Research Updates from the Cloudflare Blog
2021-10-15 Multi-User IP Address Detection
We’ve devised novel methods to detect multi-user IP addresses, and today we’re excited to announce their integration into our global threat intelligence products. These will improve the quality of our detection techniques and reduce false positives for our customers, and the clients that visit them.
Diagnosing scaling issues in a service associated with TLS termination through a deep dive into some of the incidents it caused.
Announcing a public demo and open-sourced implementation of a privacy-preserving compromised credential checking service
IP addresses associated with names, interfaces, and sockets, can tie these things together in a way that IP was never designed to support. This post describes Cloudflare efforts to decouple of IP addresses from names, the latest in a quest for something we’re calling Addressing Agility.
2021-10-14 Research Directions in Password Security
We've been studying password problems, including malicious logins using compromised credentials. Here's what we learned and here's where we think we can go from here with safer password systems.
2021-10-13 Cloudflare and the IETF
Cloudflare helps build a better Internet through collaboration on open and interoperable standards. This post will describe how Cloudflare contributes to the standardization process to enable incremental innovation and drive long-term architectural change.
2021-10-13 Pairings in CIRCL
Our Go cryptographic library CIRCL announces support for pairing-based cryptography.
Learn more about Exported Authenticators, a new extension to TLS, currently going through the IETF standardisation process.
Real world experiments for evaluating connection coalescing effects.
2021-10-12 Introducing SSL/TLS Recommender
Introducing customized recommendations to improve the security of your website.
Cloudflare worked with TU Graz to study the impact of Spectre on Cloudflare Workers and to develop new defenses against it. Today we're publishing a paper about our research.
What does ECH mean for connection security and privacy on the network? How does it relate to similar technologies and concepts such as domain fronting? In this post, we’ll dig into ECH details and describe what this protocol does to move the needle to help build a better Internet.
2021-10-12 Privacy Pass v3: the new privacy bits
A new version of Privacy Pass for reducing the number of CAPTCHAs.
2021-10-11 Announcing Cloudflare Research Hub
Announcing a new landing page where you can learn more about our research and additional resources.
2021-10-11 Internship Experience: Research Engineer
Over the summer of 2020 I interned at Cloudflare Research. This invaluable experience contributed to Cloudflare’s support of ODoH protocol, and I was awarded the best student paper award at PETS 2021.
2021-10-11 Cloudflare invites visiting researchers
As part of Cloudflare’s effort to build collaborations with academia, we host research focused internships all year long. Interns collaborate cross-functionally in research projects and are encouraged to ship code and write a blog post and a peer-reviewed publication at the end of their internship.
2021-10-10 Cloudflare Research: Two Years In
What Cloudflare Research has been up to for the last two years.
2021-10-01 Announcing The Cloudflare Distributed Web Gateways Private Beta: Unlocking the Web3 Metaverse and Decentralized Finance for Everyone
Cloudflare announces the Private Beta of their Web3 gateways for Ethereum and IPFS. Unlocking the Metaverse, Web3, and Decentralized Finance for every developer.
2021-10-01 Web3 — A vision for a decentralized web
In this blog we start to explain Web3 in the context of the web's evolution, and how Cloudflare might help to support it.
The Cloudflare IPFS module protects users from threats like phishing and ransomware.
2021-08-12 More devices, fewer CAPTCHAs, happier users
Today, we are taking another step in helping to reduce the Internet’s reliance on CAPTCHAs to prove that you are not a robot. We are expanding the reach of our Cryptographic Attestation of Personhood experiment by adding support for a much wider range of devices.
2021-08-12 Introducing Zero-Knowledge Proofs for Private Web Attestation with Cross/Multi-Vendor Hardware
In Cryptographic Attestation of Personhood the server sends a message to the browser that the hardware security signs, demonstrating its authenticity.
2021-07-01 Account Takeover Protection and WAF mitigations to help stop Global Brute Force Campaigns
Today, we are making our Account Takeover Protection capabilities available to all paid plans at no additional charge.
An experiment that uses hardware security keys (like a YubiKey) to replace CAPTCHAs completely. The idea is rather simple: if a real human is sitting at their keyboard or uses their phone, they can touch their security key’s button or bring it near their phone to demonstrate that they are human.
2021-01-15 KEMTLS: Post-quantum TLS without signatures
The TLS 1.3 protocol has been around for quite some time, but it will be broken once quantum computers arrive. What can we do? In this blog post, we will examine a technique for achieving full post-quantum security for TLS 1.3 in the face of quantum computers: KEMTLS.
2021-01-13 A Name Resolver for the Distributed Web
At Cloudflare, we have been exploring alternative ways to resolve queries to responses that align with these attributes. We are proud to announce a new resolver for the Distributed Web, where IPFS content indexed by the Ethereum Name Service (ENS) can be accessed.
2020-12-11 Securing the post-quantum world
As quantum computing continues to mature, research and development efforts in cryptography are keeping pace. We’re working with academia and industry peers to help create a new set of cryptography standards that are resilient to attack from quantum computers.
2020-12-08 Good-bye ESNI, hello ECH!
A deep dive into the Encrypted Client Hello, a standard that encrypts privacy-sensitive parameters sent by the client, as part of the TLS handshake.
Imagine passwords for online services that never leave your device, encrypted or otherwise. OPAQUE is a new cryptographic protocol that makes this idea possible, giving you and only you full control of your password.
Oblivious DoH (ODoH) makes secure DNS over HTTPS (DoH) queries into private queries which prevent the leakage of client IP addresses to resolvers. The new proposed ODoH standard addresses this problem and today we are enabling users to use this protocol with 22.214.171.124
Today, we’re making several announcements around improving Internet protocols with respect to something important to our customers and Internet users worldwide: privacy.
2020-10-01 NTS is now an RFC
2019-11-01 Delegated Credentials for TLS
2019-10-30 The TLS Post-Quantum Experiment
Server-side results from the experiment between Cloudflare and Google to measure the performance of two post-quantum key exchange algorithms in TLS.
2019-10-29 DNS Encryption Explained
Encrypting DNS makes it impossible for snoopers to look into your DNS messages. Just as the web moved from unencrypted HTTP to encrypted HTTPS there are now upgrades to the DNS protocol that encrypt DNS itself.
2019-09-18 Cloudflare’s Approach to Research
2019-06-21 Introducing time.cloudflare.com
2019-06-20 The Quantum Menace
The impact of quantum computing on cryptography conducts research and development towards a Post-Quantum era.
CIRCL is a modern Go cryptographic library by Cloudflare.
2019-06-19 Cloudflare's Ethereum Gateway
When you visit a secure website, it offers you a TLS certificate that asserts its identity. Every certificate has an expiration date, and when it’s passed due, it is no longer valid.
2018-08-11 A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
2017-12-26 Why TLS 1.3 isn't in browsers yet
The Internet is in the middle of such an upgrade right now. Transport Layer Security (TLS), is getting its first major overhaul with TLS 1.3.
This post provides an analysis of Mirai, the Internet-of-Things botnet that took down major websites via massive DDoS using 100s of 1000s of IOT devices.
2017-11-09 Privacy Pass - “The Math”
2017-11-09 Cloudflare supports Privacy Pass
2017-09-26 Geo Key Manager: How It Works
Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare.