The Internet's size, and the diversity of connected hosts, create difficult challenges for security. Conventionally, most vulnerabilities are discovered through labor-intensive scrutiny of individual implementations, but this scales poorly, and important classes of vulnerabilities can be hard to detect when considering hosts in isolation. Moreover, the security of the Internet as a whole is affected by management decisions made by individual system operators, but it is difficult to make sense of these choices--or to influence them to improve security--without a global perspective.
In recent work, I have been developing new approaches to these challenges, based on the analysis of large-scale Internet measurement data. By collecting and analyzing the public keys used for HTTPS and SSH, my team discovered serious weaknesses in key generation affecting millions of machines, and we were able to efficiently factor the RSA moduli used by almost 0.5% of all HTTPS servers. By clustering and investigating the vulnerable hosts, we exposed flawed cryptographic implementations in network devices manufactured by more than 60 companies and uncovered a critical design flaw in the Linux kernel.
To help other researchers apply similar techniques, we developed ZMap, a tool for performing Internet-wide network surveys that can probe the entire IPv4 address space in minutes, thousands of times faster than prior approaches. ZMap has become a thriving open-source project and is available in major Linux distributions. We've used it to develop defenses against compromised HTTPS certificate authorities, to study the Internet's response to the infamous OpenSSL Heartbleed vulnerability, and to significantly increase the global rate of patching for vulnerable hosts. Ultimately, measurement-driven approaches to Internet security may help shift the security balance of power to favor defenders over attackers.
J. Alex Halderman is an assistant professor of computer science and engineering at the University of Michigan and director of Michigan's Center for Computer Security and Society. His research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy. Prof. Halderman's interests include application security, network security, anonymous and censorship-resistant communication, electronic voting, digital rights management, mass surveillance, and online crime, as well as the interaction of technology with law, regulatory policy, and international affairs.
Prof. Halderman is widely known for developing the "cold boot" attack against disk encryption, which altered widespread security assumptions about the behavior of RAM, influenced computer forensics practice, and inspired the creation of a new subfield of theoretical cryptography. A noted expert on electronic voting security, he helped lead the first independent review of the election technology used by half a billion voters in India, which prompted the national government to undertake major technical reforms. He has authored more than 50 publications, and his work has won numerous distinctions, including two best paper awards from Usenix Security, a top systems security venue.