Samuel Jero scite author profile

QUIC is a secure transport protocol developed by Google and implemented in Chrome in 2013, currently representing one of the most promising solutions to decreasing latency while intending to provide security properties similar with TLS. In this work we shed some light on QUIC's strengths and weaknesses in terms of its provable security and performance guarantees in the presence of attackers. We first introduce a security model for analyzing performance-driven protocols like QUIC and prove that QUIC satisfies our definition under reasonable assumptions on the protocol's building blocks. However, we find that QUIC does not satisfy the traditional notion of forward secrecy that is provided by some modes of TLS, e.g., TLS-DHE. Our analyses also reveal that with simple bit-flipping and replay attacks on some public parameters exchanged during the handshake, an adversary could easily prevent QUIC from achieving minimal latency advantages either by having it fall back to TCP or by causing the client and server to have an inconsistent view of their handshake leading to a failure to complete the connection. We have implemented these attacks and demonstrated that they are practical. Our results suggest that QUIC's security weaknesses are introduced by the very mechanisms used to reduce latency, which highlights the seemingly inherent trade off between minimizing latency and providing 'good' security guarantees.

show abstract

Cross-App Poisoning in Software-Defined Networking

Ujcich

Jero

Edmundson

et al. 2018

View full text Add to dashboard Cite

Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically disrupt network operations, since apps must access or modify data in a shared control plane state. If our understanding of how such data propagate within the control plane is inadequate, apps can co-opt other apps, causing them to poison the control plane's integrity. We present a class of SDN control plane integrity attacks that we call cross-app poisoning (CAP), in which an unprivileged app manipulates the shared control plane state to trick a privileged app into taking actions on its behalf. We demonstrate how role-based access control (RBAC) schemes are insufficient for preventing such attacks because they neither track information flow nor enforce information flow control (IFC). We also present a defense, ProvSDN, that uses data provenance to track information flow and serves as an online reference monitor to prevent CAP attacks. We implement ProvSDN on the ONOS SDN controller and demonstrate that information flow can be tracked with low-latency overheads. CCS CONCEPTS • Security and privacy → Access control; Information flow control; Information accountability and usage control; • Networks → Programmable networks; KEYWORDS software-defined networking; data provenance; information flow control; network operating system * DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited.

show abstract

BEADS: Automated Attack Discovery in OpenFlow-Based SDN Systems

Jero

Nita-Rotaru

et al. 2017

View full text Add to dashboard Cite

Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols

Jero¹,

Pacheco²,

Goldwasser³

et al. 2019

AAAI

View full text Add to dashboard Cite

Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts to manually specify these rules. In this work we study automated learning of protocol rules from textual specifications (i.e. RFCs). We evaluate the automatically extracted protocol rules by applying them to a state-of-the-art fuzzer for transport protocols and show that it leads to a smaller number of test cases while finding the same attacks as the system that uses manually specified rules.

show abstract

Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations

Jero

Lee

Nita-Rotaru

2015

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Samuel Jero

How Secure and Quick is QUIC? Provable Security and Performance Analyses

Cross-App Poisoning in Software-Defined Networking

BEADS: Automated Attack Discovery in OpenFlow-Based SDN Systems

Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols

Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations

Contact Info

Product

Resources

About