A Test To Allow TCP Senders to Identify Receiver Cheating Toby Moncaster, Bob Briscoe, Arnaud Jacquet BT PLC draft-moncaster-tcpm-rcv-cheat-00.txt Intended.

Slides:

Advertisements

Similar presentations

The Transmission Control Protocol (TCP) carries most Internet traffic, so performance of the Internet depends to a great extent on how well TCP works.

Advertisements

Re-ECN: Adding Accountability for Causing Congestion to TCP/IP draft-briscoe-tsvwg-re-ecn-tcp-03 Bob Briscoe, BT & UCL Arnaud Jacquet, Alessandro Salvatori.

TCP Vegas: New Techniques for Congestion Detection and Control.

A Test To Allow TCP Senders to Identify Receiver Non-Compliance Toby Moncaster †, Bob Briscoe*, Arnaud Jacquet* † University of Cambridge * BT draft-moncaster-tcpm-rcv-cheat-03.

CSCE 715: Network Systems Security

Transport Layer peterl. Transport level application transport network data link physical logical end-end transport application transport network data.

A study of Cross layer work of University of Trento folk A ResiliNet Group Presentation Sarvesh Kumar Varatharajan.

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.

1 Evaluating F-RTO (RFC 4138) Markku Kojo, Kazunori Yamamoto, Max Hata, Pasi Sarolahti Draft available at:

Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.

Explicit Congestion Notification (ECN) RFC 3168 Justin Yackoski DEGAS Networking Group CISC856 – TCP/IP Thanks to Namratha Hundigopal.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #11 TCP Eiffel (RFC 3522)

EEC-484/584 Computer Networks Lecture 12 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

Interactions Between Delayed Acks and Nagle’s Algorithm in HTTP and HTTPS: Problems and Solutions Arthur Goldberg Robert Buff New York University March.

1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)

Low Delay Marking for TCP in Wireless Ad Hoc Networks Choong-Soo Lee, Mingzhe Li Emmanuel Agu, Mark Claypool, Robert Kinicki Worcester Polytechnic Institute.

1 TCP Transport Control Protocol Reliable In-order delivery Flow control Responds to congestion “Nice” Protocol.

1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168)

1 Internet Networking Spring 2006 Tutorial 10 The Eifel Detection Algorithm for TCP RFC 3522.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #8 Explicit Congestion Notification (RFC 3168) Limited Transmit.

17/10/2003TCP performance over ad-hoc mobile networks. 1 LCCN – summer 2003 Uri Silbershtein Roi Dayagi Nir Hasson.

TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

CS :: Fall 2003 TCP Friendly Streaming Ketan Mayer-Patel.

EEC-484/584 Computer Networks Lecture 6 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.

Gursharan Singh Tatla Transport Layer 16-May

Transport Layer 4 2: Transport Layer 4.

A Simulation of Adaptive Packet Size in TCP Congestion Control Zohreh Jabbari.

COM594 TCP and Wireless: Unforeseen Consequences.

COMT 4291 Communications Protocols and TCP/IP COMT 429.

Quick-Start for TCP and IP A.Jain, S. Floyd, M. Allman, and P. Sarolahti ICSI, April 2006 This and earlier presentations::

26-TCP Dr. John P. Abraham Professor UTPA. TCP  Transmission control protocol, another transport layer protocol.  Reliable delivery  Tcp must compensate.

CS332, Ch. 26: TCP Victor Norman Calvin College 1.

ConEx Concepts and Abstract Mechanism draft-mathis-conex-abstract-mech-00.txt draft-mathis-conex-abstract-mech-00.txt Matt Mathis, Google Bob Briscoe,

Datagram Congestion Control Protocol

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Flow Control 0.

CSE679: Computer Network Review r Review of the uncounted quiz r Computer network review.

2000 년 11 월 20 일 전북대학교 분산처리실험실 TCP Flow Control (nagle’s algorithm) 오 남 호 분산 처리 실험실

Congestion exposure BoF candidate protocol: re-ECN Bob Briscoe Chief Researcher, BT Nov 2009 This work is partly funded by Trilogy, a research project.

Copyright © Lopamudra Roychoudhuri

Chapter 24 Transport Control Protocol (TCP) Layer 4 protocol Responsible for reliable end-to-end transmission Provides illusion of reliable network to.

Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.

1 Computer Networks Congestion Avoidance. 2 Recall TCP Sliding Window Operation.

ConEx Concepts and Abstract Mechanism draft-ietf-conex-abstract-mech-01.txt draft-ietf-conex-abstract-mech-01.txt Matt Mathis, Google Bob Briscoe, BT IETF-80.

