2017 Symposium Posters

Posters > 2017

Information Leakage in a Cisco VPN Stream


PDF

Primary Investigator:
Melissa Dark

Project Members
Austin Klasa and Daniel Sokoler
Abstract
Making the Internet Fast Again…At The Cost of Security There is a relatively new suite of performance improving communication protocols being broadly adopted on the Internet such as SPDY, HTTP/2 and QUIC. These protocols are being rapidly implemented to improve the performance of the Internet. More than 10% of the top 1 Million websites are already using some of these technologies, including much of the 10 highest traffic sites. In this talk, we will look specifically at a vulnerability in Google’s QUIC (Quick UDP Internet Connections, pronounced quick) protocol. QUIC is used in all Google services and exclusively in Chrome with over 1 billion monthly users using QUIC worldwide. Specifically, we will highlight over optimization in QUIC’s implementation of AES-GCM exposing the length for messages under 300 bytes. We take this vulnerability in QUIC and apply it to build a plausible online attack against the largest free, e-mail provider.

Our annual information security symposium will take place on April 3rd and 4th, 2018.
Purdue University, West Lafayette, IN