Zhiyun Qian, University of California Riverside
Title: Weaponizing Network Side Channels: From TCP Hijacking to DNS Cache Poisoning
Host: Charalampos (Babis) Papamanthou
Side channel attacks were never considered as part of the threat model when network protocols were designed. Even today, the impact of network side channels is vastly underestimated. Exploiting network side channels have been considered challenging, if not infeasible, due to its nature of being remote. In this talk, I will demonstrate a series of surprisingly powerful attacks where a blind off-path attacker can use side channels to hijack arbitrary remote TCP connections, as well as launch DNS cache poisoning attacks against popular DNS services. I will also give insights on how to systematically discover such problems.
Zhiyun Qian is the Everett and Imogene Ross associate professor in the CSE department at the University of California Riverside. His main research interests are in the area of system and network security, including vulnerability discovery, side channel analysis, applied program analysis, system building, and measurement of real-world security problems. He is a recipient of the ACM CCS distinguished paper award in 2020, Applied Networking Research Prize from IRTF in 2019, NSF CAREER Award in 2017, Facebook Internet Defense Prize Finalist in 2016, and the most creative idea award from Geekpwn 2016.