BEGIN:VCALENDAR METHOD:PUBLISH PRODID:-//Apple Computer\, Inc//iCal 1.0//EN X-WR-CALNAME;VALUE=TEXT:USC VERSION:2.0 BEGIN:VEVENT DESCRIPTION:Speaker: Zhiyun Qian, University of California Riverside Talk Title: Network Side Channel Attacks: An Oversight Yesterday, A Lingering Threat Today Abstract: In this talk, I will discuss the history of attacks against one of the most widely used protocol --- TCP. As side channels were never really considered a threat when network protocols are designed, they suffer almost an endless stream of problems. I will demonstrate a blind off-path attacker can use side channels to hijack a remote TCP connection. Recently, we show two serious attacks: (1) a completely blind off-path attacker (not MITM) can hijack a TCP connection between any two arbitrary hosts (i.e., inferring the existence of connection, and sequence numbers). (2) a variation of the attack which exploits a fundamental design of Wi-Fi which is unfortunately impossible to patch in the short term. I will also give insights on how to systematically discover such problems Biography: Dr. Zhiyun Qian is an associate professor at University of California, Riverside. His research interest is on system and network security, including vulnerability discovery, system building, applied program analysis, Internet security (e.g., TCP/IP), Android security, side channels. He has published more than a dozen papers at the top security conferences including IEEE Security & Privacy, ACM CCS, USENIX Security, and NDSS. His projects have resulted in real-world impact with security patches applied in Linux kernel, Android, macOS, and firewall products. His work on TCP side channel attacks won the most creative idea award at GeekPwn 2016 and winner award at GeekPwn 2017. His research is supported by 8 NSF grants (including the NSF CAREER Award) and two industrial gifts. Host: Xuehai Qian, xuehai.qian@usc.edu SEQUENCE:5 DTSTART:20180920T140000 LOCATION:EEB 132 DTSTAMP:20180920T140000 SUMMARY:CENG Seminar UID:EC9439B1-FF65-11D6-9973-003065F99D04 DTEND:20180920T150000 END:VEVENT END:VCALENDAR