Curriculum Vitae

I am a Ph.D. candidate in Computer Science and Engineering at the University of Michigan where my research focuses on computer and network security. I am advised by Professor J. Alex Halderman and funded by a Google Ph.D. Fellowship.

Contact Information

I am best reached at zakir@umich.edu (key) or (224) 286-4210. My address is:

  • Zakir Durumeric
  • Beyster Building, Room 4808
  • 2260 Hayward Street
  • Ann Arbor, MI 48109

Research Overview

My research brings a data-driven approach to the study of computer and network security. I have built systems and tools to facilitate Internet-scale security measurement (ZMap and Censys) and used them to discover and correct vulnerabilities that only emerge when studied at global scale. My work has helped strengthen the Internet's most important cryptographic protocols (TLS, SSH, secure email transport, and the HTTPS PKI), defend the Internet's core infrastructure, and guide the design and deployment of widely-used systems.

Education

2013 – present

Ph.D. in Computer Science and Engineering, University of Michigan, August 2017 (expected)

  • Advisor: J. Alex Halderman
  • Committee: Vern Paxson, Michael Bailey, Peter Honeyman, and Florian Schaub

Awards and Honors

  • Best Paper Award, ACM CCS (2015)
  • Best Paper Award, ACM IMC (2014)
  • Best Paper Award, USENIX Security Symposium (2012)
  • IETF Applied Networking Research Prize (2016)
  • 2015 Pwnie for Most Innovative Research (2015)
  • MIT Technology Review 35 Innovators Under 35 (2015)
  • Google Ph.D. Fellowship in Security (2014)
  • 1st Place, CSE Graduate Student Honors Competition (2013)

Top-Tier Conference Papers

Understanding the Mirai Botnet

  • Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran
  •       Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever,
  •       Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou
  • USENIX Security Symposium (USENIX Security), August 2017

The Security Impact of HTTPS Interception

  • Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein,
  •       Michael Bailey, J. Alex Halderman, and Vern Paxson
  • Network and Distributed System Security Symposium (NDSS), February 2017

Measuring the Security Harm of TLS Crypto Shortcuts

  • Drew Springall, Zakir Durumeric, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), November 2016

Towards a Complete View of the Certificate Ecosystem

  • Benjamin VanderSloot, Johanna Amann, Matthew Bernhard,
  •       Zakir Durumeric, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), November 2016

You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications

  • Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey,
  •       Damon McCoy, Stefan Savage, and Vern Paxson
  • USENIX Security Symposium (USENIX Security), August 2016

Users Really Do Plug in USB Drives They Find

  • Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, and Michael Bailey
  • IEEE Symposium on Security & Privacy ("Oakland"), May 2016

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security

  • Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti,
  •       Nicholas Lidzborski, Elie Bursztein, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), October 2015
  • IETF Applied Networking Research Prize (ANRP)

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

  • David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green,
  •       J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta,
  •       Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
  • ACM Computer and Communications Security (CCS), October 2015
  • Best Paper Award
  • 2015 Pwnie for Most Innovative Research

Censys: A Search Engine Backed by Internet-Wide Scanning

  • Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman
  • ACM Computer and Communications Security (CCS), October 2015

The Matter of Heartbleed

  • Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer,
  •       Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), November 2014
  • Best Paper Award

Security Analysis of the Estonian Internet Voting System

  • Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat,
  •       Harri Hursti, Margaret MacAlpine and J. Alex Halderman
  • ACM Computer and Communications Security (CCS), November 2014

An Internet-Wide View of Internet-Wide Scanning

  • Zakir Durumeric, Michael Bailey, and J. Alex Halderman
  • USENIX Security Symposium (USENIX Security), August 2014

On the Mismanagement and Maliciousness of Networks

  • Jing Zhang, Zakir Durumeric, Michael Bailey, Manish Karir, and Mingyan Liu
  • Network and Distributed System Security Symposium (NDSS), February 2014

Analysis of the HTTPS Certificate Ecosystem

  • Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), October 2013
  • Best Paper Nomination

ZMap: Fast Internet-Wide Scanning and its Security Applications

  • Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
  • USENIX Security Symposium (USENIX Security), August 2013

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

  • Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
  • USENIX Security Symposium (USENIX Security), August 2012
  • Best Paper Award
  • ACM Computing Reviews’ Notable Computing Books and Articles of 2012

Other Publications

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

  • David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green,
  •       J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta,
  •       Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
  • Communications of the ACM, to appear

Security Challenges in an Increasingly Tangled Web

  • Deepak Kumar, Zane Ma, Zakir Durumeric, Ariana Mirian, Joshua Mason,
  •       J. Alex Haldermani, and Michael Bailey
  • World Wide Web Conference (WWW), April 2017

