Title: Building Haystacks to Find Needles
Abstract: The internet is a big place, comprising billions of users and tens of billions of network devices. Discovering and remediating vulnerabilities in these devices is an imperative for a more secure internet. Unfortunately, vulnerabilities that affect millions of hosts represent only a small fraction of the overall internet. Finding these “needles” at internet scale requires collecting an exponentially larger “haystack.” In this talk, Erik Rye will describe two novel techniques he developed to collect unprecedentedly large network datasets. He will describe how he used these datasets to enable the discovery of new network security and privacy problems at internet scale. These include stark, real-world security and privacy vulnerabilities, such as revealing troop positions in Ukraine and exposing previously-unreachable Internet of Things devices like smart light bulbs in users’ homes. Rye’s findings have prompted design changes in systems run by Apple, SpaceX, and router manufacturers, and improved the security and privacy of millions of affected individuals.
Bio: Erik Rye is a final-year PhD candidate at the University of Maryland, where he focuses on solving large-scale network security and privacy problems. He regularly publishes in venues like the ACM Special Interest Group on Data Communications Conference and IEEE Security & Privacy, and he has shared his work at industry conventions like Black Hat USA and in popular media like KrebsOnSecurity.com. Rye contributes to the network security and measurement communities by running the IPv6 Observatory, which publishes weekly insights into the state of the internet. He holds master’s degrees in computer science and applied mathematics from the Naval Postgraduate School, and also likes dogs.