Recent Publications
2021
Let's Downgrade Let's Encrypt
Tianxiang Dai, Haya Shulman and Michael Waidner
ACM SIGSAG Conference on Computer and Communications Security (ACM CCS), Seoul, South Korea, November 2021.
Black Hat USA, August 2021
In Media:
Researchers crack new Let's Encrypt validation feature (techtarget.com)
Downgrade attack against Let's Encrypt lowers the bar for printing fraudulent SSL certificates
Downgrade-Angriff gegen Let’s Encrypt reduziert den Druck betrügerischer SSL-Zertifikate
Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS
Philipp Jeitner and Haya Shulman
30th USENIX Security Symposium (USENIX Security), Virtual conference, August 2021.
The Hijackers Guide to the Galaxy: Off-Path Taking Over Internet Resources
Tianxiang Dai, Philipp Jeitner, Haya Shulman and Michael Waidner
30th USENIX Security Symposium (USENIX Security), Virtual conference, August 2021.
From IP to Transport and Beyond: Cross Layer Attacks Against Applications
Tianxiang Dai and Philipp Jeitner, Haya Shulman and Michael Waidner
ACM SIGCOMM, Virtual conference, August 2021.
Privacy Preserving and Resilient RPKI
Krish Shrishak and Haya Shulman
IEEE International Conference on Computer Communications (INFOCOM), Virtual conference, 2021.
SMap: Internet-Wide Scanning for Spoofing
Tianxiang Dai and Haya Shulman
ACM Annual Computer Security Applications Conference (ACM ACSAC), Virtual conference, December 2021.
The Master and Para-site Attack
Lukas Baumann, Elias Heftrig, Haya Shulman and Michael Waidner
IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), June 2021.
DNS-over-TCP Considered Vulnerable
Tianxiang Dai, Haya Shulman and Michael Waidner
Proceedings of the Applied Networking Research Workshop (ANRW), July 2021.
2020
DISCO: Sidestepping RPKI's Deployment Barriers
Tomas Hlavacek, Italo Cunha, Yossi Gilad, Amir Herzberg, Ethan Katz-Bassett, Michael Schapira, Haya Shulman
NDSS 2020
Securing DNSSEC Keys via Threshold ECDSA from Generic MPC
Anders P.K. Dalskov, Claudio Orlandi, Marcel Keller, Kris Shrishak, Haya Shulman
ESORICS 2020
The Impact of DNS Insecurity on Time
Philipp Jeitner, Haya Shulman and Michael Waidner
IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), June 2020.
2018
Domain Validation ++ for MitM-Resilient PKI
Markus Brandt, Tianxiang Dai, Amit Klein, Haya Shulman and Michael Waidner
ACM SIGSAG Conference on Computer and Communications Security (ACM CCS), Toronto, Canada, October 2018.
Media:
Practical Experience: Methodologies for Measuring Route Origin Validation
Tomas Hlavacek, Amir Herzberg, Haya Shulman and Michael Waidner
IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), Luxembourg, June 2018.
Path MTU Discovery Considered Harmful
Matthias Göhring, Haya Shulman and Michael Waidner
The 38th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS), Wien, Austria, July 2018.
2017
Poster: X-Ray Your DNS
Amit Klein, Vladimir Kravtsov, Alon Perlmuter, Haya Shulman and Michael Waidner
ACM CCS, Dallas, TX, USA, October 2017.
Tool:
Authentication Bypass Vulnerabilities in SOHO Routers
Nadav Rotenberg and Haya Shulman and Michael Waidner and Benjamin Seltzer
ACM SIGCOMM Posters and Demos, LA, CA, USA, August 2017.
Counting in the Dark: Caches Discovery and Enumeration in the Internet
Amit Klein and Haya Shulman and Michael Waidner
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, USA, June 2017.
One Key to Sign Them All Considered Vulnerable: Evaluation of DNSSEC in Signed Domains
Haya Shulman and Michael Waidner
The 14th USENIX Symposium on Networked SystemsDesign and Implementation (NSDI), Boston, MA, USA, March 2017.
Internet-Wide Study of DNS Cache Injections
Amit Klein and Haya Shulman and Michael Waidner
IEEE International Conference on Computer Communications (INFOCOM), Atlanta, GA, USA, May 2017.
Are We There Yet? On RPKIs Deployment and Security
Avichai Cohen and Yossi Gilad and Amir Herzberg and Michael Schapira and Haya Shulman
Network and Distributed Systems Security (NDSS), San Diego, CA, USA, February 2017.
Tool:
2016
Measuring DNSSEC Pitfalls
Tianxiang Dai and Haya Shulman and Michael Waidner
Cryptlogy and Network Security (CANS), Milano, Italy, November 2017.
Tool:
Evaluating Misconfigurations in Naming Infrastructure
Haya Shulman and Michael Waidner
In Traffic Monitoring and Analysis (TMA), Louvain La Neuve, Belgium, April 2016.
