Novel Side Channels: Discovery, Analysis, Detection, and Prevention

     We propose to investigate novel classes of side channel attacks against mobile and networked systems such as Android system and network stacks that can lead to significant damage to user privacy, network security, and application integrity. 
     We build upon our past work of finding examples of novel side channel based attack to generalize defense solutions systematically.  In particular, we have demonstrated that an off-path attacker can hijack both short-lived and long-lived TCP connections as well as create TCP connections using spoofed IP addresses. This enables us to achieve many attacks, including replacing the Facebook login page, launch massive denial of service against popular Android system services, and sending spam emails with spoofed IP addresses. Interestingly, the attacks are inherent byproducts of network and operating system design and implementation, which are fundamentally hard to eliminate.  We propose methods to systematically detect and eliminate such side channels by leveraging both program analysis and network measurement
science.

We are researchers at the University of Michigan, in the RobustNet research group. We are interested in security, performance and network characterization in mobile devices. Our other apps include MobiPerf, a tool to characterize your network, and PowerTutor, a tool to characterize the power consumption of system components and different applications.
Contact
Please feel free to contact us for more information:
Qi Alfred Chen (alfchen at umich.edu)
Z. Morley Mao (zmao at umich.edu).