I am a PhD student at the University of California San Diego (UCSD), working with Aaron Schulman, Geoff Voelker, and Stefan Savage.
Internet Measurement | Security | Privacy | Networking
Certain phenomena on the Internet, such as the prevalence of
stalkerware, contract cheating services, or phishing domains, are
difficult to measure because of their sensitive and rare natures. However,
all of these phenomena are visible within the Domain Name System. With the
rise of public DNS resolvers such as Google Public DNS, Cloudflare DNS
OpenDNS, and Quad9, a new opportunity has arisen to study the
prevalence of such occurrences using DNS cache sniffing. Cache sniffing on
public resolvers, in contrast to previous work published on small,
misconfigured open resolvers, can yield far more information, while at the
same time preserving privacy. However, public resolvers have complex and
unique caching behaviors that also make cache sniffing far more difficult.
We studied the caching strategies of four public DNS resolvers and
present a method for using DNS cache sniffing on each of them. We then built a tool, Trufflehunter, to
estimate the popularity of the aforementioned applications, which is difficult to measure by other means.
Common security advice includes injunctions such as "Update your operating system," "run antivirus," and "change your passwords frequently."
However, there isn't much information available about if this advice actually lowers a user's chances of getting infected by malware.
Working with a unique network vantage point, we are attempting to measure the correlations between user behaviors and infection rates
to see what behavioral factors are actually likely to get you owned online.
Censorship Circumvention in China
I worked with Prof. Eric Wustrow at University of Colorado Boulder to create a tool called Metis that could predict which websites a user visited were likely
to be censored, so that it could route only those websites through a censorship circumvention tool, and connect to the others directly.
The idea was that circumvention tools are usually slow, because they connect to EVERY website through circuitous routes, not just the ones that
would get blocked.
Metis could also collect aggregate information about which websites were blocked, to give the research community a better idea of which sites
get censored where. I implemented differential privacy (Google's RAPPOR) to protect user privacy. This project was never deployed, but I
learned a lot in the process.