I am a postdoc at Princeton University in the
Computer Science Department and
Center for Information Technology Policy. My research focuses on empirical network security,
with an emphasis on Internet measurement. I have designed a variety of novel techniques and systems
to detect and defend against adversarial manipulation of Internet traffic. My frequent collaborators include
Jed Crandall, and the Tor Project.
I am on the job market for a
tenure-track faculty position. Here is my CV and bio.
I have worked on several networking-related research projects, mainly in:
1. Network Interference:
- Studying national firewalls, especially the Great Firewall of
China (GFW). In a collaborative effort, we detected and documented the
Cannon that shows China’s capabilities for active man-in-the-middle
attacks. More recently, we investigated how the
probing system is designed, which is used to discover and block
hidden circumvention proxies.
- Capturing a global view on Internet censorship, with Censored
Planet, an ongoing project and platform to measure both IP and DNS censorship,
without controlling any vantage points. Censored Planet allows us to regularly
collect “censorship snapshots” of 143 countries; a scale that has never been
achieved before. For more, take a look at
our project page.
- Developing effective side channels (a.k.a. idle scans)
for measuring how information flows between two remote hosts around the world, without requiring any kind
of distributed measurement platform or access to any of the machines that connectivity is tested
to or from. Spooky Scan—
a.k.a hybrid idle scan—is among three side channels that I designed and developed over years. We used the
Spooky Scan and a side channel in the Linux kernel’s SYN backlog to
measure the reachability of the Tor network (which is known to be blocked in China) over space and time.
For more, please have a look at
our project page.
Currently, we are using this technique to capture the global state of Internet reachability.
For more, read my USENIX paper
or listen to my talk.
2. Privacy Preserving Technologies:
- Characterizing and avoiding routing detours through surveillance
states. We are investigating how the use of
overlay networks and the DNS open resolver infrastructure can prevent traffic
from traversing certain jurisdictions. In collaboration with A. Edmundson, N. Feamster, and J. Rexford. For more, take a look at
our project page.
- Understanding the security and privacy risks of the Internet of Things.
We are developing a testbed to reveal vulnerabilities and privacy leaks based on automated analysis
of traffic from smart-home devices. Our findings have led to patches and informed FTC policy.
In collaboration with S. Grover and N. Feamster. For more, read our
The full list of my publications is available here.
Identifying and Characterizing Sybils in the Tor Network
P. Winter, R. Ensafi, K. Loesing, and N. Feamster
In: USENIX Security Symposium (USENIX Security), August 2016
Examining How the Great Firewall Discovers Hidden Circumvention Servers
R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, and V. Paxson
In: ACM Internet Measurement Conference (IMC), October 2015
IRTF Applied Networking Research Prize winner
Analyzing the Great Firewall of China Over Space and Time
R. Ensafi, P. Winter, M. Abdullah, and J. Crandall
In: Privacy Enhancing Technologies Symposium (PETS), July 2015
An Analysis of China's Great Cannon
B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Railton, R. Deibert, and V. Paxson
In: USENIX Workshop on Free and Open Communications on the Internet (FOCI), August 2015.
Also appeared as a Citizen Lab report, April 2015
Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels
R. Ensafi, J. Knockel, G. Alexander, and J. Crandall
In: Passive and Active Measurement Conference (PAM), April 2014
Idle Port Scanning and Non-interference Analysis of Network Protocol Stacks Using Model Checking
R. Ensafi, J. Park, D. Kapur, and J. Crandall
In: USENIX Security Symposium (USENIX Security), August 2010
I will be giving a lecture about surveillance and circumvention at MIT in October :)
I was accepted into the 2016 Rising Stars Workshop at CMU!
I finished my reviews for NSF, IMC'16,
I gave a talk at the Berkman Center at Harvard University (May 2016).
I finished a lecture on privacy & surveillance for a networking class & a
Netseminar talk about the GFW at Stanford University (April 2016).
Our team was among the winners in the
CAIDA BGP Hackathon 2016.
I won the Applied Networking Research Prize, IRTF 2016.
- We are organizing a
Conference on Internet Censorship, Interference, and Control at CITP.
- I served as a panelist for FOCI’15 (August 2015).
- I attended the NSF NeTS Early Career Workshop (July 2015).
- I presented our PETS’15 paper in Philadelphia, PA (April 2016).
- Applied Networking Research Prize, Internet Research Task Force, 2016
- 2016 Rising Stars Invitee, CMU/MIT
- Granted an NSF NeTS Early Career Workshop award, 2015
- Passed with Distinction Award for PhD dissertation, CS, UNM, December 2014
- Excellence in Graduate Research, Sigma Xi, UNM, 2014
- Graduate Student Mentor Award, UNM, 2011–2012
- Graduate Student Highlight, CS, UNM, January 2011
- MEP Fellowship, School of Engineering Scholarship, UNM, Fall 2009