Recent Publications

DBLP and scholar profiles.

2021


Let's Downgrade Let's Encrypt

Tianxiang Dai, Haya Shulman and Michael Waidner

ACM SIGSAG Conference on Computer and Communications Security (ACM CCS), Seoul, South Korea, November 2021.

Black Hat USA, August 2021

In Media:

Researchers crack new Let's Encrypt validation feature (techtarget.com)

Downgrade attack against Let's Encrypt lowers the bar for printing fraudulent SSL certificates

Downgrade-Angriff gegen Let’s Encrypt reduziert den Druck betrügerischer SSL-Zertifikate


Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS

Philipp Jeitner and Haya Shulman

30th USENIX Security Symposium (USENIX Security), Virtual conference, August 2021.

Project page

Presented at NANOG83


The Hijackers Guide to the Galaxy: Off-Path Taking Over Internet Resources

Tianxiang Dai, Philipp Jeitner, Haya Shulman and Michael Waidner

30th USENIX Security Symposium (USENIX Security), Virtual conference, August 2021.

Presented at NANOG83


From IP to Transport and Beyond: Cross Layer Attacks Against Applications

Tianxiang Dai and Philipp Jeitner, Haya Shulman and Michael Waidner

ACM SIGCOMM, Virtual conference, August 2021.


Privacy Preserving and Resilient RPKI

Krish Shrishak and Haya Shulman

IEEE International Conference on Computer Communications (INFOCOM), Virtual conference, 2021.


SMap: Internet-Wide Scanning for Spoofing

Tianxiang Dai and Haya Shulman

ACM Annual Computer Security Applications Conference (ACM ACSAC), Virtual conference, December 2021.


The Master and Para-site Attack

Lukas Baumann, Elias Heftrig, Haya Shulman and Michael Waidner

IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), June 2021.


DNS-over-TCP Considered Vulnerable

Tianxiang Dai, Haya Shulman and Michael Waidner

Proceedings of the Applied Networking Research Workshop (ANRW), July 2021.

2020


DISCO: Sidestepping RPKI's Deployment Barriers

Tomas Hlavacek, Italo Cunha, Yossi Gilad, Amir Herzberg, Ethan Katz-Bassett, Michael Schapira, Haya Shulman

NDSS 2020



Securing DNSSEC Keys via Threshold ECDSA from Generic MPC

Anders P.K. Dalskov, Claudio Orlandi, Marcel Keller, Kris Shrishak, Haya Shulman

ESORICS 2020


The Impact of DNS Insecurity on Time

Philipp Jeitner, Haya Shulman and Michael Waidner

IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), June 2020.


2018

Domain Validation ++ for MitM-Resilient PKI

Markus Brandt, Tianxiang Dai, Amit Klein, Haya Shulman and Michael Waidner

ACM SIGSAG Conference on Computer and Communications Security (ACM CCS), Toronto, Canada, October 2018.

Media:

Heise.de

ITmagazine.ch

Neue Zürcher Zeitung

The Register

InfoSecurity

IT Security News

Softpedia

The SSL store

LinuxIDC

SecurityLab.ru

Practical Experience: Methodologies for Measuring Route Origin Validation

Tomas Hlavacek, Amir Herzberg, Haya Shulman and Michael Waidner

IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), Luxembourg, June 2018.

Path MTU Discovery Considered Harmful

Matthias Göhring, Haya Shulman and Michael Waidner

The 38th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS), Wien, Austria, July 2018.

2017

Poster: X-Ray Your DNS

Amit Klein, Vladimir Kravtsov, Alon Perlmuter, Haya Shulman and Michael Waidner

ACM CCS, Dallas, TX, USA, October 2017.

Tool:

DNS X-Ray

Authentication Bypass Vulnerabilities in SOHO Routers

Nadav Rotenberg and Haya Shulman and Michael Waidner and Benjamin Seltzer

ACM SIGCOMM Posters and Demos, LA, CA, USA, August 2017.

