Research Interests. I design, build, and analyze secure and scalable protocols and networked systems. My work focuses on the mechanisms that comprise Internet services. It ranges from the core Internet protocols, through content delivery networks, to large-scale Internet applications. My research methodology combines rigorous analysis with experimental evaluation, as well as informing deployment via standardization and interactions with practitioners.
Short bio. Prior to Algorand, I was postdoctoral researcher at the Massachusetts Institute of Technology and Boston University, hosted by Prof. Nickolai Zeldovich and Prof. Sharon Goldberg. I was part of the Parallel & Distributed Operating Systems and BUSec groups. Before moving to Boston, I worked on network and system security as a research staff member at IBM and a postdoctoral researcher at the Hebrew University hosted by Prof. Michael Schapira. I completed my Ph.D. at the CS department in Bar-Ilan University, where I was a part of the network security research group led by Prof. Amir Herzberg. I am truly fortunate to have had great mentors. My Ph.D. studies included great experiences in the industry. I interned at Google Cambridge MA, where I worked on SPDY. Before that, I worked at IBM Research Zurich laboratory on improving password-based authentication. Prior to all these travels, I was a software architect at Marvell's Switching Division and was a computer science researcher in the Israeli army.I enjoy teaching! I created and taught, together with Dr. Oded Margalit, the ``Advanced Topics in Software Security'' course, given at Ben-Gurion University in Spring 2015.
Honors and Awards
I'm on the program committee for the following conferences:
Private communication over the Internet remains a challenging problem. Even if messages are encrypted, it is hard to deliver them without revealing metadata about which users are communicating. Scalable metadata-hiding systems, such as Tor, are popular but susceptible to traffic analysis attacks. In contrast, the largest-scale systems with metadata privacy require passing all messages through a small number of providers, incurring a very high operational cost for each provider and limiting their deployability in practice. Stadium (SOSP'17) is a point-to-point messaging system that provides metadata and data privacy while scaling its work efficiently across hundreds of low-cost providers operated by different organizations. We show that Stadium can scale to support 4X more users than the current state of the art, using servers that cost an order of magnitude less to operate. However, Stadium induces high latency, and to facilitate broad adoption, the metadata-private system should present comparable performance to ``vanilla'' (non-metadata-private) applications. Karaoke's design (OSDI'18) tackles this challenge. We show that a significant performance gain is achieved by distinguishing between passive and active attacks. Specifically, it is possible to completely avoid leakage of information about metadata when the attacker is passive (observes the traffic on every link and computations of malicious servers) and defend against active attacks (where the attacker modifies traffic) by bounding the leakage of statistical information through differential privacy. This insight, along with careful system design and a rigorous tight analysis allows reducing latency by almost two orders of magnitude over Stadium.
We work on increasing the scale that cryptocurrencies can operate.
is a new cryptocurrency system that can confirm transactions
with latency on the order of a minute while scaling to many users.
Algorand ensures that users never have divergent views of confirmed
transactions, even if some of the users are malicious and the network is
Vault (NDSS'19) builds on top to Algorand to reduce the cryptocurrency's
Existing cryptocurrencies require users to process the log of all transactions ever made, and keep track of everyone's balances,
to validate new blocks of transactions. This approach causes a significant scalability hurdle; running a Bitcoin client today already requires fetching and processing almost 200GB of transactions' history,
and this requirement will only increase with time.
The adoption of more efficient designs (such as Algorand)
will lead to a massive increase in the rate of transactions and is so
only expected to aggravate this problem further.
Vault addresses this issue by utilizing authenticated data structures to allow users to attach to transactions a succinct proof that their transactions are valid without requiring other users to process previous transactions or keep track of everyone else's balances.
Algorand is being commercialized by a startup company.
Extensive standardization and R&d efforts are dedicated to establishing secure Internet routing through RPKI and BGPsec.
Our studies show that there are significant challenges in enforcing RPKI-based policies (NDSS'17). We argue that many problems with using the RPKI are rooted in
incorrectly using the maxLength parameter (CoNEXT'17),
and suggest best practices (IETF draft). As an alternative to RPKI, that is easier to adopt and robust to errors, we propose DISCO (HotNets'18).
The adoption of BGPsec, the next step in securing Internet routing, built on top of RPKI, is expected to be far harder since it requires replacing the Internet infrastructure and provides limited benefits under partial adoption.
We propose path-end validation (HotNets'15, SIGCOMM'16), a modest extension to RPKI or DISCO that provides security benefits comparable to BGPsec while circumventing its deployment challenges. Path-end validation was awarded the IRTF applied network research prize (2017).
I believe that the combination of DISCO and path-end validation provides a tangible path to secure Internet routing.