Secure Internet Infrastructure

The Internet is the biggest and most complex communication network and, as such, the largest IT infrastructure worldwide.
Routing protocols provide help in reacting to unpredictable events such as to handling link and node failures. Besides this highly useful feature of securing the Internet’s availability as critical infrastructure, the path selection may, however, such as by deliberately redirecting data packets via specific Internet nodes in order to access content and read or modify it.
Weaknesses or non-existent security features of the underlying protocol for Internet path selection (Border Gateway Protocol) are being exploited to reroute data traffic on the Internet. In the flagship project “Secure Internet Infrastructures”, new mechanisms are being developed to make it less easy to reroute Internet traffic for eavesdropping purposes by using manipulated Internet nodes.


Publications in Flagship Project Secure Internet Infrastructure

Domain Validation ++ for MitM-Resilient PKI
Authors: Markus Brand, Tianxiang Dai, Amit Klein, Haya Shulman, Michael Waidner
In: ACM SIGSAG Conference on Computer and Communications Security (ACM CCS), Toronto, Canada, October 2018

Path MTU Discovery Considered Harmful
Authors: Matthias Göhring, Haya Shulman, Michael Waidner
In: 38th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS, Vienna, Austria, July 2018

Practical Experience: Methodologies for Measuring Route Origin Validation
Authors: Tomas Hlavacek, Amir Herzberg, Haya Shulman, Michael Waidner
In: IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE DSN), Luxembourg, June 2018

Counting in the Dark: Caches Discovery and Enumeration in the Internet
Authors: Amit Klein and Haya Shulman, Michael Waidner
In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) , Denver, CO, USA, June 2017

Internet-Wide Study of DNS Cache Injections
Authors: Amit Klein and Haya Shulman, Michael Waidner
In: IEEE International Conference on Computer Communications (INFOCOM), Atlanta, GA, USA, May 2017

One Key to Sign Them All Considered Vulnerable: Evaluation of DNSSEC in Signed Domains
Authors: Haya Shulman, Michael Waidner
In: The 14th USENIX Symposium on Networked SystemsDesign and Implementation (NSDI) , Boston, MA, USA, March 2017

Are We There Yet? On RPKI’s Deployment and Security
Authors: Avichai Cohen, Yossi Gilad, Amir Herzberg, Michael Schapira, Haya Shulman 
In: Network and Distributed System Security Symposium (NDSS), San Diega, CA, USA Feburary 2017