Research
The Empirical Security Research Group is a research lab in the Computer Science Department at Stanford University that focuses on security, privacy, online hate and harassment, and Internet measurement.
People
Zakir Durumeric
Deepak Kumar
Liz Izhikevich
Gerry Wan
Kimberly Ruth
Catherine Han
Hans Hanley
Jack Cable
Drew Gregory
Fengchen Gong
Anna Zeng
Maya Ziv
David Adrian
Publications
LZR: Identifying Unexpected Internet Services
- Liz Izhikevich, Renata Teixeira, Zakir Durumeric
- USENIX Security Symposium, August 2021
What’s in a Name? Exploring CA Certificate Control
- Zane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, Michael Bailey
- USENIX Security Symposium, August 2021
SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
- Kurt Thomas, Devdatta Akhawe, Michael Bailey, Elie Bursztein, Dan Boneh, Sunny Consolvo, Nicki Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, and Gianluca Stringhini
- IEEE Symposium on Security and Privacy ("Oakland"), May 2021
On the Origin of Scanning: The Impact of Location on Internet-Wide Scans
- Gerry Wan, Liz Izhikevich, David Adrian, Katsunari Yoshioka, Ralph Holz, Christian Rossow, Zakir Durumeric
- ACM Internet Measurement Conference (IMC), October 2020
An Empirical Analysis of California Data Breaches
- Richard Chen, Zakir Durumeric
- Technical Report
Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web
- Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-Lopez, J. Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, Brad Warren
- ACM Conference on Computer and Communications Security (CCS), November 2019
All Things Considered: An Analysis of IoT Devices on Home Networks
- Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, Zakir Durumeric
- USENIX Security Symposium, August 2019
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
- David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green,
- J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta,
- Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
- Communications of the ACM. January 2019.
Tracking Certificate Misissuance in the Wild
- Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, Michael Bailey
- IEEE Symposium on Security and Privacy ("Oakland"), May 2018
Scanning the Internet for Liveness
- Shehar Bano, Philipp Richter, Mobin Javed, Srikanth Sundaresan, Zakir Durumeric, Steven Murdoch, Richard Mortier, Vern Paxson
- SIGCOMM Computer Communication Review April 2018 (CCR)
- IETF Applied Networking Research Prize (ANRP)
Target Generation for IPv6 Scanning
- Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, Vern Paxson
- ACM Internet Measurement Conference (IMC), November 2017
Understanding the Mirai Botnet
- Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou
- USENIX Security Symposium (USENIX Security), August 2017
Security Challenges in an Increasingly Tangled Web
- Deepak Kumar, Zane Ma, Zakir Durumeric, Ariana Mirian, Joshua Mason,
- J. Alex Halderman, and Michael Bailey
- World Wide Web Conference (WWW), April 2017
The Danger of USB Drives
- Matthew Tischer, Zakir Durumeric, Elie Bursztein, and Michael Bailey
- IEEE Security & Privacy (S&P Magazine). March 2017.
The Security Impact of HTTPS Interception
- Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson
- Network and Distributed System Security Symposium (NDSS), February 2017
An Internet-Wide View of ICS Devices
- Ariana Mirian, Zane Ma, David Adrian, Matthew Tischer, Thasphon Chuenchujit, Tim Yardley,
- Robin Berthier, Josh Mason, Zakir Durumeric, J. Alex Halderman and Michael Bailey
- IEEE Conference on Privacy, Security and Trust (PST), December 2016
Measuring the Security Harm of TLS Crypto Shortcuts
- Drew Springall, Zakir Durumeric, and J. Alex Halderman
- ACM Internet Measurement Conference (IMC), November 2016
Towards a Complete View of the Certificate Ecosystem
- Benjamin VanderSloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J. Alex Halderman
- ACM Internet Measurement Conference (IMC), November 2016
You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications
- Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson
- USENIX Security Symposium (USENIX Security), August 2016
FTP: The Forgotten Cloud
- Drew Springall, Zakir Durumeric, and J. Alex Halderman
- IEEE/IFIP Conference on Dependable Systems and Networks (DSN), June 2016
Users Really Do Plug in USB Drives They Find
- Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, and Michael Bailey
- IEEE Symposium on Security & Privacy ("Oakland"), May 2016
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
- Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti, Nicholas Lidzborski, Elie Bursztein, Michael Bailey, and J. Alex Halderman
- ACM Internet Measurement Conference (IMC), October 2015
- IETF Applied Networking Research Prize (ANRP)
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
- David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
- ACM Computer and Communications Security (CCS), October 2015
- Best Paper Award
Censys: A Search Engine Backed by Internet-Wide Scanning
- Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman
- ACM Computer and Communications Security (CCS), October 2015
The Matter of Heartbleed
- Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman
- ACM Internet Measurement Conference (IMC), November 2014
- Best Paper Award
Security Analysis of the Estonian Internet Voting System
- Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine and J. Alex Halderman
- ACM Computer and Communications Security (CCS), November 2014
An Internet-Wide View of Internet-Wide Scanning
- Zakir Durumeric, Michael Bailey, and J. Alex Halderman
- USENIX Security Symposium (USENIX Security), August 2014
Zippier ZMap: Internet-Wide Scanning at 10 Gbps
- David Adrian, Zakir Durumeric, Gulshan Singh, and J. Alex Halderman
- USENIX Workshop on Offensive Technologies (WOOT), August 2014
Outsmarting Proctors with Smartwatches: A Case Study on Wearable Computing Security
- Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman
- Financial Cryptography and Data Security (Financial Crypto), March 2014
On the Mismanagement and Maliciousness of Networks
- Jing Zhang, Zakir Durumeric, Michael Bailey, Manish Karir, and Mingyan Liu
- Network and Distributed System Security Symposium (NDSS), February 2014
Analysis of the HTTPS Certificate Ecosystem
- Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman
- ACM Internet Measurement Conference (IMC), October 2013
ZMap: Fast Internet-Wide Scanning and its Security Applications
- Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
- USENIX Security Symposium (USENIX Security), August 2013
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
- Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
- USENIX Security Symposium (USENIX Security), August 2012
- Best Paper Award