Zakir Durumeric Named MIT Technology Review Innovator Under 35

A CSE graduate student, Durumeric’s work focuses on developing quantitative, measurement-based approaches to combat threats against hosts and networks on the Internet.

Zakir Durumeric Enlarge
Zakir Durumeric

MIT Technology Review has named CSE graduate student Zakir Durumeric one of this year’s Innovators Under 35. Each year since 1999, MIT Technology Review selects exceptionally talented young innovators whose work they believe has the greatest potential to transform the world.

Durumeric’s work focuses on developing quantitative, measurement-based approaches to combat threats against hosts and networks on the Internet. He uses data-driven perspectives to uncover new classes of security problems, design stronger network protocols, guide the industry’s deployment of improved defenses, and inform fine-grained vulnerability mitigation and patching.

One of his main research projects is ZMap, an open source tool that can scan the public IPv4 address space in under 5 minutes. Prior to the work, tools required painstaking and time-consuming configuration, as well as either months of data collection or a large number of computers.

In the past two years, ZMap has allowed researchers to understand distributed systems on the internet, understand protocol adoption, track and respond to large scale vulnerabilities, and uncover new types of vulnerabilities that are only detectable with a global perspective.

In 2014, Durumeric led a team that tracked the impact of the Heartbleed – a massive vulnerability that affected upwards of 60% of web servers and enabled attackers to steal cryptographic keys and login credentials. Durumeric and his team determined exactly which servers were vulnerable and notified operators, increasing global patch rate for the Internet by nearly 50%.

Most recently, Durumeric has been involved with uncovering several weaknesses in how Diffie-Hellman has been deployed in practice. Diffie-Hellman is an algorithm that is used by a browser and server to agree on a shared secret key and negotiate a secure connection for communication. This method was once considered highly secure because it allows the two connected parties to constantly refresh the cryptographic key, but the newest vulnerability, called Logjam, allows an attacker to easily crack the encryption. At least 8.4% of the top 1 million domains were initially vulnerable to this attack.

Moving forward, Durumeric is working to use scanning and other large-scale measurement to better understand how systems have been deployed in practice and to develop new defenses informed by this measurement. He works with Professors J. Alex Halderman and Michael Bailey.

About MIT Technology Review Innovators Under 35

Established in 1999, the annual list recognizes outstanding innovators who are younger than 35. The awards span a wide range of fields, including biotechnology, materials, computer hardware, energy, transportation, communications, and the Web. Their goal is to recognize the development of new technology or the creative application of existing technologies to solve problems. They also reward ingenious and elegant work that matters to the world at large—not just to peers in a particular field or industry.