This project will uncover network protocol implementations that are common on the Internet and are susceptible to side channel attacks. This can have serious security implications for applications such as Virtual Private Networks (VPNs) and Domain Validation ((DV), that proves an organization owns an Internet domain such as www.example.com before issuing a certificate that the organization can present to web browsers as authentication). A side channel is a mechanism where information flows where it was not intended to flow according to the design of a system. An analogy might be a foreign government counting the number of pizza deliveries to the Pentagon and inferring last-minute planning for a big event when the number of pizzas increases sharply. In other contexts, side channels have led to fundamental breakdowns in the basic security mechanisms that separate processes in an operating system (see Meltdown and Spectre, which are vulnerabilities in the way computers enforce the most basic separation of security contexts), and have been used to crack even then strongest cryptography. The TCP and IP protocols lay the foundation for the Internet, but are known to be susceptible to side channels if certain requirements are not met. Requests for Comments (RFCs), (the documents that develop and define Internet standards) describe how, for example, certain numbers must be chosen in an unpredictable manner, or limiting the rate at which packets are sent must be applied in a specific way, in order to mitigate the effects of TCP/IP side channels. Failure to follow these RFCs undermines the most basic assumption of Internet security: that in order for an attacker to infer the existence of, interfere with, or inject their own data into a communication the attacker must control a part of the network in between the two parties that are communicating.
Violating this basic assumption can be devastating for Internet users that are acting in the U.S.'s interest, such as journalists, activists, and non-governmental organizations (NGOs) overseas that use tunneling of some kind to bypass Internet controls in their own country. A major technical challenge that the project will address is to explore the astronomically large number of possibilities for how sequences of probes sent by researchers might result in predictable patterns in the responses given by different Internet hosts. Predictable patterns indicate a vulnerability because the security model assumes an attacker will not be able to guess the numbers that protocols use for sequencing and other purposes.
This project combines expertise in network security and data mining to search the Internet for patterns where there should be none. Through a combination of carefully designed experiments to measure how Internet hosts respond to different combinations of probes, temporal data mining to uncover patterns, and an infrastructure for measuring the entire Internet longitudinally, the project will reveal how custom network stacks have created a situation where a significant fraction of Internet servers do not protect against side channel attacks. These custom TCP/IP implementations are commonly developed for the cloud, "middleboxes" such as load balancers and firewalls, and the Internet of Things. The proposed work will address this situation through the ethical disclosure process, engaging Internet standards bodies, and educating researchers and users about these threats. Educational activities and outreach will leverage the unique population of the Southwestern U.S. and the expertise of the PIs to support diversification of the field and workforce development.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.