I am an Assistant Researcher at Zhongguancun Laboratory, Beijing. I received my Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Prof. Haixin Duan) in 2023.

My research focuses on measuring and enhancing the security of Internet infrastructure (DNS, Web PKI, CDN, etc.), uncovering significant vulnerabilities in core protocols (DNS, HTTP, TLS, DKIM, SPF, etc.), and understanding emerging cyberspace security threats.

News:

  • [Aug. 2023] Two papers accepted to NDSS 2024 and S&P 2024. Congrats to Chuhan and Xiang!

  • [Aug. 2023] Paper about security issues in domain name delegation accepted to NDSS 2023

  • [Jun 2023] I get my PhD! Special thanks to my advisors and collaborators!

  • [Jun 2023] Paper about detection of hosting-service-based domain takeover attacks accepted to ACM SIGMETRICS 2023

  • [Jan 2023] I’m serving on the TPC of SecureComm ‘23. Please consider submitting your works!

Interests

  • Network Security
  • Protocol Security
  • Web PKI
  • DNS

Education

  • PhD in Network Security, 2023

    Tsinghua University

  • B.E. in Information Security / LL.B. (Double Major), 2018

    Nankai University

Publications

Posters & Publications

(2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: ??%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).

(2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

(2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%, Acceptance rate in summer: 36/183=19.7%, Acceptance rate in fall: 58/398=14.6%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF Code Project Slides DOI

(2022). Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF Code Project Slides

(2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In Usenix Security 2022.

PDF

(2022). Ethics in Security Research: Visions, Reality, and Paths Forward. In EthiCS 2022.

PDF

(2022). HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations. In DSN 2022.

PDF

(2020). Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks. In CCS 2020.

PDF Slides

(2020). An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?. In IMC 2019.
* IRTF Applied Networking Research Prize (ANRP) 2020 Award Winner..

PDF Slides Video

(2020). Measuring Privacy Threats in China-Wide Mobile Networks. In FOCI 2018.

PDF Slides

Misc

Competition

  • The 1st Prize in GeekPWN 2019

🏅 Awards

Academia & Community

  • EthiCS'22 Best Student Paper, 2022
  • DSN'22 Best Paper Runner-up, 2022
  • IRTF Applied Networking Research Prize, 2020
  • ACM IMC Nominee of Distinguished Paper Award & Community Contribution Award, 2019

Education & Scholarship

  • PhD Dissertation Award of Tsinghua University, 2023
  • Qihang Award of Tsinghua University for Graduate Students, 2023
  • LongFor Academic Scholarship. 2023
  • 2st-Class Scholarship of Tsinghua University for Graduate Students, 2020
  • Cyberspace Scholarship of China Internet Development Foundation, 2018
  • China National Scholarship, 2017

🔖 Patents

Academic Services

Conference TPC member

  • 2023: EAI SecureComm

External Reviewer

  • 2022: NDSS, EthiCS
  • 2021: NDSS, ACSAC
  • 2020: ESORICS
  • 2019: CCS

Contact