S3 - Privacy-Preserving Access and Verifiable Utilization

S3 – Privacy-Preserving Access and Verifiable Utilization

The goal of the project is to secure the Internet infrastructure and devise techniques for secure and privacy preserving access to and usage of Internet services and platforms. The project studies cryptography deployment in the Internet and identifies the related challenges and obstacles. The project develops mechanisms for integrating cryptography into the Internet infrastructure and for automating the cryptography usage and operation. The developed deliverables are then extensively evaluated in the Internet and analyzed with simulations.


Markus Brandt
Security in Information Technology

Research Interests:

  • Network Security
  • Secure Communication
  • Machine Learning
  • Web Security
  • Internet Protocols

Tianxiang Dai
Security in Information Technology

Nikhil Tripathi

Nikhil Tripathi


Brandt, Markus ; Dai, Tianxiang ; Klein, Amit ; Shulman, Haya ; Waidner, Michael (2018):
Domain Validation ++ for MitM-Resilient PKI.
In: ACM CCS 2018, Toronto, Canada, 15.-19.10. 2018, [Online-Edition: https://www.sigsac.org/ccs/CCS2018/],

Hlavacek, Tomas ; Herzberg, Amir ; Shulman, Haya ; Waidner, Michael (2018):
Practical Experience: Methodologies for Measuring Route Origin Validation.
In: DSN 2017 - The 47th IEEE/IFIP International Conference on Dependable Systems and Networks, Denver,CO,USA, 26.-29.06.2018, [Online-Edition: http://dsn2017.github.io/],

Göhring, Matthias ; Shulman, Haya ; Waidner, Michael (2018):
Path MTU Discovery Considered Harmful.
In: ICDCS 2018 - 38th IEEE International Conference on Distributed Computing Systems, Vienna, Austria, 2.-5.7.2018, [Online-Edition: http://icdcs2018.ocg.at],

Klein, Amit ; Shulman, Haya ; Waidner, Michael (2017):
Counting in the Dark: Caches Discovery and Enumeration in the Internet.
In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, USA, [Konferenzveröffentlichung]

Klein, Amit ; Shulman, Haya ; Waidner, Michael (2017):
Internet-Wide Study of DNS Cache Injections.
In: IEEE International Conference on Computer Communications (INFOCOM), Atlanta, GA, USA, [Konferenzveröffentlichung]

Cohen, Avichai ; Gilad, Yossi ; Herzberg, Amir ; Schapira, Michael ; Shulman, Haya (2017):
Are We There Yet? On RPKIs Deployment and Security.
In: Network and Distributed Systems Security (NDSS), San Diego, CA, USA, [Konferenzveröffentlichung]

Shulman, Haya ; Waidner, Michael (2017):
One Key to Sign Them All Considered Vulnerable: Evaluation of DNSSEC in the Internet.
In: Proceedings of the 14th USENIX Conference on Networked Systems Design and Implementation, USENIX Association, In: 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17), Boston, MA, USA, 27.-29.03. 2017, [Konferenzveröffentlichung]

Fischlin, Marc ; Herzberg, Amir ; Noon, Hon Bin ; Shulman, Haya (2016):
Obfuscation Combiners.
In: International Cryptology Conference (CRYPTO), Santa Barbara, CA, USA, [Konferenzveröffentlichung]

Feldmann, Anja ; Heyder, Philipp ; Kreutzer, Michael ; Schmid, Stefan ; Seifert, Jean-Pierre ; Shulman, Haya ; Thimmaraju, Kashyap ; Waidner, Michael ; Sieberg, Jens (2016):
NetCo: Reliable Routing with Unreliable Routers.
In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Workshops, Toulouse, France, [Konferenzveröffentlichung]

Shulman, Haya ; Waidner, Michael (2016):
Is the Internet Ready for DNSSEC: Evaluating Pitfalls in the Naming Infrastructure.
In: In Traffic Monitoring and Analysis (TMA), Louvain La Neuve, Belgium, [Konferenzveröffentlichung]

Borgwart, Andreas ; Boukoros, Spyros ; Shulman, Haya ; Waidner, Michael ; van Royeen, Carel (2015):
Detection and Forensics of Domains Hijacking.
In: IEEE Global Communications Conference, IEEE, San Diego, CA, USA, [Konferenzveröffentlichung]

Shulman, Haya ; Waidner, Michael (2015):
DNSSEC for Cyber Forensics.
In: EURASIP J. Information Security, S. 14, (16), [Article]

Shulman, Haya ; Waidner, Michael (2015):
Towards Security of Internet's Naming Infrastructure.
In: Computer Security ESORICS, Vienna, Austria, [Konferenzveröffentlichung]

Herzberg, Amir ; Shulman, Haya (2015):
Cipher-Suite Negotiation for DNSSEC: Hop-by-Hop or End-to-End?
In: Internet Computing, IEEE, S. 80-84, (19), [Article]

Herzberg, Amir ; Shulman, Haya (2014):
DNS Authentication as a Service: Preventing Amplifikation Attacks.
In: 30th Annual Computer Security Applications Conference, New Orleans, LA, USA, In: ACSAC, [Konferenzveröffentlichung]

Herzberg, Amir ; Shulman, Haya ; Crispo, Bruno (2014):
Less is More: Cipher-Suite Negotiation for DNSSEC.
In: Computer Security Applications Conference (ACM ACSAC), ACSAC, IEEE, New Orleans, Louisiana, U.S., [Konferenzveröffentlichung]

Shulman, Haya ; Ezra, Shiran (2014):
Poster: On the Resilience of DNS Infrastructure.
In: ACM Conference on Computer and Communications Security (ACM CCS), ACM, Scottsdale, Arizona, USA, [Konferenzveröffentlichung]

Herzberg, Amir ; Shulman, Haya (2014):
DNS Security: Past, Present and Future.
In: Future Security Conference 2014, Berlin, Germany, [Konferenzveröffentlichung]

Shulman, Haya (2014):
Pretty Bad Privacy: Pitfalls of DNS Encryption.
In: Proceedings of the 13th annual ACM workshop on Privacy in the electronic society, Scottsdale, Arizona, USA, [Konferenzveröffentlichung]

go to TU-biblio search on ULB website