44 research outputs found
Off-Path TCP Exploits of the Mixed IPID Assignment
In this paper, we uncover a new off-path TCP hijacking attack that can be
used to terminate victim TCP connections or inject forged data into victim TCP
connections by manipulating the new mixed IPID assignment method, which is
widely used in Linux kernel version 4.18 and beyond to help defend against TCP
hijacking attacks. The attack has three steps. First, an off-path attacker can
downgrade the IPID assignment for TCP packets from the more secure
per-socket-based policy to the less secure hash-based policy, building a shared
IPID counter that forms a side channel on the victim. Second, the attacker
detects the presence of TCP connections by observing the shared IPID counter on
the victim. Third, the attacker infers the sequence number and the
acknowledgment number of the detected connection by observing the side channel
of the shared IPID counter. Consequently, the attacker can completely hijack
the connection, i.e., resetting the connection or poisoning the data stream.
We evaluate the impacts of this off-path TCP attack in the real world. Our
case studies of SSH DoS, manipulating web traffic, and poisoning BGP routing
tables show its threat on a wide range of applications. Our experimental
results show that our off-path TCP attack can be constructed within 215 seconds
and the success rate is over 88%. Finally, we analyze the root cause of the
exploit and develop a new IPID assignment method to defeat this attack. We
prototype our defense in Linux 4.18 and confirm its effectiveness through
extensive evaluation over real applications on the Internet
SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain
The proof-of-work consensus protocol suffers from two main limitations: waste
of energy and offering only probabilistic guarantees about the status of the
blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol
and its corresponding software architecture. This protocol leverages two ideas:
1) the proof-of-stake concept to dynamically form stake proportionate consensus
groups that represent block miners (stakeholders), and 2) scalable collective
signing to efficiently commit transactions irreversibly. SklCoin has immediate
finality characteristic where all miners instantly agree on the validity of
blocks. In addition, SklCoin supports high transaction rate because of its fast
miner election mechanis