The Internet has become a hostile place for users’ traffic. Network-based actors, including ISPs and governments, increasingly practice sophisticated forms of censorship, content injection, and traffic throttling, as well as surveillance and other privacy violations. My work attempts to expose these threats and develop technologies to better safeguard users. Detecting and defending against adversarial networks is challenging, especially at global scale, due to the Internet’s vast size and heterogeneity, the powerful capabilities of in-network threat actors, and the lack of ground-truth on the counterfactual traffic that would exist in the absence of interference. Overcoming these challenges requires new techniques and systems, both for collecting and interpreting evidence of hostile networks and for building defensive tools that effectively meet user needs.

In this talk, I’ll first cover my approach to monitoring Internet censorship. I introduced an entirely new family of censorship measurement techniques, based on network side-channels, that can remotely detect censorship events occurring between distant pairs of network locations. To overcome the systems and data science challenges of operating these techniques and synthesizing their results into a holistic view of online censorship, my students and I created Censored Planet, a censorship observatory that continuously tests the reachability of thousands of popular or sensitive sites from over 100,000 vantage points in 221 countries. Next, I’ll discuss our efforts to understand and defend the consumer VPN ecosystem. Although millions of end-users rely on VPNs to protect their privacy and security, this multibillion-dollar industry includes numerous snakeoil products, is laxly regulated, and remains severely understudied. To address this, my lab created VPNalyzer, a project that aims to bring transparency and better security to consumer VPNs. Our work includes a cross-platform test suite that crowd-sources VPN security testing, coupled with large-scale user studies that aim to understand the needs and threat models of VPN users.

View More Papers

Reconciling the Hacker Spirit

Yan Shoshitaishvili (Arizona State University)

Read More

BinaryInferno: A Semantic-Driven Approach to Field Inference for Binary...

Jared Chandler (Tufts University), Adam Wick (Fastly), Kathleen Fisher (DARPA)

Read More

Attacks as Defenses: Designing Robust Audio CAPTCHAs Using Attacks...

Hadi Abdullah (Visa Research), Aditya Karlekar (University of Florida), Saurabh Prasad (University of Florida), Muhammad Sajidur Rahman (University of Florida), Logan Blue (University of Florida), Luke A. Bauer (University of Florida), Vincent Bindschaedler (University of Florida), Patrick Traynor (University of Florida)

Read More

VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search

Zhenhao Luo (College of Computer, National University of Defense Technology), Pengfei Wang (College of Computer, National University of Defense Technology), Baosheng Wang (College of Computer, National University of Defense Technology), Yong Tang (College of Computer, National University of Defense Technology), Wei Xie (College of Computer, National University of Defense Technology), Xu Zhou (College of Computer,…

Read More