[NDSS'18] Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control
Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao, and Henry X. Liu
Proceedings of the 25th Network and Distributed System Security Symposium (NDSS'18), San Diego, Feb. 2018. (acceptance rate 21.5% = 71/331)
[PDF] [BIB] [Slides] [Website] [Attack demo]
Media coverage: The Register, Trend Micro, Naked Security, Slashdot, Bleeping Computer, Smart Cities Dive, Boing Boing, PriusChat ...
[CCS'17] Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao
Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS'17), Dallas, Oct. 2017. (acceptance rate 18.1% = 151/836)
[PDF] [BIB] [Slides] [Vulnerability responses (coming soon)]
[S&P'16] MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era
Qi Alfred Chen, Eric Osterweil, Matthew Thomas, and Z. Morley Mao
Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P'16), San Jose, May 2016. (acceptance rate 13.3% = 55/413)
[PDF] [BIB] [Slides]
[US-CERT Alert (TA16-144A)] [RIPE 72 Discussion] [Verisign Enterprise Remediation Suggestions] [Snort signature]
Media coverage: SecurityAffairs NakedSecurity SecurityWeek Reddit SCMagazine HelpNetSecurity SecurityIntelligence...
[CCS'15] Static Detection of Packet Injection Vulnerabilities -- A Case for Identifying Attacker-controlled Implicit Information Leaks
Qi Alfred Chen, Zhiyun Qian, Yunhan Jia, Yuru Shao, and Z. Morley Mao
Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15), Denver, Oct. 2015. (acceptance rate 19.8% = 128/646)
[PDF] [BIB] [Slides] [Vulnerability result website]
[Usenix Security'14] Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks
Qi Alfred Chen, Zhiyun Qian, and Z. Morley Mao
Proceedings of the 23rd USENIX Security Symposium (USENIX Security'14), San Diego, Aug. 2014. (acceptance rate 19.0% = 67/352)
[PDF] [BIB] [Slides] [Website] [Attack demos] [Lightning videos: 60 sec 90 sec]
Media coverage: Ars Technica CNET News Slashdot CBS News BBC News NBC News Android Headlines Tom's Guide PC Magazine HotHardware ...