluate the real effects of vulnerabilities. Consequently, I have built practical defenses that have received real-world deployment by the Tor Project which serves millions of users, and Let's Encrypt which is the world's largest Certificate Authority that has issued hundreds of millions of digital certificates.
Bio: Yixin Sun is a PhD candidate in Computer Science at Princeton University (expected 2019). Previously, Yixin received her Bachelor's degree in Computer Science and Math from the University of Virginia. |