Zhiyun Qian

Assistant Professor, University of California, Riverside

Dec 9th, 2016, 11am-12pm, DBH 6011


Off-path TCP Exploits: An Oversight Yesterday, A Lingering Threat Today


In this talk, I will discuss the history of off-path TCP attacks and their relationship with side channels. I will demonstrate the multitude of different ways realistic and powerful off-path TCP attacks can be conducted using a variety of side channels. Very recently, we show that a pure off-path attack can be carried out against Linux hosts without being able to run any malicious code on either the client or server. Essentially the attacker can infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Further, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. I will conclude by giving the insights on how to systematically discover and fix such problems..

Speaker Bio:

Dr. Zhiyun Qian is an assistant professor at University of California, Riverside. His research interest is on system and network security, including Internet security (e.g., TCP/IP), Android security, side channels, infrastructure security (e.g., cellular networks). He has a passion to discover real-world security flaws with insights and help from program analysis tools. His recent TCP work has been awarded the "most creative idea" at GeekPwn and one of the three Facebook Internet Defense Prize finalists at USENIX Security 2016. He obtained his Ph.D. degree in CSE from University of Michigan in 2012.