Haya ShulmanGoethe University Frankfurt · Institut für Informatik
Haya Shulman
PhD
About
118
Publications
32,537
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,330
Citations
Publications
Publications (118)
IP prefix hijacks allow adversaries to redirect and intercept traffic, posing a threat to the stability and security of the Internet. To prevent prefix hijacks, networks should deploy RPKI and filter bogus BGP announcements with invalid routes. In this work we evaluate the impact of RPKI deployments on the security and resilience of the Internet. W...
Resource Public Key Infrastructure (RPKI) was designed to authorize ownership of prefixes in the Internet, which routers use to filter bogus BGP announcements to prevent prefix hijacks. Although already 360K routes have valid covering Route Origin Authorizations (ROAs), RPKI is not widely validated. Erroneous ROAs are one of the obstacles towards w...
We explore the security of residential routers and find a range of critical vulnerabilities. Our evaluations show that 10 out of 36 popular routers are vulnerable to injections of fake records via misinterpretation of special characters. We also find that in 15 of the 36 routers the mechanisms, that are meant to prevent cache poisoning attacks, can...
We demonstrate the first downgrade attacks against RPKI. The key design property in RPKI that allows our attacks is the tradeoff between connectivity and security: when networks cannot retrieve RPKI information from publication points, they make routing decisions in BGP without validating RPKI. We exploit this tradeoff to develop attacks that preve...
We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS resolvers in the Internet and compare them with respect to effectiveness, applicability and stealth. Our study shows...
Internet resources form the basic fabric of the digital society. They provide the fundamental platform for digital services and assets, e.g., for critical infrastructures, financial services, government. Whoever controls that fabric effectively controls the digital society. In this work we demonstrate that the current practices of Internet resource...
The traditional design principle for Internet protocols indicates: "Be strict when sending and tolerant when receiving" [RFC1958], and DNS is no exception to this. The transparency of DNS in handling the DNS records, also standardised specifically for DNS [RFC3597], is one of the key features that made it such a popular platform facilitating a cons...
We explore a new type of malicious script attacks: the persistent parasite attack. Persistent parasites are stealthy scripts, which persist for a long time in the browser's cache. We show to infect the caches of victims with parasite scripts via TCP injection. Once the cache is infected, we implement methodologies for propagation of the parasites t...
Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by nation-state adversaries. The threat of IP prefix takedowns is one of the factors hindering RPKI adoption. In this wor...
The two volume set LNCS 12972 + 12973 constitutes the proceedings of the 26th European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-8, 2021. The conference was originally planned to take place in Darmstadt, Germany, but changed to an online event due to the COVID-19 pandemic.
The 71 full papers present...
The two volume set LNCS 12972 + 12973 constitutes the proceedings of the 26th European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-8, 2021.
The 71 full papers presented in this book were carefully reviewed and selected from 351 submissions. They were organized in topical sections as follows:
Part I: n...
We demonstrate the first practical off-path time shifting attacks against NTP as well as against Man-in-the-Middle (MitM) secure Chronos-enhanced NTP. Our attacks exploit the insecurity of DNS allowing us to redirect the NTP clients to attacker controlled servers. We perform large scale measurements of the attack surface in NTP clients and demonstr...
Many applications and protocols depend on the ability to generate a pool of servers to conduct majority-based consensus mechanisms and often this is done by doing plain DNS queries. A recent off-path attack [1] against NTP and security enhanced NTP with Chronos [2] showed that relying on DNS for generating the pool of NTP servers introduces a weak...
The critical role that Network Time Protocol (NTP) plays in the Internet led to multiple efforts to secure it against time-shifting attacks. A recent proposal for enhancing the security of NTP with Chronos against on-path attackers seems the most promising one and is on a standardisation track of the IETF. In this work we demonstrate off-path attac...
Deployment of DNSSEC, although increasing, still suffers from many practical issues that results in a false sense of security. While many domains outsource zone management, they also have to outsource DNSSEC key management to the DNS operator, making the operator an attractive target for attackers. Moreover, DNSSEC does not provide any sort of prot...
To protect from attacks, networks need to enforce ingress filtering. Despite the importance, the existing studies do not allow to infer the extent of ingress filtering at Internet-scale, providing results with only a limited coverage: they can either measure networks that operate servers with faulty network-stack implementations, or require install...
Note: this entry contains both presentation and paper.
BGP is a gaping security hole in today’s Internet, as
evidenced by numerous Internet outages and blackouts, repeated
traffic hijacking, and surveillance incidents. To protect against
prefix hijacking, the Resource Public Key Infrastructure (RPKI)
has been standardized. Yet, despite Herculean e...