Critical Review of Software Protection with Minimal Hardware
Amir Herzberg and Haya Shulman and Michael Waidner
International Conference on Software Science, Technology and Engineering (SWSTE), Beer Sheva, Israel 2016
Stratum Filtering: Cloud-Based Detection of Attack Sources
Amir Herzberg and Haya Shulman and Michael Waidner
ACM Cloud Computing Security Workshop (CCSW), Vienna, Austria, October 2016
Towards Automated Measurements of Internets Naming Infrastructure
Andreas Borgwart and Haya Shulman and Michael Waidner
International Conference on Software Science, Technology and Engineering (SWSTE), Beer Sheva, Israel 2016
Obfuscation Combiners
Marc Fischlin and Amir Herzberg and Hon Bin Noon and Haya Shulman
International Cryptology Conference (CRYPTO), Santa Barbara, CA, USA, August 2016
NetCo: Reliable Routing with Unreliable Routers
Anja Feldmann, Philipp Heyder, Michael Kreutzer, Stefan Schmid, Jean-Pierre Seifert and Haya Shulman and Kashyap Thimmaraju and Michael Waidner and Jens Sieberg
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Workshops, Toulouse, France, July 2016
2015
Towards Security of Internet's Naming Infrastructure
Haya Shulman and Michael Waidner
European Symposium on Research in Computer Security (ESORICS), Wien, Österreich, September 2015.
Detection and Forensics of Domains Hijacking
Andreas Borgwart and Spyros Boukoros and Haya Shulman and Carel van Royeen and Michael Waidner
IEEE Global Communications Conference (Globecom), San Diego, CA, USA, December 2015.
Cipher-Suite Negotiation for DNSSEC: Hop-by-Hop or End-to-End?
IEEE Internet Computing, 2015
Amir Herzberg and Haya Shulman
Refereed Conference Publications (2014)
Pretty Bad Privacy: Pitfalls of DNS Encryption
Haya Shulman
Workshop on Privacy in the Electronic Society (WPES), collocated with ACM Conference on Computer and Communications Security (ACM CCS), Arizona, U.S., November 2014.
Awarded an 2015 IETF/IRTF Applied Networking Research Prize.
Poster: On the Resilience of DNS Infrastructure
Haya Shulman and Shiran Ezra
ACM Conference on Computer and Communications Security (ACM CCS), Arizona, U.S., November 2014.
DNS Authentication as a Service Against Amplification Attacks
Amir Herzberg and Haya Shulman
ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., December 2014.
Less is More: Cipher-Suite Negotiation for DNSSEC
Amir Herzberg, Haya Shulman and Bruno Crispo
ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., December 2014.
Negotiating DNSSEC Algorithms Over Legacy Proxies
Amir Herzberg and Haya Shulman
International Conference on Cryptology and Network Security (CANS), Crete, Greece, October 2014.
Fragmentation Considered Leaking: Port Inference for DNS Poisoning
Haya Shulman and Michael Waidner
International Conference on Applied Cryptography and Network Security (ACNS), Lausanne, Switzerland, June 2014.
Towards Forensic Analysis of Attacks with DNSSEC
Haya Shulman and Michael Waidner
International Workshop on Cyber Crime (IWCC), collocated with IEEE Symposium on Security and Privacy, CA, U.S., May 2014.
DNS Security: Past, Present and Future
Amir Herzberg and Haya Shulman
Future Security Conference, Berlin, Germany, September 2014.
Refereed Journal Publications (2014)
Off-Path Hacking: The Illusion of Challenge-Response Authentication [paper]
IEEE Security and Privacy (IEEE S&P), 2014
Yossi Gilad and Amir Herzberg and Haya Shulman
Ethical Considerations When Employing Fake Identities for Research in OSN [paper]
Journal of Science and Engineering Ethics (JSEE), 2014
Yuval Elovici and Michael Fire and Amir Herzberg and Haya Shulman
Retrofitting Security into Network Protocols: the Case of DNSSEC
IEEE Internet Computing, 2014
Amir Herzberg and Haya Shulman
DNSSEC for Cyber Forensics
EURASIP Journal of Information Security, 2014
Haya Shulman and Michael Waidner
Refereed Conference Publications (2013)
Socket Overloading for Fun and Cache Poisoning [paper,BibTeX]
Amir Herzberg and Haya Shulman
ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., December 2013.
Cloudoscopy: Services Discovery and Topology Mapping [paper,BibTeX]
Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar Weippl
ACM Cloud Computing Security Workshop (ACM CCSW), Berlin, Germany, November 2013.
Fragmentation Considered Poisonous: or one-domain-to-rule-them-all.org [paper (old version),paper, BibTeX]
Amir Herzberg and Haya Shulman
IEEE Conference on Communications and Network Security (IEEE CNS), Washington, D.C., U.S., October 2013.
DNSSEC: Security and Availability Challenges [paper, poster, BibTeX]
Amir Herzberg and Haya Shulman
IEEE Conference on Communications and Network Security (IEEE CNS) [poster session], Washington, D.C., U.S., October 2013.
Provenance of Exposure: Identifying Sources of Leaked Documents [poster, BibTeX]
Christian Collberg and Aaron Gibson and Amir Herzberg and Sam Martin and Nitin Shinde and Haya Shulman
IEEE Conference on Communications and Network Security (IEEE CNS) [poster session], Washington, D.C., U.S., October 2013.
Vulnerable Delegation of DNS Resolution [paper,BibTeX]
Amir Herzberg and Haya Shulman
European Symposium on Research in Computer Security (ESORICS), London, U.K., September 2013.
DNSSEC: Interoperability Challenges and Transition Mechanisms [BibTeX]
Amir Herzberg and Haya Shulman
IEEE International Conference on Availability, Reliability and Security (IEEE ARES), Regensburg, Germany, September 2013.
Limiting MitM to MitE Covert-Channels [BibTeX]
Amir Herzberg and Haya Shulman
IEEE International Conference on Availability, Reliability and Security (IEEE ARES), Regensburg, Germany, September 2013.
Refereed Journal Publications (2013)
Oblivious and Fair Server-Aided Two-Party Computation [paper,BibTeX]
Amir Herzberg and Haya Shulman