Counting in the Dark: Caches Discovery and Enumeration in the Internet

Amit Klein and Haya Shulman and Michael Waidner

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, USA, June 2017.

One Key to Sign Them All Considered Vulnerable: Evaluation of DNSSEC in Signed Domains

Haya Shulman and Michael Waidner

The 14th USENIX Symposium on Networked SystemsDesign and Implementation (NSDI), Boston, MA, USA, March 2017.

Internet-Wide Study of DNS Cache Injections

Amit Klein and Haya Shulman and Michael Waidner

IEEE International Conference on Computer Communications (INFOCOM), Atlanta, GA, USA, May 2017.

Are We There Yet? On RPKIs Deployment and Security

Avichai Cohen and Yossi Gilad and Amir Herzberg and Michael Schapira and Haya Shulman

Network and Distributed Systems Security (NDSS), San Diego, CA, USA, February 2017.

Tool:

ROAlert.org

2016

Measuring DNSSEC Pitfalls

Tianxiang Dai and Haya Shulman and Michael Waidner

Cryptlogy and Network Security (CANS), Milano, Italy, November 2017.

Tool:

DNSSEC Misconfigurations

Evaluating Misconfigurations in Naming Infrastructure

Haya Shulman and Michael Waidner

In Traffic Monitoring and Analysis (TMA), Louvain La Neuve, Belgium, April 2016.

Critical Review of Software Protection with Minimal Hardware

Amir Herzberg and Haya Shulman and Michael Waidner

International Conference on Software Science, Technology and Engineering (SWSTE), Beer Sheva, Israel 2016

Stratum Filtering: Cloud-Based Detection of Attack Sources

Amir Herzberg and Haya Shulman and Michael Waidner

ACM Cloud Computing Security Workshop (CCSW), Vienna, Austria, October 2016

Towards Automated Measurements of Internets Naming Infrastructure

Andreas Borgwart and Haya Shulman and Michael Waidner

International Conference on Software Science, Technology and Engineering (SWSTE), Beer Sheva, Israel 2016

Obfuscation Combiners

Marc Fischlin and Amir Herzberg and Hon Bin Noon and Haya Shulman

International Cryptology Conference (CRYPTO), Santa Barbara, CA, USA, August 2016

NetCo: Reliable Routing with Unreliable Routers

Anja Feldmann, Philipp Heyder, Michael Kreutzer, Stefan Schmid, Jean-Pierre Seifert and Haya Shulman and Kashyap Thimmaraju and Michael Waidner and Jens Sieberg

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Workshops, Toulouse, France, July 2016

2015

Towards Security of Internet's Naming Infrastructure

Haya Shulman and Michael Waidner

European Symposium on Research in Computer Security (ESORICS), Wien, Österreich, September 2015.

Detection and Forensics of Domains Hijacking

Andreas Borgwart and Spyros Boukoros and Haya Shulman and Carel van Royeen and Michael Waidner

IEEE Global Communications Conference (Globecom), San Diego, CA, USA, December 2015.

Cipher-Suite Negotiation for DNSSEC: Hop-by-Hop or End-to-End?

IEEE Internet Computing, 2015

Amir Herzberg and Haya Shulman

Refereed Conference Publications (2014)

Pretty Bad Privacy: Pitfalls of DNS Encryption

Haya Shulman

Workshop on Privacy in the Electronic Society (WPES), collocated with ACM Conference on Computer and Communications Security (ACM CCS), Arizona, U.S., November 2014.

Awarded an 2015 IETF/IRTF Applied Networking Research Prize.

Poster: On the Resilience of DNS Infrastructure

Haya Shulman and Shiran Ezra

ACM Conference on Computer and Communications Security (ACM CCS), Arizona, U.S., November 2014.

DNS Authentication as a Service Against Amplification Attacks

Amir Herzberg and Haya Shulman

ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., December 2014.

