Providing Secure Internet Services with Insecure Infrastructure

Duke Computer Science/Electrical Computer Engineering Colloquium
Speaker Name
Yixin Sun
Date and Time
-
Location
Fitzpatrick Center Schiciano Auditorium Side B
Notes
Lunch served at 11:45 am.
Abstract

The insecurity of Internet services can lead to disastrous consequences – confidential communications can be monitored, financial information can be stolen, and our critical Internet infrastructure can be crippled. However, many prior works on Internet services only focus on the security of an individual network layer in isolation, whereas the adversaries do quite the opposite – they look for opportunities to exploit the interactions across heterogeneous components and layers to compromise the system security. This gap leaves the privacy and security of billions of users as well as our critical infrastructure at risk.

I aim to bridge this gap to build privacy-preserving and secure Internet services. In this talk, I will focus on two Internet services, the Tor network and the Public Key Infrastructure. I have uncovered new vulnerabilities in these services by taking a cross-layer approach to exploit the interdependencies across different network layers. I have demonstrated attacks in the wild (ethically) to evaluate the real effects of vulnerabilities. Consequently, I have built practical defenses that have received real-world deployment by the Tor Project which serves millions of users, and Let's Encrypt which is the world's largest Certificate Authority that has issued hundreds of millions of digital certificates.

Short Biography

Yixin Sun is a PhD candidate in Computer Science at Princeton University. Her research focuses on building privacy-preserving and secure networked systems. She received the Information Controls Fellowship from the Open Technology Fund, the SEAS Award for Excellence from Princeton, and the EECS rising star from MIT. Throughout her career, Yixin has collaborated with many industrial labs and non-profit organizations, such as the Tor Project, Let's Encrypt, Verisign Labs, NEC Labs and International Computer Science Institute (ICSI). Previously, Yixin received her Bachelor's degree in Computer Science and Mathematics from the University of Virginia.

Host
Xiaowei Yang & Benjamin Lee