1

A Large-scale and Longitudinal Measurement Study of DKIM Deployment

DomainKeys Identified Mail (DKIM) is an email authentication protocol to protect the integrity of email contents. It has been proposed and standardized for over a decade and adopted by Yahoo!, Google, and other leading email service providers. …

HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations

The Internet has become a complex distributed network with numerous middle-boxes, where an end-to-end HTTP request is often processed by multiple intermediate servers before it reaches its destination. However, a general problem in this distributed …

Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks

As a fundamental communicative service, email is playing an important role in both individual and corporate communications, which also makes it one of the most frequently attack vectors. An email’s authenticity is based on an authentication chain …

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

We discovered a new HTTPS hijacking attack method and won the GeekPwn International Championship

CDN Backfired: Amplification Attacks Based on HTTP Range Requests

Content Delivery Networks (CDNs) aim to improve network performance and protect against web attack traffic for their hosting websites. And the HTTP range request mechanism is majorly designed to reduce unnecessary network transmission. However, we …

CDN judo: Breaking the cdn dos protection with itself

Content Delivery Network (CDN) improves the websites' accessing performance and availability with its globally distributed network infrastructures, which contributes to the flourish of CDN-powered websites on the Internet. As CDN-powered websites are …