Rasmus’ research contributes to a future with greater cyber security
2023-09-14Anonymity online is a highly topical subject that Rasmus Dahlberg has been researching for a long time. Ramus recently defended his doctoral thesis, “On Certificate Transparency Verification and Unlinkability of Websites Visited by Tor Users”, in Computer Science.
Presented his research in the US
With an academic background in computer engineering, Rasmus has both taken a doctorate, taught computer security and worked part-time at the companies Mullvad VPN and Glasklar Teknik. In addition to defending his doctoral thesis in June, Rasmus recently took part in the USENIX Security Symposium 2023 as a result of a paper that he wrote together with his former supervisor, Tobias Pulls: Timeless Timing Attacks and Preload Defenses in Tor’s DNS Cache, as part of his thesis.
– Publishing in USENIX Security means that a lot of people in our field of research will read the paper and share our findings. I am, of course, very happy and motivated by it, says Rasmus.
USENIX Security is one of the top-rated academic venues available in the field of cyber security, used to list top publications in computer science and computer security.
– Most researchers go through their entire career without having any scientific contribution in such high-ranking places. Most papers therefore have many authors: our paper only has two. And the fact that Rasmus managed to pull this off while being a doctoral student is truly the icing on the cake, says Tobias Pulls, Senior Lecturer in Computer Science.
How cyber security is connected to both transparency and people’s freedom of speech are areas that have motivated Rasmus while writing his thesis. Getting around surveillance or censorship is, for example, necessary for people in vulnerable situations to be able to find information online, he says.
What is the result of your research?
– I have suggested several browser improvements, such as how to increase the likelihood of detecting if an attacker manages to pose as your bank using a fake certificate. I have also made progress on threat modeling in anonymity networks such as Tor and closed some of the security loopholes that we identified around DNS.
Who do think will be interested in your research?
– It is of interest to companies and organisations involved in technology that need to ensure that they actually do what they claim to do, such as issuing certificates only to those who administer the domain name of a website. My research is also directly applicable for those who work with VPNer, Tor or similar anonymity networks.
What would you say makes computer science an exciting subject?
– I like problem solving and find some kind of inner motivation in being a part of the solution to the societal problems we are facing. To give an example: as different sectors become more and more centralised in a few companies, they gain an increased amount of power. The question is what do they actually do with that power? Can we detect if it is being misused? This is just one of many questions that I have pondered over in the past few years.
What will you be working on now that you’ve completed your thesis?
– I’m going to contribute to the free and open-source projects Sigsum and System Transparency, which are about increasing transparency and auditability in IT systems. I’m looking forward to applying research that solves the problems of the future, Rasmus concludes.
Facts
Tor: Tor is an implementation of onion routing in free and open software – a type of anonymity service that allows its users to communicate anonymously over the Internet. Tor contains several layers of encryption and anonymisation, which allows you to reduce the risk of being monitored online. Tor can also be used to get around censorship in parts of the world where access to information online is limited.
More about the USENIX Security Symposium
Rasmus’ doctoral thesis: On Certificate Transparency Verification and Unlinkability of Websites Visited by Tor Users
More links: https://www.sigsum.org/ and https://www.system-transparency.org/