Pseudorandom Generators (PRGs) play an important role in security of systems and cryptographic mechanisms. Yet, there is a long history of vulnerabilities in practical PRGs.
Significant efforts in the theoretical and practical research communities are invested to improve the security of PRGs, to identify faults in entropy sources, and to detect vul...
The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs. Our attack targets CAs which use Domain Validation (DV) for authentic...
Secure Two Party Computation (2PC) has the potential to facilitate a wide range of real life applications where privacy of the computation and participants is critical. Nevertheless, this potential has not translated to widespread industry acceptance due to performance issues. Over the years a significant research effort has focused on optimising t...
The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs). We practically demonstrate for the first time that even a very weak attacker, namely, an off-path attacker, can effectively subvert the trustworthiness of popular commercially used CAs. We demonstrate an attack against one popul...
This paper presents a grass-root approach to issuing routing public key certificates, to secure inter-domain routing in the Internet.
Performing Route Origin Validation (ROV) to filter BGP announcements, which contradict Route Origin Authorizations (ROAs) is critical for protection against BGP prefix hijacks. Recent works quantified ROV enforcing Autonomous Systems (ASes) using control-plane experiments. In this work we show that control-plane experiments do not provide accurate...
As awareness for Internet attacks gains traction, multiple proposals for defences are put forth. The proposals include, among others, secure access and communication to services, such as web, email and instant messaging. Do these efforts suffice to guarantee a secure Internet for clients and services? To answer this question we review the state of...
We design and develop DNS X-Ray which performs analyses of DNS platforms on the networks where it is invoked. The analysis identifies the caches and the IP addresses used by the DNS platform, fingerprints the DNS software on the caches, and evaluates vulnerabilities allowing injection of spoofed records into the caches. DNS X-Ray is the first tool...
SOHO routers act as a gateway to the Internet for Small Office/Home Office networks. Despite the important role that they fulfill, there is a long history of vulnerabilities allowing attackers to breach security and availability of the clients and services on SOHO networks. Following the multiple disclosures and recommendations for patches in the l...
The Resource Public Key Infrastructure (RPKI) binds IP address blocks to owners' public keys. RPKI enables routers to perform Route Origin Validation (ROV), thus preventing devastating attacks such as IP prefix hijacking. Yet, despite extensive effort, RPKI's deployment is frustratingly sluggish, leaving the Internet largely insecure. We tackle fun...
DNSSEC was designed to protect the Domain Name System (DNS) against DNS cache poisoning and domain hijacking. When widely adopted, DNSSEC is expected to facilitate a multitude of future applications and systems, as well as security mechanisms, that would use the DNS for distribution of security tokens, such as, certificates, IP prefix authenticatio...
Obfuscation is challenging; we currently have practical candidates with rather vague security guarantees on the one side, and theoretical constructions which have recently experienced jeopardizing attacks against the underlying cryptographic assumptions on the other side. This motivates us to study and present robust combiners for obfuscators, whic...
Obfuscation is challenging; we currently have practical candidates with rather vague security guarantees on the one side, and theoretical constructions which have recently experienced jeopardizing attacks against the underlying cryptographic assumptions on the other side. This motivates us to study and present robust combiners for obfuscators, whic...
We study the operational characteristics of the server-side of the Internet’s naming infrastructure. Our findings discover common architectures whereby name servers are ‘hidden’ behind server-side caching DNS resolvers. We explore the extent and the scope of the name servers that use server-side caching resolvers, and find such configurations in at...
To ensure the best security and efficiency, cryptographic protocols such as Transport Layer Security and IPsec should let parties negotiate the use of the "best" cryptographic algorithms; this is referred to as cipher-suite negotiation. However, cipher-suite negotiation is lacking in DNS Security Extensions (DNSSEC), introducing several problems. T...
We propose a transport layer cipher-suite negotiation mechanism for DNSSEC standard, allowing name-servers to send responses containing only the keys and signatures that correspond to the cipher-suite option negotiated with the resolver, rather than sending all the signatures and keys (as is done currently).
As we show, a lack of cipher-suite negot...
We present the first defence against DNS-amplification DoS attacks, which is compatible with the common DNS servers configurations and with the (important standard) DNSSEC. We show that the proposed DNS-authentication system is efficient, and effectively prevents DNS-based amplification DoS attacks abusing DNS name servers. We present a game-theore...
