2023RFC 9497: Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups
Internet Research Task Force (IRTF). 2023.
Alex Davidson,
Armando Faz-Hernandez,
Nick Sullivan,
Christopher A. Wood
2023RFC 9380: Hashing to Elliptic Curves
Internet Research Task Force (IRTF). 2023.
Armando Faz-Hernandez,
Sam Scott,
Nick Sullivan,
Riad S. Wahby,
Christopher A. Wood
2023Portunus: Re-imagining access control in distributed systems
2023 USENIX Annual Technical Conference (USENIX ATC 23), pp. 35-52, Boston, MA, 2023.
Watson Ladd,
Marloes Venema,
Tanya Verma,
Armando Faz-Hernandez,
Brendan McMillion,
Avani Wildani,
Nick Sullivan
2023Evaluating practical QUIC website fingerprinting defenses for the masses
The 23rd Privacy Enhancing Technologies Symposium (PETS), July 10-15, Lausanne, Switzerland. 2023.
Sandra Siby,
Ludovic Barman,
Christopher A. Wood,
Marwan Fayed,
Nick Sullivan,
Carmela Troncoso
2022This is not the padding you are looking for! On the ineffectiveness of QUIC PADDING against website fingerprinting
IETF 113 Conference. 2022.
Ludovic Barman,
Sandra Siby,
Christopher A. Wood,
Marwan Fayed,
Nick Sullivan,
Carmela Troncoso
2022Might I Get Pwned: A Second Generation Compromised Credential Checking Service
31th USENIX Security Symposium (USENIX Security 22).
Bijeeta Pal,
Mazharul Islam,
Marina Sanusi Bohuk,
Nick Sullivan,
Luke Valenta,
Tara Whalen,
Christopher A. Wood,
Thomas Ristenpart,
Rahul Chattejee
2022Respect the ORIGIN! A Best-case Evaluation of Connection Coalescing
ACM Internet Measurement Conference 2022, October 25-27, France. 2022.
Sudheesh Singanamalla,
Talha Paracha,
Suleman Ahmad,
Jonathan Hoyland,
Luke Valenta,
Yevgen Safronov,
Peter Wu,
Andrew Galloni,
Kurtis Heimerl,
Nick Sullivan,
Christopher A. Wood,
Marwan Fayed
2022RFC 9261: Exported Authenticators in TLS
Internet Engineering Task Force (IETF). 2022.
Nick Sullivan
2022A Fast and Simple Partially Oblivious PRF, with Applications
Advances in Cryptology – EUROCRYPT 2022: 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, May 30 – June 3, pp. 674–705, 2022.
Nirvan Tyagi,
Sofía Celi,
Thomas Ristenpart,
Nick Sullivan,
Stefano Tessaro,
Christopher A. Wood
2022Let The Right One In: Attestation as a Usable CAPTCHA Alternative
Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), Boston, MA. 2022.
Tara Whalen,
Thibault Meunier,
Mrudula Kodali,
Alex Davidson,
Marwan Fayed,
Armando Faz-Hernandez,
Watson Ladd,
Deepak Maram,
Nick Sullivan,
Benedikt Christoph Wolters,
Maxime Guerreiro,
Andrew Galloni
2021Implementing and measuring KEMTLS
Progress in Cryptology – LATINCRYPT 2021, Lecture Notes in Computer Science(), vol 12912. Springer, 2021.
Sofía Celi,
Armando Faz-Hernandez,
Nick Sullivan,
Goutam Tamvada,
Luke Valenta,
Thom Wiggers,
Bas Westerbaan,
Christopher A. Wood
2021The Ties that un-Bind: Decoupling IP from web services and sockets for robust addressing agility at CDN-scale
Proceedings of the 2021 ACM SIGCOMM 2021 Conference, pp. 433–446. 2021.
Marwan Fayed,
Lorenz Bauer,
Vasileios Giotsas,
Sami Kerola,
Marek Majkowski,
Pavel Odinstov,
Jakub Sitnicki,
Taejoong Chung,
Dave Levin,
Alan Mislove,
Christopher A. Wood,
Nick Sullivan
2021Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS
Proceedings on Privacy Enhancing Technologies 2021, Volume 4, pp. 575–592. 2021.
Sudheesh Singanamalla,
Suphanat Chunhapanya,
Jonathan Hoyland,
Marek Vavruša,
Tanya Verma,
Peter Wu,
Marwan Fayed,
Kurtis Heimerl,
Nick Sullivan,
Christopher A. Wood
2020RFC 8937: Randomness Improvements for Security Protocols
Internet Research Task Force (IRTF). 2020.
Cas Cremers,
Luke Garratt,
Stanislav Smyshlyaev,
Nick Sullivan,
Christopher A. Wood
2019RPKI is coming of age: A longitudinal study of RPKI deployment and invalid route origins
Proceedings of the Internet Measurement Conference, pp. 406-419. 2019.
Taejoong Chung,
Emile Aben,
Tim Bruijnzeels,
Balakrishnan Chandrasekaran,
David Choffnes,
Dave Levin,
Bruce M. Maggs,
Alan Mislove,
Roland van Rijswijk-Deij,
John Rula,
Nick Sullivan
2019Measuring TLS key exchange with post-quantum KEM
Workshop Record of the Second PQC Standardization Conference. 2019.
Krzysztof Kwiatkowski,
Nick Sullivan,
Adam Langley,
Dave Levin,
Alan Mislove
2019Protocols for checking compromised credentials
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1387-1403. 2019.
Lucy Li,
Bijeeta Pal,
Junade Ali,
Nick Sullivan,
Rahul Chatterjee,
Thomas Ristenpart
2019RFC 8586: Loop Detection in Content Delivery Networks (CDNs)
Internet Engineering Task Force (IETF). 2019.
