Taejoong Chung
YOU?
Author Swipe
View article: An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape
An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape Open
Deepfake or synthetic images produced using deep generative models pose serious risks to online platforms. This has triggered several research efforts to accurately detect deepfake images, achieving excellent performance on publicly availa…
View article: IRRedicator: Pruning IRR with RPKI-Valid BGP Insights
IRRedicator: Pruning IRR with RPKI-Valid BGP Insights Open
Border Gateway Protocol (BGP) provides a way of exchanging routing information to help routers construct their routing tables.However, due to the lack of security considerations, BGP has been suffering from vulnerabilities such as BGP hija…
View article: Under the Hood of DANE Mismanagement in SMTP
Under the Hood of DANE Mismanagement in SMTP Open
The DNS-based Authentication of Named Entities (DANE) is an Internet security protocol that enables a TLS connection without relying on trusted third parties like CAs by introducing a new DNS record type, TLSA. DANE leverages DNSSEC PKI to…
View article: Hammurabi
Hammurabi Open
This paper proposes using a logic programming language to disentangle X.509 certificate validation policy from mechanism. Expressing validation policies in a logic programming language provides multiple benefits. First, policy and mechanis…
View article: Privacy Guarantees of BLE Contact Tracing for COVID-19 and Beyond: A Case Study on COVIDWISE
Privacy Guarantees of BLE Contact Tracing for COVID-19 and Beyond: A Case Study on COVIDWISE Open
Google and Apple jointly introduced a digital contact tracing technology and an API called “exposure notification,” to help health organizations and governments with contact tracing. The technology and its interplay with security and priva…
View article: The ties that un-bind
The ties that un-bind Open
The couplings between IP addresses, names of content or services, and socket interfaces, are too tight. This impedes system manageability, growth, and overall provisioning. In turn, large-scale content providers are forced to use staggerin…
View article: The Reality of Algorithm Agility
The Reality of Algorithm Agility Open
The DNS Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System (DNS), the naming system of the Internet. With DNSSEC, signatures are added to the information provided in the DNS using publi…
View article: A Longitudinal and Comprehensive Study of the {DANE} Ecosystem in Email
A Longitudinal and Comprehensive Study of the {DANE} Ecosystem in Email Open
The DNS-based Authentication of Named Entities (DANE) standard allows clients and servers to establish a TLS connection without relying on trusted third parties like CAs by publishing TLSA records. DANE uses the Domain Name System Security…
View article: You Are Who You Appear to Be
You Are Who You Appear to Be Open
The public key infrastructure (PKI) provides the fundamental property of authentication: the means by which users can know with whom they are communicating online. The PKI ensures end-to-end authenticity insofar as it verifies a chain of c…
View article: RPKI is Coming of Age
RPKI is Coming of Age Open
Despite its critical role in Internet connectivity, the Border Gateway Protocol (BGP) remains highly vulnerable to attacks such as prefix hijacking, where an Autonomous System (AS) announces routes for IP space it does not control. To addr…
View article: 2019 Cybersecurity Research Transition to Practice Workshop Slides
2019 Cybersecurity Research Transition to Practice Workshop Slides Open
The Cybersecurity Research Transition to Practice Workshop, held on June 19th, 2019 at the Aon Center, Chicago, Illinois
View article: maTLS: How to Make TLS middlebox-aware?
maTLS: How to Make TLS middlebox-aware? Open
Middleboxes are widely deployed in order to enhance security and performance in networking.As communication over TLS becomes increasingly common, however, the end-to-end channel model of TLS undermines the efficacy of middleboxes.Existing …
View article: Is the Web Ready for OCSP Must-Staple?
Is the Web Ready for OCSP Must-Staple? Open
TLS, the de facto standard protocol for securing communications over the Internet, relies on a hierarchy of certificates that bind names to public keys. Naturally, ensuring that the communicating parties are using only valid certificates i…
View article: A First Look at Certification Authority Authorization (CAA)
A First Look at Certification Authority Authorization (CAA) Open
Shaken by severe compromises, the Web’s Public Key Infrastructure has seen the addition of several security mechanisms over recent years. One such mechanism is the Certification Authority Authorization (CAA) DNS record, that gives domain n…
View article: A longitudinal, end-to-end view of the DNSSEC ecosystem
A longitudinal, end-to-end view of the DNSSEC ecosystem Open
The Domain Name System's Security Extensions (DNSSEC) allow clients and resolvers to verify that DNS responses have not been forged or modified inflight. DNSSEC uses a public key infrastructure (PKI) to achieve this integrity, without whic…
View article: Investigating End-to-End Integrity Violations in Internet Traffic
Investigating End-to-End Integrity Violations in Internet Traffic Open
Internet applications are commonly implemented with the implicit assumption that network traffic is transported across the Internet without modification and without having application-level data being monitored; we refer to this end-to-end…