As awareness for privacy of Domain Name System (DNS) is increasing, a number of mechanisms for encryption of DNS packets were proposed. We study the prominent defences, focusing on the privacy guarantees, interoperability with the DNS infrastructure, and the efficiency overhead. In particular:
•We explore dependencies in DNS and show techniques tha...
We study the operational characteristics of the DNS infrastructure: transitive-trust, coresidence and servers placement. We discuss how these factors impact resilience, stability and security of the DNS services. As our study indicates, common configuration choices, that domain operators make, result in a fragile DNS infrastructure, susceptible to...
To ensure best security and efficiency, cryptographic protocols should allow parties to negotiate the use of the ‘best’ cryptographic algorithms supported by the different parties; this is usually referred to as cipher-suite negotiation, and considered an essential feature of such protocols, e.g., TLS and IPsec. However, such negotiation is absent...
Domain Name System (DNS) cache poisoning is a stepping stone towards advanced (cyber) attacks. DNS cache poisoning can be used to monitor users’ activities for censorship, to distribute malware and spam and to subvert correctness and availability of Internet clients and services. Currently, the DNS infrastructure relies on challenge-response defenc...
Internet systems and networks have a long history of attacks by off-path adversaries. An off-path adversary cannot see the traffic exchanged by the legitimate end points, and in the course of an attack it attempts to impersonate some victim by injecting spoofed packets into the communication flow. Such attacks subvert the correctness and availabili...
DNS cache poisoning is a stepping stone towards advanced (cyber) attacks, and can be used to monitor users' activities, for censorship, to distribute malware and spam, and even to subvert correctness and availability of Internet networks and services. The DNS infrastructure relies on challenge-response defences, which are deemed effective for thwar...
DNS Security Extensions (DNSSEC) became standardized more than 15 years ago, but its adoption is still limited. The recent publication of several new, off-path DNS cache-poisoning and wide-scale man-in-the-middle attacks should motivate DNSSEC adoption. However, significant challenges and pitfalls have resulted in severely limited deployment, which...
We present a new technique, which we call socket overloading, that we apply for off-path attacks on DNS. Socket overloading consists of short, low-rate, bursts of inbound packets, sent by off-path attacker to a victim host. Socket overloading exploits the priority assigned by the kernel to hardware interrupts, and enables an off-path attacker to il...
Online social networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important-and popular-subject for research. To perform research based on real-life evidence, however, researchers may need to acces...
We define and study cloudoscopy, i.e., exposing sensitive information about the location of (victim) cloud services and/or about the internal organisation of the cloud network, in spite of location-hiding efforts by cloud providers. A typical cloudoscopy attack is composed of a number of steps: first expose the internal IP address of a victim insta...
Online Social Networks (OSNs) have rapidly become a prominent and widely used
service, offering a wealth of personal and sensitive information with
significant security and privacy implications. Hence, OSNs are also an
important - and popular - subject for research. To perform research based on
real-life evidence, however, researchers may need to a...
We present effective off-path DNS cache poisoning attacks, circumventing widely-deployed challenge-response defenses, e.g., transaction identifier randomisation, port and query randomisation. Our attacks depend on the use of UDP to retrieve long DNS responses, resulting in IP fragmentation. We show how attackers are often able to generate such frag...
DNSSEC was proposed more than 15 years ago but its (correct) adoption is still very limited. Recent cache poisoning attacks motivate deployment of DNSSEC. In this work we present a comprehensive overview of challenges and potential pitfalls of DNSSEC, including: Vulnerable configurations: we show that inter-domain referrals (via NS, MX and CNAME re...
We design a provenance system for documents on clouds. The system allows writing documents by several collaborating individuals. Provenance allows recovery of information about the sequence of significant events relevant to the documents. Existing provenance systems focus on editing events, such as creation or removal of document parts. In this wor...
A growing number of networks delegate their DNS resolution to trusted upstream resolvers. The communication to and from the upstream resolver is invisible to off-path attackers. Hence, such delegation is considered to improve the resilience of the resolvers to cache-poisoning and DoS attacks, and also to provide other security, performance, reliabi...
We study covert channels between a MitM attacker, and her MitE 'malware', running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communic...
Recent cache poisoning attacks motivate protecting DNS with strong cryptography, by adopting DNSSEC, rather than with challenge-response 'defenses'. We discuss the state of DNSSEC deployment and obstacles to adoption. We then present an overview of challenges and potential pitfalls of DNSSEC, including: Incremental Deployment: we review deployment...