[Busec] [busec] Aanchal Malhotra (Wed 9.45am)

Sharon Goldberg goldbe at cs.bu.edu
Mon Feb 15 12:23:35 EST 2016


Hi everyone,

Join us for the BUsec seminar Wednesday at 9:45am. Our own Aanchal Malhotra
will talk about the security of the Network Time Protocol (NTP), followed
by lunch in the lab.  The following week, we won't have seminar, but the
week after that we have a talk by our Omer Paneth.

- Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/

BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

******
Title: Attacking the Network Time Protocol. (Practice Talk)
Speaker: Aanchal Malhotra (BU)
Room: MCS180 (Hariri) at 111 Cummington St, Boston MA 02215
Time: Wednesday Feb 15, 2015, 9:45AM

Abstract: We explore the risk that network attackers can exploit
unauthenticated Network Time Protocol (NTP) traffic to alter the time on
client systems. We first discuss how an on- path attacker, that hijacks
traffic to an NTP server, can quickly shift time on the server’s clients.
Then, we present a extremely low-rate (single packet) denial-of-service
attack that an off-path attacker, located anywhere on the network, can use
to disable NTP clock synchronization on a client. Next, we show how an
off-path attacker can exploit IPv4 packet fragmentation to shift time on a
client. We discuss the implications on these attacks on other core Internet
protocols, quantify their attack surface using Internet measurements, and
suggest a few simple countermeasures that can improve the security of NTP.

Joint work with Isaac Cohen, Erik Brakke, Sharon Goldberg to appear at
NDSS'16.

******
Title: TBA
Speaker: Omer Paneth (BU)
Room: MCS148 at 111 Cummington St, Boston MA 02215
Time: Wednesday March 2, 2015, 9:45AM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20160215/80b23614/attachment.html>


More information about the Busec mailing list