Side Channel Attacks against TCP and How You Might Stop Them

Dr. Zhiyun Qian, Assistant Professor, University of California, Riverside

[Not Recorded]

Dr. Zhiyun Qian, Assistant Professor, University of California, Riverside


In this talk, I will discuss the history of off-path TCP attacks and their relationship with side channels. I will demonstrate a diverse, realistic, and powerful set of off-path TCP attacks can be conducted using a variety of side channels. Very recently, we show that a pure off-path/blind attack can be carried out against Linux hosts without being able to run any malicious code on either the client or server. Essentially the attacker can infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Further, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this, in turn, allows the attacker to cause connection termination and perform data injection attacks. I will conclude by giving the insights on how to systematically discover and fix such problems.


Dr. Zhiyun Qian is an assistant professor at the University of California, Riverside. His research interest is on system and network security, including vulnerability discovery and exploitation techniques, protocol security, Android security, side channels, and web economies. He has published more than a dozen papers at the top security conferences including IEEE Security & Privacy, ACM CCS, USENIX Security, and NDSS. His work has resulted in real-world impact with security patches applied in Linux kernel, Android, and firewall products. His work on TCP side channel attacks won the most creative idea award at GeekPwn 2016. His work is currently supported by 8 NSF grants (including the NSF CAREER Award).