English
Related papers

Related papers: Off-Path TCP Exploits of the Mixed IPID Assignment

200 papers

Path MTU Discovery (PMTUD) and IP address sharing are integral aspects of modern Internet infrastructure. In this paper, we investigate the security vulnerabilities associated with PMTUD within the context of prevalent IP address sharing…

Cryptography and Security · Computer Science 2025-09-16 Xuewei Feng , Zhaoxi Li , Qi Li , Ziqiang Wang , Kun Sun , Ke Xu

The paper demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker. The attacker sends to a victim a sequence of identical spoofed segments.…

Cryptography and Security · Computer Science 2012-01-25 Jan Wrobel

In this paper, we unveil a fundamental side channel in Wi-Fi networks, specifically the observable frame size, which can be exploited by attackers to conduct TCP hijacking attacks. Despite the various security mechanisms (e.g., WEP and…

Networking and Internet Architecture · Computer Science 2024-10-02 Ziqiang Wang , Xuewei Feng , Qi Li , Kun Sun , Yuxiang Yang , Mengyuan Li , Ganqiu Du , Ke Xu , Jianping Wu

In this paper, we uncover a new side-channel vulnerability in the widely used NAT port preservation strategy and an insufficient reverse path validation strategy of Wi-Fi routers, which allows an off-path attacker to infer if there is one…

Cryptography and Security · Computer Science 2024-04-09 Yuxiang Yang , Xuewei Feng , Qi Li , Kun Sun , Ziqiang Wang , Ke Xu

After more than 40 years of development, the fundamental TCP/IP protocol suite, serving as the backbone of the Internet, is widely recognized for having achieved an elevated level of robustness and security. Distinctively, we take a new…

Cryptography and Security · Computer Science 2024-11-20 Xuewei Feng , Qi Li , Kun Sun , Ke Xu , Jianping Wu

We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack,…

Cryptography and Security · Computer Science 2012-08-14 Yossi Gilad , Amir Herzberg

Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms…

Cryptography and Security · Computer Science 2013-05-07 Yossi Gilad , Amir Herzberg , Haya Shulman

Contemporary computing employs cache hierarchy to fill the speed gap between processors and main memories. In order to optimise system performance, Last Level Caches(LLC) are shared among all the cores. Cache sharing has made them an…

Hardware Architecture · Computer Science 2022-03-24 Jaspinder Kaur , Shirshendu Das

We describe a tracking technique for Linux devices, exploiting a new TCP source port generation mechanism recently introduced to the Linux kernel. This mechanism is based on an algorithm, standardized in RFC 6056, for boosting security by…

Cryptography and Security · Computer Science 2022-12-23 Moshe Kol , Amit Klein , Yossi Gilad

We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and…

Cryptography and Security · Computer Science 2012-05-01 Yossi Gilad , Amir Herzberg

This paper presents new attacks against TKIP within IEEE 802.11 based networks. Using the known Beck-Tews attack, we define schemas to con- tinuously generate new keystreams, which allow more and longer arbitrary packets to be injected into…

Cryptography and Security · Computer Science 2014-10-24 Martin Beck

Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and…

Cryptography and Security · Computer Science 2023-02-28 Guodong Huang , Chuan Ma , Ming Ding , Yuwen Qian , Chunpeng Ge , Liming Fang , Zhe Liu

We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS…

Cryptography and Security · Computer Science 2022-05-13 Tianxiang Dai , Philipp Jeitner , Haya Shulman , Michael Waidner

The transient execution attack is a type of attack leveraging the vulnerability of modern CPU optimization technologies. New attacks surface rapidly. The side-channel is a key part of transient execution attacks to leak data. In this work,…

Cryptography and Security · Computer Science 2023-04-24 Yu Jin , Pengfei Qiu , Chunlu Wang , Yihao Yang , Dongsheng Wang , Gang Qu

IPv4, IPv6, and TCP have a common mechanism allowing one to split an original data packet into several chunks. Such chunked packets may have overlapping data portions and, OS network stack implementations may reassemble these overlaps…

Cryptography and Security · Computer Science 2025-05-01 Lucas Aubard , Johan Mazel , Gilles Guette , Pierre Chifflier

Exploitation techniques targeting intermediate (transit) network nodes in public and private networks have been theoretically known and empirically proven to work for quite some time. However, very little effort has been made to look into…

Networking and Internet Architecture · Computer Science 2013-09-25 Daniel Kharitonov , Oscar Ibatullin

The transient-execution attack Meltdown leaks sensitive information by transiently accessing inaccessible data during out-of-order execution. Although Meltdown is fixed in hardware for recent CPU generations, most currently-deployed CPUs…

Cryptography and Security · Computer Science 2023-10-09 Daniel Weber , Fabian Thomas , Lukas Gerlach , Ruiyi Zhang , Michael Schwarz

The battle for a more secure Internet is waged on many fronts, including the most basic of networking protocols. Our focus is the IPv4 Identifier (IPID), an IPv4 header field as old as the Internet with an equally long history as an…

Networking and Internet Architecture · Computer Science 2025-11-10 Joshua J. Daymude , Antonio M. Espinoza , Holly Bergen , Benjamin Mixon-Baca , Jeffrey Knockel , Jedidiah R. Crandall

Since last decade, IDS/ IPS has gained popularity in protecting large networks. They can employ signature based techniques and/or flow-based techniques to prevent intrusion from outside/ inside the network they are trying to protect.…

Data Structures and Algorithms · Computer Science 2015-01-12 Sankalp Bagaria

Modern multi-core processors share cache resources for maximum cache utilization and performance gains. However, this leaves the cache vulnerable to side-channel attacks, where timing differences in shared cache behavior are exploited to…

Cryptography and Security · Computer Science 2019-09-23 Ghada Dessouky , Tommaso Frassetto , Ahmad-Reza Sadeghi
‹ Prev 1 2 3 10 Next ›