Stephen Ludin,
Mark Nottingham,
Nick Sullivan
2018Is the web ready for OSCP must-staple?
Proceedings of the Internet Measurement Conference 2018, pp. 105-118. 2018.
Taejoong Chung,
Jay Lok,
Balakrishnan Chandrasekaran,
David Choffnes,
Dave Levin,
Bruce M. Maggs,
Alan Mislove,
John Rula,
Nick Sullivan,
Christo Wilson
2018Privacy Pass: Bypassing Internet Challenges Anonymously
Proceedings on Privacy Enhancing Technologies, no. 3 (2018), pp. 164-180. 2018.
Alex Davidson,
Ian Goldberg,
Nick Sullivan,
George Tankersley,
Filippo Valsorda
2018nQUIC: Noise-based QUIC packet protection
EPIQ'18: Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC, pp. 22-28. 2018.
Mathias Hall-Andersen,
David Wong,
Nick Sullivan,
Alishah Chator
2018403 Forbidden: A Global View of CDN Geoblocking
Proceedings of the Internet Measurement Conference 2018, pp. 218-230. 2018.
Allison McDonald,
Matthew Bernhard,
Luke Valenta,
Benjamin VanderSloot,
Will Scott,
Nick Sullivan,
J. Alex Halderman,
Roya Ensafi
2018Geo Key Manager
Real World Crypto Symposium 2018. Zurich, Switzerland. January 2018.
Nick Sullivan,
Brendan McMillion
2018In search of CurveSwap: Measuring elliptic curve implementations in the wild
2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 384-398. IEEE, 2018.
Luke Valenta,
Nick Sullivan,
Antonio Sanso,
Nadia Heninger
2017Understanding the mirai botnet
26th USENIX security symposium (USENIX Security 17), pp. 1093-1110. 2017.
Manos Antonakakis,
Tim April,
Michael Bailey,
Matt Bernhard,
Elie Bursztein,
Jaime Cochran,
Zakir Durumeric,
J. Alex Halderman,
Luca Invernizzi,
Michalis Kallitsis,
Deepak Kumar,
Chaz Lever,
Zane Ma,
Joshua Mason,
Damian Menscher,
Chad Seaman,
Nick Sullivan,
Kurt Thomas,
Yi Zhou
2017The Security Impact of HTTPS Interception
Network and Distributed System Security Symposium (NDSS) 2017.
Zakir Durumeric,
Zane Ma,
Drew Springall,
Richard Barnes,
Nick Sullivan,
Elie Bursztein,
Michael Bailey,
J. Alex Halderman,
Vern Paxson
2016Attacking White-Box AES Constructions
Proceedings of the 2016 ACM Workshop on Software Protection, pp. 85-90. 2016.
Brendan McMillion,
Nick Sullivan
2015An analysis of TLS handshake proxying
2015 IEEE Trustcom/BigDataSE/ISPA, volume 1, pp. 279-286. 2015.
Douglas Stebila,
Nick Sullivan
Blog posts
- The post-quantum future: challenges and opportunities
- Cloudflare Research: Two Years In
- Heartbleed Revisited
- Securing the post-quantum world
- Helping build the next generation of privacy-preserving protocols
- SAD DNS Explained
- Going Keyless Everywhere
- Delegated Credentials for TLS
- Tales from the Crypt(o team)
- Cloudflare’s Approach to Research
- How Cloudflare and Wall Street Are Helping Encrypt the Internet Today
- Welcome to Crypto Week 2019
- Welcome to Crypto Week
- A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
- Introducing Certificate Transparency and Nimbus
- Why TLS 1.3 isn't in browsers yet
- Cloudflare supports Privacy Pass
- Geo Key Manager: How It Works
- High-reliability OCSP stapling and why it matters
- How to make your site HTTPS-only
- A container identity bootstrapping tool
- Introducing Zero Round Trip Time Resumption (0-RTT)
- Cloudflare Crypto Meetup #5: February 28, 2017
- Cloudflare Crypto Meetup #4: November 22
- Opportunistic Encryption: Bringing HTTP/2 to the unencrypted web
- Introducing TLS 1.3
- Encryption Week
- How we built Origin CA: Web Crypto
- IETF Hackathon: Getting TLS 1.3 working in the browser
- CloudFlare Crypto Meetup: April 21, 2016
- Introducing CFSSL 1.2
- Going to IETF 95? Join the TLS 1.3 hackathon
- Padding oracles and the decline of CBC-mode cipher suites
- Preventing Malicious Request Loops
- Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision
- How to build your own public key infrastructure
- iOS Developers — Migrate to iOS 9 with CloudFlare
- An introduction to JavaScript-based DDoS
- Universal SSL: Encryption all the way to the origin, for free
- Do the ChaCha: better mobile performance with cryptography
- Kyoto Tycoon Secure Replication
- CloudFlare and SHA-1 Certificates
- DNSSEC: Complexities and Considerations
- DNSSEC: An Introduction
- Universal SSL: How It Scales
- Origin Server Connection Security with Universal SSL
- Keyless SSL: The Nitty Gritty Technical Details
- Introducing CFSSL - CloudFlare's PKI toolkit
- CloudFlare Meetups: Set your mind on fire.
- Killing RC4: The Long Goodbye
- The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued
- Certificate Revocation and Heartbleed
- The Results of the CloudFlare Challenge
- Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?
- Staying ahead of OpenSSL vulnerabilities
- ECDSA: The digital signature algorithm of a better internet
- Introducing Strict SSL: Protecting Against a On-Path Attack on Origin Traffic
- How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer
- Red October: CloudFlare’s Open Source Implementation of the Two-Man Rule
- A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
- Ensuring Randomness with Linux's Random Number Generator
- DDoS Prevention: Protecting The Origin