J. Alex Halderman’s research while affiliated with University of Michigan and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (90)


Ten Years of ZMap
  • Conference Paper

November 2024

·

5 Reads

·

1 Citation

Zakir Durumeric

·

David Adrian

·

Phillip Stephens

·

[...]

·

J. Alex Halderman

Improving the Security of United States Elections with Robust Optimization

October 2024

·

19 Reads

Operations Research

The preservation of democracy hinges on the reality and perception that votes in elections are counted properly. In the paper “Improving the Security of United States Elections with Robust Optimization,” Crimmins, Halderman, and Sturt provide a low-cost approach to reducing the security risks of voting machines that are used to scan ballots and count votes. Their approach consists of applying robust optimization to a century-old testing procedure called logic and accuracy testing (LAT), which is performed by election officials on each voting machine before each election. The authors show that their robust optimization approach is guaranteed to detect any misconfiguration of voting machines that would cause votes to be swapped across candidates. Applying their approach to Michigan’s November 2022 election, the authors show that their approach to LAT would have only required a 1.2% increase in cost to election officials compared with current practice. Their approach, which is forthcoming in the Societal Impact section, has been successfully piloted in real-world elections by the Michigan Bureau of Elections since Summer 2023 as a cost-efficient way to enhance election security and public trust in election outcomes.


Ten Years of ZMap

June 2024

·

21 Reads

Since ZMap's debut in 2013, networking and security researchers have used the open-source scanner to write hundreds of research papers that study Internet behavior. In addition, ZMap powers much of the attack-surface management and security ratings industries, and more than a dozen security companies have built products on top of ZMap. Behind the scenes, much of ZMap's behavior - ranging from its pseudorandom IP generation to its packet construction - has quietly evolved as we have learned more about how to scan the Internet. In this work, we quantify ZMap's adoption over the ten years since its release, describe its modern behavior (and the measurements that motivated those changes), and offer lessons from releasing and maintaining ZMap.


OpenVPN is Open to VPN Fingerprinting

June 2024

·

72 Reads

·

15 Citations

Communications of the ACM

VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using “dual use” DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 “obfuscated” VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.


Just add WATER: WebAssembly-based Circumvention Transports
  • Preprint
  • File available

November 2023

·

60 Reads

As Internet censors rapidly evolve new blocking techniques, circumvention tools must also adapt and roll out new strategies to remain unblocked. But new strategies can be time consuming for circumventors to develop and deploy, and usually an update to one tool often requires significant additional effort to be ported to others. Moreover, distributing the updated application across different platforms poses its own set of challenges. In this paper, we introduce WATER (WebAssembly Transport Executables Runtime), a novel design that enables applications to use a WebAssembly-based application-layer to wrap network transports (e.g., TLS). Deploying a new circumvention technique with WATER only requires distributing the WebAssembly Transport Module(WATM) binary and any transport-specific configuration, allowing dynamic transport updates without any change to the application itself. WATMs are also designed to be generic such that different applications using WATER can use the same WATM to rapidly deploy successful circumvention techniques to their own users, facilitating rapid interoperability between independent circumvention tools.

Download

Figure 5: Visualization of our exact algorithm from §4.1 for solving the optimization problem (RO-Σ).
Improving the Security of United States Elections with Robust Optimization

August 2023

·

38 Reads

For more than a century, election officials across the United States have inspected voting machines before elections using a procedure called Logic and Accuracy Testing (LAT). This procedure consists of election officials casting a test deck of ballots into each voting machine and confirming the machine produces the expected vote total for each candidate. We bring a scientific perspective to LAT by introducing the first formal approach to designing test decks with rigorous security guarantees. Specifically, our approach employs robust optimization to find test decks that are guaranteed to detect any voting machine misconfiguration that would cause votes to be swapped across candidates. Out of all the test decks with this security guarantee, our robust optimization problem yields the test deck with the minimum number of ballots, thereby minimizing implementation costs for election officials. To facilitate deployment at scale, we develop a practically efficient exact algorithm for solving our robust optimization problems based on the cutting plane method. In partnership with the Michigan Bureau of Elections, we retrospectively applied our approach to all 6928 ballot styles from Michigan's November 2022 general election; this retrospective study reveals that the test decks with rigorous security guarantees obtained by our approach require, on average, only 1.2% more ballots than current practice. Our approach has since been piloted in real-world elections by the Michigan Bureau of Elections as a low-cost way to improve election security and increase public trust in democratic institutions.


RemoteVote and SAFE Vote: Towards Usable End-to-End Verification for Vote-by-Mail

July 2023

·

18 Reads

·

1 Citation

Lecture Notes in Computer Science

Postal voting is growing rapidly in the U.S., with 43% of voters casting ballots by mail in 2020, yet until recently there has been little research about extending the protections of end-to-end verifiable (E2E-V) election schemes to vote-by-mail contexts. The first—and to date, only—framework to focus on this setting is STROBE, which has important usability limitations. In this work, we present two approaches, RemoteVote and SAFE Vote, that allow mail-in voters to benefit from E2E-V without changing the voter experience for those who choose not to participate in verification. To evaluate these systems and compare them with STROBE, we consider an expansive set of properties, including novel attributes of usability and verifiability, several of which have applicability beyond vote-by-mail contexts. We hope that our work will help catalyze further progress towards universal applicability of E2E-V for real-world elections.


