Yixin Sun, Princeton. “Routing Attacks on Internet Services”

Position:  PhD Student

Current Institution:  Princeton University

Abstract:  Routing Attacks on Internet Services

My research focuses on exploring the interdependencies between the underlying Internet infrastructure and the overlay Internet services to uncover new security/privacy flaws and design robust countermeasures. Previous works are typically limited to analyzing individual network layers in isolation, missing critical interactions across different layers that adversaries can exploit. We have revealed new attacks that adversaries can exploit by manipulating Internet routing to compromise the security/privacy guarantees of Internet services such as the Tor network and the Public Key Infrastructure (PKI). We successfully perform real-world routing attacks on the live Tor network in an ethical manner with over 90% accuracy on deanonymize Tor users. We then develop proactive and reactive countermeasures which have impacted two Tor design specifications and are currently being integrated into the Tor Metrics Portal. We also successfully perform real-world routing attacks and obtain digital certificates of a victim domain from five top Certificate Authorities (CAs) compromising the security of PKI. We then develop two countermeasures to protect domain owners. Our countermeasure, the Multiple Vantage Point Verification, has been deployed by Let’s Encrypt, the world’s largest CA that has issued hundreds of millions of certificates.

Yixin Sun is a PhD student at Princeton University. She received her bachelor’s degree in computer science (with highest distinction) and mathematics from the University of Virginia in 2013. Her research interests include network security and privacy. She received the Information Controls Fellowship from the Open Technology Fund in 2015 and the SEAS Award for Excellence from Princeton University in 2017. In the past, she has interned at Verisign Labs, NEC Labs, and International Computer Science Institute (ICSI).