In the TLS handshake, the server presents a certificate that binds one identity (typically its domain name) to its public key. However, there are use cases where a server may want to prove that it has multiple identities or attributes. How would you extend TLS and/or the broader PKI to support such a feature? What are the performance implications?
Oblivious DNS-over-HTTPS (ODoH) is an experimental protocol that combines the benefits of a VPN with encrypted DNS. In ODoH, the client makes an end-to-end encrypted DNS request through a proxy: the proxy does not learn the request or response, and the DNS server does not learn the client's IP address. One drawback of ODoH is that, due to encryption, the proxy cannot cache DNS responses (for normal DNS, caching dramatically improves request latency). Is it possible to include caching in ODoH while still preserving its security guarantees? How does the request latency of the resultant solution compare to the ODoH status quo of not caching?
Evaluating the Performance of DNS Privacy EnhancementsIn recent years, researchers and the IETF have proposed improving the privacy of traditional DNS (Do53) by using an encrypted transport layer, such as:
How does performance (e.g., request latency) compare between these approaches? What performance-enhancing opportunities does each provide (O-RTT, sending multiple queries at once, etc.)?
Attesting the Privacy of a DNS ServerA potential alternative to Oblivious DNS-over-HTTPS (ODoH) is to run the DNS server in a hardware enclave and provide a means for a client to attest the privacy of the server's software through DNS itself? How would you extend DNS to support server attestation? How does the performance of your solution compare to ODoH?
Compressing DNSSEC ResponsesSince a DNSSEC response must essentially return a certificate-chain for each query, response sizes can be quite larger. How would you compress the size of a DNSSEC response, and what are the performance implications. You may find aggregate signature schemes to be a useful cryptographic primitive.
Detecting and Defending Against Privacy Leaks in DNS-Based Service DiscoveryDNS-based Service Discovery (DNS-SD) is a protocol that uses DNS so that devices on a network (e.g., a printer) can advertise a service, and clients can search for services. What privacy issues does DNS-SD cause, and how would you adapt the protocol to allow for client and server anonymity?
How would you extend WireGuard's handshake to also support the attestation of a confidential VM? How could the system software (e.g., the operating system) enforce policies that only allow client connections to confidential VMs?
The protocol for sending email (SMTP) was developed before security was a serious consideration for the Internet. Over the years, several auxiliary protocols have emerged for the authenticity, integrity, and confidentiality of email, notably SPF, DKIM, DMARC, STARTTLS, DANE. Do email providers use these protocols, and use them with proper configuration? How does adoption vary across email providers? Which techniques are more prevalent?
userfaultfd is new system call in Linux that enables a process to delegate page-fault handling to a user-space application. As a result, such a primitive could be used to implement a distributed shared memory protocol. Implement such a protocol? How does the performance of the protocol compare to an RPC framework like gRPC?
Adding Security to Cloud-centric Transport ProtocolsRecently, researchers have proposed a number of new, efficient, RPC-based new transport layers, such as Homa, to replace TCP. How would you add security guarantees similar to TLS to such protocols? How would you extend such protocols to support attestation of an enclaved peer?
The standard protocol for delay-tolerant network is the Bundle Protocol, with the BPSec extension providing confidentiality and integrity. However, BP and BPSec primarily are a unicast communication model. How would you further extend BPSec to allow for efficient and secure group communications?
While the SIGCOMM'22 thoroughly evaluated the decentralization of IPFS, there are numerous questions as to composition of IPFS traffic. For instance, what applications comprise the majority of IPFS traffic? Is client traffic mostly through an IPFS gateway or through direct IPFS communications? How much traffic is over TCP vs. QUIC? How much content is dynamic vs. static? How dynamic is the dynamic content, and what are the underlying applications?
Detecting Botnets on IPFSP2P networks, like IPFS, are an attractive means for botnets to perform command-and-control operations since the decentralized nature of the network makes it difficult for authorities to take down the botnet. Is it possible to use detect botnet activity by analyzing the IPFS traffic?
Cloud platforms typically use access control lists and role-based access controls to mediate access to cloud resources, such as object storage. However, in a confidential computing setting, clients do not trust the cloud. Rather than trust the cloud to enforce access controls, an alternative is to have clients define the access permissions for their resources, and then cryptographically "back" such controls into the resource itself. How would you design such a system for cloud storage or for a pub-sub system? Is does your design require any software changes on the part of the cloud provider? What are the performance overheads compared to traditional access controls?