The Danger of USB Drives

  • Matthew Tischer, Zakir Durumeric, Elie Bursztein, and Michael Bailey
  • IEEE Security & Privacy (S&P Magazine), to appear

An Internet-Wide View of ICS Devices

  • Ariana Mirian, Zane Ma, David Adrian, Matthew Tischer, Thasphon Chuenchujit, Tim Yardley,
  •       Robin Berthier, Josh Mason, Zakir Durumeric, J. Alex Halderman and Michael Bailey
  • IEEE Conference on Privacy, Security and Trust (PST), December 2016

FTP: The Forgotten Cloud

  • Drew Springall, Zakir Durumeric, and J. Alex Halderman
  • IEEE/IFIP Conference on Dependable Systems and Networks (DSN), June 2016

Zippier ZMap: Internet-Wide Scanning at 10 Gbps

  • David Adrian, Zakir Durumeric, Gulshan Singh, and J. Alex Halderman
  • USENIX Workshop on Offensive Technologies (WOOT), August 2014

Outsmarting Proctors with Smartwatches: A Case Study on Wearable Computing Security

  • Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman
  • Financial Cryptography and Data Security (Financial Crypto), March 2014

Patents

Network Maliciousness Susceptibility Analysis and Rating

  • Mingyan Liu, Michael Bailey, Manish Karir, Jing Zhang, and Zakir Durumeric
  • United States Patent Application Serial No. 61/942,920

Program Committees

  • 2018 International World Wide Web Conference (WWW'18)
  • 2017 Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'17)
  • 2017 International World Wide Web Conference (WWW'17)
  • 2016 Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'16)
  • 2016 International World Wide Web Conference (WWW'16)
  • 2015 USENIX Workshop on Offensive Technologies (WOOT'15)

I have also served as an external reviewer for USENIX Security (2015–2016), ACM CCS (2014–2015, 2017),
ACM IMC (2015–2016), and NDSS (2017).

Teaching Experience

Spring 2013, 2014

Graduate Computer and Network Security

University of Michigan

  • Taught primary lecture material as needed
  • Advised students on class research projects

Fall 2012

Introduction to Computer Security

University of Michigan

  • Led weekly recitation
  • Developed course projects

Summer 2013, 2015

Big Data Boot Camp

University of Michigan

  • Taught introductory computer science lectures for summer course designed to introduce humanities graduate students to using computing for research

Advising

Undergraduate and masters independent studies supervised:

  • 2017: Alex Holland, Gabrielle Beck
  • 2016: Alishah Chator, Noah Duncan
  • 2015: Rose Howell, Vikas Kumar, Ariana Mirian
  • 2014: Gulshan Singh, Saam Aghevli, Andrew Modell, Kollin Purcell, Jack Miner
  • 2013: David Adrian, Jennifer O’Neil

Selected Talks

The Security Impact of HTTPS Interception

  • Network and Distributed System Security Symposium (NDSS'17), February 2017

Uncovering Cryptographic Failures with Internet-Wide Measurement

  • CMU CyLab, April 2016
  • Northestern University, March 2016
  • Boston University, March 2016
  • Stanford Security Seminar, March 2016
  • MIT CSAIL Security Seminar, November 2015

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security

  • Cloudflare Crypto Meetup, April 2016
  • Internet Research Task Force (IRTF), April 2016
  • Chaos Communication Congress (32C3), December 2015

ZMap: Fast Internet-Wide Scanning and its Security Applications

  • MIT Technology Review EmTech, November 2015
  • IT University of Copenhagen, June 2014
  • Vrije Universiteit Amsterdam, June 2014
  • RIPE68, May 2014
  • Eurecom, October 2013
  • USENIX Security, August 2013

The Matter of Heartbleed

  • Chaos Communication Congress (31C3), December 2014
  • Internet Measurement Conference (IMC'14), November 2014
  • University of Illinois, Systems and Networking Seminar Series, October 2014

Analysis of the HTTPS Certificate Ecosystem

  • Internet Measurement Conference (IMC'13), October 2013

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

  • USENIX Security, August 2012
  • The University of Iowa, June 2012

Much of my work has been covered in the media, including by: Ars Technica, Bloomberg, Der Spiegel, The Washington Post, MIT Tech Review, The New York Times, Reuters, Scientific American, The Wall Street Journal, Wired, and Vox.

References

J. Alex Halderman
Professor, University of Michigan

Vern Paxson
Professor, U.C. Berkeley

Michael Bailey
Associate Professor, University of Illinois Urbana-Champaign

Stefan Savage
Professor, U.C. San Diego

Peter Honeyman
Research Professor, University of Michigan