Less is More: Cipher-Suite Negotiation for DNSSEC

Amir Herzberg, Haya Shulman and Bruno Crispo

ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., December 2014.

Negotiating DNSSEC Algorithms Over Legacy Proxies

Amir Herzberg and Haya Shulman

International Conference on Cryptology and Network Security (CANS), Crete, Greece, October 2014.

Fragmentation Considered Leaking: Port Inference for DNS Poisoning

Haya Shulman and Michael Waidner

International Conference on Applied Cryptography and Network Security (ACNS), Lausanne, Switzerland, June 2014.

Towards Forensic Analysis of Attacks with DNSSEC

Haya Shulman and Michael Waidner

International Workshop on Cyber Crime (IWCC), collocated with IEEE Symposium on Security and Privacy, CA, U.S., May 2014.

DNS Security: Past, Present and Future

Amir Herzberg and Haya Shulman

Future Security Conference, Berlin, Germany, September 2014.

Refereed Journal Publications (2014)

Off-Path Hacking: The Illusion of Challenge-Response Authentication [paper]

IEEE Security and Privacy (IEEE S&P), 2014

Yossi Gilad and Amir Herzberg and Haya Shulman

arXiv.org e-Print archive

Ethical Considerations When Employing Fake Identities for Research in OSN [paper]

Journal of Science and Engineering Ethics (JSEE), 2014

Yuval Elovici and Michael Fire and Amir Herzberg and Haya Shulman

Retrofitting Security into Network Protocols: the Case of DNSSEC

IEEE Internet Computing, 2014

Amir Herzberg and Haya Shulman

DNSSEC for Cyber Forensics

EURASIP Journal of Information Security, 2014

Haya Shulman and Michael Waidner

Refereed Conference Publications (2013)

Socket Overloading for Fun and Cache Poisoning [paper,BibTeX]

Amir Herzberg and Haya Shulman

ACM Annual Computer Security Applications Conference (ACM ACSAC), New Orleans, Louisiana, U.S., December 2013.

Cloudoscopy: Services Discovery and Topology Mapping [paper,BibTeX]

Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar Weippl

ACM Cloud Computing Security Workshop (ACM CCSW), Berlin, Germany, November 2013.

Fragmentation Considered Poisonous: or one-domain-to-rule-them-all.org [paper (old version),paper, BibTeX]

Amir Herzberg and Haya Shulman

IEEE Conference on Communications and Network Security (IEEE CNS), Washington, D.C., U.S., October 2013.

DNSSEC: Security and Availability Challenges [paper, poster, BibTeX]

Amir Herzberg and Haya Shulman

IEEE Conference on Communications and Network Security (IEEE CNS) [poster session], Washington, D.C., U.S., October 2013.

Provenance of Exposure: Identifying Sources of Leaked Documents [poster, BibTeX]

Christian Collberg and Aaron Gibson and Amir Herzberg and Sam Martin and Nitin Shinde and Haya Shulman

IEEE Conference on Communications and Network Security (IEEE CNS) [poster session], Washington, D.C., U.S., October 2013.

Vulnerable Delegation of DNS Resolution [paper,BibTeX]

Amir Herzberg and Haya Shulman

European Symposium on Research in Computer Security (ESORICS), London, U.K., September 2013.

DNSSEC: Interoperability Challenges and Transition Mechanisms [BibTeX]

Amir Herzberg and Haya Shulman

IEEE International Conference on Availability, Reliability and Security (IEEE ARES), Regensburg, Germany, September 2013.

Limiting MitM to MitE Covert-Channels [BibTeX]

Amir Herzberg and Haya Shulman

IEEE International Conference on Availability, Reliability and Security (IEEE ARES), Regensburg, Germany, September 2013.

Refereed Journal Publications (2013)

Oblivious and Fair Server-Aided Two-Party Computation [paper,BibTeX]

Amir Herzberg and Haya Shulman

Elsevier Information Security Technical Report, 2013