Research

We focus on network security to build a secure and reliable Internet infrastructure.

Our work combines data-driven security analysis (especially large-scale network measurement), protocol design, and threat mitigation. Current topics include the Domain Name System (DNS), Public Key Infrastructure (PKI), Transport Layer Security (TLS), and email security.

We aim to (i) identify systemic vulnerabilities, misconfigurations, and security risks in critical Internet systems and (ii) design deployable, data-driven solutions that improve the Internet’s security, reliability, and resilience.

Data-driven Security Analysis
Data-driven Security Analysis

We conduct large-scale and longitudinal measurements to understand real-world deployment failures and operational risks in Internet security.

Protocol Development and Optimization
Protocol Development and Optimization

We design deployable security mechanisms that improve efficiency while maintaining practical compatibility with today’s Internet infrastructure.

Threat Mitigation
Threat Mitigation

We analyze infrastructure-level attacks and protocol abuse at Internet scale and develop scalable defense mechanisms to improve resilience.