Name: ZHANG Yiming

Title: Research Assistant Professor

Email: zhangyimin@tsinghua.edu.cn

Personal Website: https://cypher-z.github.io

Ph.D. in Computer Science and Technology, Tsinghua University (Department of Computer Science and Technology), China, 2022

B.S. in Mathematics and Physics, Tsinghua University (Department of Physics), China, 2017

Research Assistant Professor, Institute for Network Sciences and Cyberspace, Tsinghua University, China, Feb. 2025 – Present

Postdoctoral Fellow, Institute for Network Sciences and Cyberspace, Tsinghua University, China, Sep. 2022 – Dec. 2024

Network security, including cellular network security, public key infrastructure (PKI) security, network threat detection, and network measurement.

My research primarily focuses on the security of network infrastructure, including cellular networks, public key infrastructure, and large-scale network measurement. I have published over ten papers at the four premier international cybersecurity conferences (IEEE S&P, USENIX Security, NDSS, CCS). My research outcomes have been repeatedly recognized in the official security research acknowledgment list of GSMA, the global mobile communications industry association, and have contributed to security revisions in multiple 3GPP communication standard documents. Recent research directions include:

1. Cellular Network Security: Focusing on vulnerability discovery and impact assessment in real-world cellular communication systems (4G/5G), including security flaws in protocol mechanisms, system configurations, and service interactions, covering critical components such as core networks, radio access networks, and mobile services.

2. Public Key Infrastructure: Investigating deployment practices and security risks of PKI in real-world networks, analyzing its structural resilience and trust assurance capabilities under diverse threat scenarios.

3. Network Threat Detection: Employing data-driven approaches such as traffic analysis and network measurement to detect and characterize various network threat activities, including telecom fraud, infrastructure abuse, and underground internet economies.

Selected Publications

1. Yiming Zhang, Tao Wan, Yaru Yang, Haixin Duan, Yichen Wang, Jianjun Chen, Zixiang Wei, Xiang Li. Invade the Walled Garden: Evaluating GTP Security in Cellular Networks. IEEE S&P 2025 (CCF-A, Big4).

2. Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li, Zaifeng Zhang.Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem. CCS 2021 (CCF-A, Big4).

3. Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang and Qiang Li. Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China. CCS 2020 (CCF-A, Big4).

4. Yaru Yang, Yiming Zhang#, Tao Wan, Haixin Duan#, Deliang Chang, Yishen Li, Shujun Tang. Small Cell, Big Risk: A Security Assessment of 4G LTE Femtocells in the Wild. NDSS 2026 (CCF-A, Big4).

5. Hanqing Zhao, Yiming Zhang#, Lingyun Ying#, Mingming Zhang, Baojun Liu,Haixin Duan, Zi-Quan You, Shuhao Zhang. Understanding the Status and Strategies of the Code Signing Abuse Ecosystem. NDSS 2026 (CCF-A, Big4).

6. Mingxuan Liu, Yiming Zhang, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Xiaofeng Zheng. Understanding the Implementation and Security Implications of Protective DNS Services. NDSS 2024 (CCF-A, Big4).

7. Yijing Liu, Yiming Zhang, Baojun Liu, Haixin Duan, Qiang Li, Mingxuan Liu, Ruixuan Li, Jia Yao. Tickets or Privacy? Understand the Ecosystem of Mobile Ticket Grabbing Apps. USENIX Security 2024 (CCF-A, Big4).

8. Yaru Yang, Yiming Zhang, Tao Wan, Chuhan Wang, Haixin Duan, Jianjun Chen, Yishen Li. Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging Services. WiSec 2024.

9. Shiyue Nie, Yiming Zhang, Tao Wan, Haixin Duan, Song Li. Measuring the Deployment of 5G Security Enhancement. WiSec 2022.

10. Chaoyi Lu, Baojun Liu, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan, Ying Liu, Joann Qiongna Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao and Min Yang. From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. NDSS 2021 (CCF-A, Big4).