Selected Publications

For a list of all my publications, click here, or visit my Google Scholar profile.

In this paper we study the role of domain name registrars in deployment of the Domain Name System Security Extensions (DNSSEC). We find a number of significant hurdles to deployment of DNSSEC as a consequence of a general lack of implementation at large registrars or poor implementation choices at those registrars that do support DNSSEC.
In ACM Internet Measurement Conference 2017 (IMC 2017), London, United Kingdom, 1-3 November 2017., 2017.

This paper provides an end-to-end view of the state of the DNSSEC ecosystem. It covers both DNSSEC-signed domains and a survey of DNSSEC validation by DNS resolvers. The paper paints a bleak picture of the state of DNSSEC deployment, with just over 1% of domains in .com, .net and .org signed and just over 12% of the observed DNS resolvers correctly validating DNSSEC signatures.
In Proceedings of the 26th USENIX Security Symposium (USENIX Security ‘17), Vancouver, BC, Canada, 16-18 August 2017., 2017.

In this work, we study the impact of a switch to elliptic curve cryptography on the performance of DNSSEC-validating DNS resolvers.
In IEEE/ACM Transactions on Networking, Volume 25, Issue 2, April 2017., 2017.

In this paper we present OpenINTEL: a large-scale high-performance active measurement infrastructure for the DNS.
In IEEE Journal on Selected Areas in Communications (JSAC), Volume 34, Issue 7, May 2016., 2016.

This paper establishes ground truth for the amplification attack potential in 70% of all DNSSEC-signed domains. The paper demonstrates that DNSSEC-signed domains have an average amplification factor that is 6 to 12 times higher than that of unsigned domains.
In Proceedings of the ACM Internet Measurement Conference 2014 (IMC 2014), Vancouver, BC, Canada, 5-7 November 2014., 2014.


Ph.D. Candidates

I am daily supervisor of the following Ph.D. candidates in our group:

All Ph.D. candidates I supervise are advised by prof. dr. ir. Aiko Pras

Master Students


  • Caspar Schutijser (planned 2018)
    External project at SIDN Labs on IoT Security.
  • Gijs Rijnders (starting 2018)
    From Eindhoven University of Technology, working on DNS IoC detection using privacy-enhancing technologies.


  • Olivier van der Toorn (2017, co-supervisor)
  • Tho Le (2017)
  • Romanos Dodopoulos (2015)thesis
  • Kaspar Hageman (2015)thesis
  • Sean Rijs (2014)report
  • Gijs van den Broek (2012)paper
  • Niels Monen (2011)report
  • Boudewijn Ector (2009)thesis (in Dutch)

Bachelor Students


I am currently not supervising any bachelor students


  • J.J. Yu (2017)
  • Breus Blaauwendraad (2017)thesis (best paper in track)
  • Eva van den Eijnden (2017)thesis
  • Jeroen Vollenbrock (2016)thesis (best paper in track)
  • Remy Bien (2014)


  • Zilverling room 5098, University of Twente, Enschede, NL
  • Thursday 9:00h-16:00h (email for appointment)