I am a Ph.D. candidate in Computer Science and Engineering at the University of Michigan, where my research focuses on computer security and privacy. I am advised by Prof. J. Alex Halderman and funded by an NSF Graduate Research Fellowship and the Post-9/11 GI Bill.

My dissertation attempts to understand the world's most powerful attackers, including nation-state adversaries such as NSA and GCHQ. By analyzing their known operations and behaviors, we can better understand how to detect attacks and build systems and protocols to protect against well resourced adversaries.

My work helped explain how intelligence agencies may be able to defeat widely used cryptography. In other work, I showed that widely used TLS crypto shortcuts could be exploited to retrospectively decrypt connections to many of the most popular sites. I studied how foreign adversaries could compromise Internet voting to interfere with elections, and I've investigated HTTPS interception and FTP vulnerabilities.

My research has been covered and cited by The Wall Street Journal, The Washington Post, Ars Technica, The Guardian, US-CERT, NIST, FBI Cyber Division, and Playboy, and it has been referenced multiple times during the development of TLS 1.3. I contribute to open-source projects such as Censys and ZMap, and I occasionally help find RFC bugs during job interviews.


Publications

The Security Impact of HTTPS Interception

Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson
24th Network and Distributed System Security Symposium (NDSS ’17), February 2017

Measuring the Security Harm of TLS Crypto Shortcuts

Drew Springall, Zakir Durumeric, and J. Alex Halderman
16th ACM Internet Measurement Conference (IMC ’16), November 2016

FTP: The Forgotten Cloud

Drew Springall, Zakir Durumeric, and J. Alex Halderman
46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’16), June 2016

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann
22nd ACM Conference on Computer and Communications Security (CCS ’15), October 2015
Best Paper Award
Pwnie Award for Most Innovative Research

Security Analysis of the Estonian Internet Voting System

Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, and J. Alex Halderman
21st ACM Conference on Computer and Communications Security (CCS ’14), November 2014


Words of Wisdom

Reminder: If it's not exploitable now, that doesn't mean it won't be later Image Source: Der Spiegel