Dan Ristea

About

I am a PhD student in the Centre for Doctoral Training in Cybersecurity at University College London. My research interest is differential privacy, specifically how it is verified and validated in real-world use-cases. My supervisor is Professor Steven J. Murdoch.

Publications

CoStricTor: Collaborative HTTP Strict Transport Security in Tor Browser

Killian Davitt, Dan Ristea, Duncan Russell, Steven J. Murdoch

PoPETS 2024, Issue 1
Abstract:

HTTP Strict Transport Security (HSTS) is a widely-deployed security feature in modern web browsing. It is also, however, a potential vector for user tracking and surveillance. Tor Browser, a web browser primarily concerned with online anonymity, disables HSTS as a result of this tracking potential. We present the CoStricTor protocol which crowdsources HSTS data among Tor Browser clients. It gives Tor Browser users increased resistance to man-in-the-middle attacks without exposing them to HSTS tracking. Our protocol adapts other privacy-preserving data aggregation algorithms to share data effectively among users with strong local differential privacy guarantees. The CoStricTor protocol resists denial of service attacks by design through our innovative use of Bloom filters to represent complementary data. Our simulations show our protocol can model up to 150,000 websites, providing 10,000 upgrades to HSTS for users.

Teaching

I am currently a Postgraduate Teaching Assistant for the following Masters-level modules at UCL:

I am also a React coach for Skiller Whale.

Contact

Email: dan at dri.st