I am a security researcher who focuses on nation-state/highly privileged attackers, Internet-scale measurement/vulnerabilities, and election security. I recently left Google's Production Security team where I was working to mitigate insider threats, secure core infrastructure, and improve the overall security and privacy properties of Google's products and services. Starting in January 2020, I'll be joining the Department of Computer Science and Software Engineering faculty at Auburn University.

My Ph.D. research focused on studying nation-state attackers such as the NSA, GCHQ, and other intelligence agencies to understand their approach to security issues and identify weaknesses that are form-fitted to their special abilities and characteristics. Throughout my graduate education at the University of Michigan, I was advised by Prof. J. Alex Halderman and funded by an NSF Graduate Research Fellowship, the Post-9/11 GI Bill, Google ATAP, and others.

My work has helped explain intelligence agencies' abilty to defeat widely used cryptography, identify and analyze the danger posed by common cryptographic shortcuts used in the TLS protocol, and demonstrated the real-world potential of election interference by foreign actors through technical means. This research has been covered and cited by The Wall Street Journal, The Washington Post, Ars Technica, The Guardian, US-CERT, NIST, FBI Cyber Division, and Playboy (SFW).


Select Publications

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann
22nd ACM Conference on Computer and Communications Security (CCS ’15), October 2015
Best Paper Award
Pwnie Award for Most Innovative Research

Measuring the Security Harm of TLS Crypto Shortcuts

Drew Springall, Zakir Durumeric, and J. Alex Halderman
16th ACM Internet Measurement Conference (IMC ’16), November 2016

Security Analysis of the Estonian Internet Voting System

Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, and J. Alex Halderman
21st ACM Conference on Computer and Communications Security (CCS ’14), November 2014


Words of Wisdom

Reminder: If it's not exploitable now, that doesn't mean it won't be later Image Source: Der Spiegel