Challenges in cybersecurity: Lessons from biological defense systems

June 2023

·

86 Reads

·

4 Citations

Mathematical Biosciences

Defending against novel, repeated, or unpredictable attacks, while avoiding attacks on the 'self', are the central problems of both mammalian immune systems and computer systems. Both systems have been studied in great detail, but with little exchange of information across the different disciplines. Here, we present a conceptual framework for structured comparisons across the fields of biological immunity and cybersecurity, by framing the context of defense, considering different (combinations of) defensive strategies, and evaluating defensive performance. Throughout this paper, we pose open questions for further exploration. We hope to spark the interdisciplinary discovery of general principles of optimal defense, which can be understood and applied in biological immunity, cybersecurity, and other defensive realms.




Citations (69)


... The While the fingerprinting can report a suspected VPN connection, verifying whether it is actually a VPN connection can be done by the back-end infrastructure of the censoring body, for example through IP probing as performed by Diwen Xue et al. in [13]. Our code with compilation instructions is publicly available in a git repository [14]. ...

Reference:

Fingerprinting VPNs with Custom Router Firmware: A New Censorship Threat Model
OpenVPN is Open to VPN Fingerprinting
  • Citing Article
  • June 2024

Communications of the ACM

... Thus, rising incidences of cyber-crime have become a matter of concern for all. Derogation of privacy, unauthorized data alteration or destruction, data theft, stealing of financial information from clients, etc., are some of the vital consequences of cyber-crimes [9]. The present Internet scenario worldwide is reminiscent of the 19th century Gold Rush in the United States. ...

Challenges in cybersecurity: Lessons from biological defense systems
  • Citing Article
  • June 2023

Mathematical Biosciences

... L4 vs. L7 Discrepancies. Several studies have noted significant discrepancies between L4 and L7 responsiveness [33,49,53,85,95,107]. Izhikevich et al. showed that TCP liveness does not reliably indicate the presence of an application-layer service because of pervasive middlebox deployment [56]. ...

FTP: The Forgotten Cloud
  • Citing Conference Paper
  • June 2016

... Enhancing cybersecurity awareness and promoting responsible online behaviors can help mitigate the risks associated with malware infections. d) Leveraging Threat Intelligence: Just as the immune memory response helps faster and more effective immune responses to reinfection, leveraging threat intelligence can enhance cybersecurity incident response capabilities by collecting and analyzing information about malware and attack patterns [16]. ...

Challenges in Cybersecurity: Lessons from Biological Defense Systems
  • Citing Article
  • January 2023

SSRN Electronic Journal

... The NETSCOUT Threat Intelligence Report [4] indicates that a new IoT device on the network typically faces its first attack within 5 hours and becomes a specific attack target within 24 hours, and that most attacks exploit vulnerabilities in IoT devices [5]. Beyond being targets in attacks, compromised IoT devices can serve as tools in botnet attacks, exemplified by Mirai, URSNIF, and BASHLITE [6], where captured devices are used to orchestrate high-volume Distributed Denial of Service (DDoS) attacks. While various methods have been developed to detect and mitigate ongoing attacks, primarily Intrusion Detection Systems (IDS), proactive measures such as device-specific updates, internet access restrictions or isolation can prevent these attacks before they happen. ...

Understanding the Mirai Botnet Understanding the Mirai Botnet

... Implementation. AI-based signature matching tools developed by private companies are widely used in elections for verifying mail-in ballots, and similar tools can be applied for other forms of ballot counting that require signatures (Bender 2022 (Barretto et al. 2021;Zhao et al. 2023). ...

Improving the Accuracy of Ballot Scanners Using Supervised Learning
  • Citing Chapter
  • September 2021

Lecture Notes in Computer Science

... Hoang et al. [25] developed GFWatch to examine the DNS ltering behaviors of the GFW. Besides GFW, other research studies have focused on Internet censorship deployed by Iran [8,10], Pakistan [34,38], Syria [13], India [62], Kazakhstan [47], and Russia [51]. ...

Investigating Large Scale HTTPS Interception in Kazakhstan
  • Citing Conference Paper
  • October 2020

... Related Work: Numerous systems have been proposed to resist censorship [41,61]. These systems include those the property is fully satisfied by the system attempted, but the property is only partially satisfied the property is not satified by the system based on protocol mimicry [16,17,48,66,68], protocol tunneling [6,11,26,37,43,46,48,66], polymorphism [4,69,70], browser-based or scalable proxy systems [20][21][22]50], refraction networking [10,18,27,28,35,39,49,63,73,74], and cloud fronting systems [11,23,34,77]. Many of these approaches are vulnerable to traffic analysis [7,25,31,36,65] and other active attacks [15,19,29,57]. ...

Running Refraction Networking for Real

Proceedings on Privacy Enhancing Technologies

... [12,Section 5]. Some of the problems with E2E-VIV are (1) the voter and the local election official (LEO) must rely, for executing the complex cryptographic protocol, on computers that are themselves hackable; and (2) voters must actively perform some parts of the protocol themselves, which is problematic given that most voters don't do the most basic review of machine-marked paper ballots [7,6]. ...

Can Voters Detect Malicious Manipulation of Ballot Marking Devices?
  • Citing Conference Paper
  • May 2020

... In terms of their reliability, they also demonstrate fundamental differences: even after controlling for differences in their communication protocols, Mozi bots exhibit significantly lower response rates than Hajime bots. Even in terms of how they react to external network events, today's IoT botnets differ: for example, Mozi bots appear to be affected by China's evening bandwidth throttling far more than Hajime bots [32]. ...

Characterizing Transnational Internet Performance and the Great Bottleneck of China
  • Citing Conference Paper
  • June 2019