|제목||[보안공학연구실] 외부초청세미나_정태중 강사님|
Title: A Data-driven Approach to Identifying Internet Security Challenges
Presenter: Taejoong Chung (Rochester Institute of Technology)
Date: December 27th 1:00 p.m.
Location: Cooperation Center 85777
Abstract: Public key infrastructures (PKIs) enable secure communication between different entities over an untrusted network. Due to this ability, PKIs are now central to security on the Internet: large-scale PKIs enable the security guarantees provided by protocols like HTTPS, DNSSEC, and RPKI. Unfortunately, despite these guarantees, there have been numerous security failures involving these protocols; ultimately, most of these failures are rooted in a discordance between how these protocols are designed and how they are actually used in practice.
In this talk, I will present an overview of my recent work that applies large-scale measurement and analysis to understand how security protocols are (mis)used in practice. I will first discuss how my measurements reveal widespread private key sharing between different entities in HTTPS ecosystem, breaking many security assumptions and making certain entities attractive attack targets. I will then describe how my large-scale study of the DNSSEC revealed that over 30% of domains that try to deploy DNSSEC fail to do so correctly, and why it is currently so challenging for domain owners to do so. I conclude with a discussion of my future research directions.
Bio: Taejoong (Tijay) Chung is an Assistant Professor at the Computer Science department in B. Thomas Golisano College of Computing and Information Sciences at the Rochester Institute of Technology. He received his Ph.D. in Computer Science and Engineering from Seoul National University in 2015. His work focuses on Internet security, privacy implications, and data science through data-driven approach. He received the IRTF Applied Networking Research Prize (2019), USENIX Security Distinguished Paper Award (2017), and Best Paper Award at IEEE Computer Society (ComSoc) Seoul Chapter (2010).