Pre-2018 CSE ID: CS2006-0862

Pre-2018 CSE ID: CS2004-0780

Pre-2018 CSE ID: CS2006-0863

Pre-2018 CSE ID: CS2002-0728

Pre-2018 CSE ID: CS2002-0729

DNS infrastructure hijacks are a class of attacks wherein the attack is theresult of an attacker controlling part or all of the DNS infrastructure for a domain. These hijacks are typically a byproduct of attackers exploiting errors and inconsistencies in how nameserver delegations are specified, or attackers gaining authority to update delegation records on behalf of the domain owner. Significantly, attacks on DNS infrastructure can impact nearly all users of a domain. Thus, understanding DNS infrastructure hijacks is of critical importance given that it undermines trust in services hosted at the hijacked domain.

In this dissertation, I directly address the challenges inherent in identifyingDNS infrastructure hijacks. In particular, I demonstrate it is feasible to infer hijacks as a third-party by leveraging large-scale measurements of the DNS ecosystem supplemented by a wide array of complementary data sources which help provide a broader context for interpreting the DNS measurements. In doing so, I show how large-scale measurements can help not only identify instances of high-value domains being hijacked, but also uncover long-standing operational practices exposing large numbers of domains unbeknownst to the domain owner. I first describe a large-scale measurement study across the Internet to comprehensively identify the extent of errors and inconsistencies in nameserver delegations and how it affects the security and efficiency of the resolution process. In the course of this first study, I discovered long-standing operational practices that exposed nearly half a million domains over nine years to the risk of hijack. In a second study, I then explored in depth the domain hijacking risk caused by these undocumented operational practices in the DNS ecosystem. While the two studies highlighted opportunistic hijacks wherein the security of the DNS infrastructure is undermined due to actions of the domain owner or registrar, in a final project, I explored targeted hijacks wherein an attacker actively takes control of DNS configuration for the domain. Overall in this dissertation, I present a qualitative and quantitative exploration of DNS infrastructure hijacks.

Pre-2018 CSE ID: CS2003-0755

Security is an ever growing concern for daily Internet users, especially sincemany facets of a user's daily interactions (banking, commerce, workplace) are now accessed via the Internet. Fortunately, recent technical advancements – such as encrypted web browsing, email spam filtering, and login two factor authentication – have increased the accessibility and practicality of security for users. However, studies show that the majority of exploited attacks take advantage of the human in the loop. Technology and humans are required to work in harmony for security to be effective. As a result, it is crucial that we understand the extent to which users follow best practices, and that we evaluate whether their behaviors in fact help prevent adverse security outcomes. In this dissertation, I argue that large-scale empirical measurement is a practical and effective technique to answer these questions as the basis for prioritizing security practices, and I support this argument with three different projects. First, I use network traffic data and measurement methods to quantify user behavior ``best practices'' and how they relate to an outcome (in this case, compromise). Next I examine how communication about a security policy change can affect an organization by analyzing large-scale organizational data. Finally, I quantify attacker behavior in the “Hack for Hire” market by hiring and monitoring attackers, which provides insight into which defenses to prioritize for better protecting users from these types of attacks. By empirically understanding and prioritizing effective security practices, we can further improve security for users.

Pre-2018 CSE ID: CS2007-0893

Pre-2018 CSE ID: CS2008-0927