Most Internet services and systems still rely on challenge-response defences for their security against attacks by off-path adversaries. We present techniques allowing to subvert standard and widely supported defences, and show how to facilitate them for DNS cache poisoning attacks. We propose short term countermeasures, preventing our attacks, however, we argue that in the long term, cryptographic defences should be deployed, providing security even against stronger man-in-the-middle adversaries.
Haya Shulman is a postdoctoral fellow in the European Center for Security and Privacy by Design (EC-SPRIDE) headed by Prof. Dr. Michael Waidner at Technische Universitaet Darmstadt. Her research interests are in network and cyber security, focusing on attacks on performance and correctness, and on devising countermeasures. Haya conducted her Ph.D. at the Department of Computer Science, Bar Ilan University, Israel, under the supervision of Prof. Dr. Amir Herzberg. Her PhD thesis is on network security. In 2009 Haya graduated her M.Sc. studies, also in the dept. of Computer Science, with thesis on Secure Execution of Software in Remote, Hostile Environment. In 2011 and 2013 she received the ‘Checkpoint Institute for Information Security (CPIIS)’ awards, in 2013 she received the Feder prize for her research in communication technologies and an ICANN research fellowship.