ECE 4110 – Internetwork Programming

5. The Transport Layer 5.1 Role of Transport Layer It bridge the gab between applications and the network layer. Provides reliable cost-effective data.

Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.

2005/12/14 1 Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross-Layer Information Awareness Xin Yu Department of Computer Science.

CIS679: TCP and Multimedia r Review of last lecture r TCP and Multimedia.

1 Transmission Control Protocol (TCP) RFC: Introduction The TCP is intended to provide a reliable process-to-process communication service in a.

1 Ad-hoc Transport Layer Protocol (ATCP) EECS 4215.

Data Link Layer.

Ch23 Ameera Almasoud 1 Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.

Fast Retransmit For sliding windows flow control we waited for a timer to expire before beginning retransmission of a packet TCP uses an additional mechanism.

Adding ECN Capability to TCP’s SYN/ACK Packets

Internet Networking recitation #9

Long-haul Transport Protocols

Ad-hoc Transport Layer Protocol (ATCP)

CS 5565 Network Architecture and Protocols

CS 5565 Network Architecture and Protocols

TCP in Mobile Ad-hoc Networks

Quick-Start for TCP and IP

Dr. John P. Abraham Professor UTPA

TCP in Wireless Ad-hoc Networks

Internet Networking recitation #10

Dr. John P. Abraham Professor UTPA

Computer Networks Protocols

Error Checking continued

ECN in QUIC - Questions Surfaced

Presentation transcript:

A Test To Allow TCP Senders to Identify Receiver Cheating Toby Moncaster, Bob Briscoe, Arnaud Jacquet BT PLC draft-moncaster-tcpm-rcv-cheat-00.txt Intended for Standards Track

Background ●TCP senders rely on accurate feedback from their receivers about congestion ●A dishonest receiver can: ♦optimistic acks: fool a sender into increasing its rate ♦conceal lost data segments: to avoid a congestion response ●These attacks disrupt sharing of sender’s own resource ●Both these attacks can fool sender into using excess network resources by concealing the presence of congestion ●There are some existing proposed solutions: ♦Randomly skipped segments – hold back a segment and transmit it once a duplicate acknowledgement is received ♦The ECN nonce – the receiver has to guess the correct nonce sum (NS) [RFC3540] for any lost segment or optimistic ack ♦A transport layer nonce – add a specific nonce to the transport layer which has to be echoed back to the sender

Requirements for a Robust Solution 1.Any test mustn’t adversely affect existing congestion control and avoidance algorithms 2.Any test should utilise existing features of the TCP protocol 3.It shouldn’t require the use of any negotiable TCP options 4.The receiver shouldn’t play an active role in the process 5.If this is a periodic test, the receiver mustn’t be aware that it is being tested for honesty 6.If the sender actively sanctions any dishonesty it identifies, it should be certain of the receiver's dishonesty before taking action against it 7.The test shouldn’t harm an innocent receiver In order to deal with such dishonesty, the sender has to identify that it is occurring. This can be done using some form of testing of the receiver. Any such test should meet certain requirements:

Assessing proposed solutions Skipped Segments ECN nonce TCP nonce Doesn’t interfere with congestion control Utilise existing features xx Receiver plays passive role xx No negotiable TCP options xxx Receiver unaware of testing n/a Able to prove dishonesty? Doesn’t harm innocent receiver x

Our proposed Solution 1.Delay a segment by a small amount to trigger duplicate acks. If a receiver doesn’t send these correctly then move to stage 2. 2.Delay a segment until a duplicate ack is received showing the receiver is aware of the gap. Our proposed solution is based on Rob Sherwood’s Randomly Skipped Segments solution. But we avoid harming innocent receivers by adding an initial stage Key goal was to design system using basic TCP behaviour of receivers. Approach allows honest senders to identify dishonest receivers but not harm innocent receivers…

Stage 1 Test ●To test a receiver, select segment S and displacement D where 2 < D < K-2, K = current window size. Segment S is transmitted after segment S+D ●Receiver should generate D duplicate acks SEQ S-1 S+1 S+2 S+3 S S+4 S+5 ACK S-1 (-) S-1 (S) S+3 (-) S+4 (-) S+5 (-)

Assessing Stage 1 of the New Test Comparing the stage 1 test against the list of requirements: Doesn’t interfere in congestion control Utilise existing features Receiver plays passive role No negotiable TCP options Receiver unaware of testing Able to prove dishonesty? * Doesn’t harm innocent receiver * The test doesn’t prove dishonesty but failing it strongly suggests dishonesty

Stage 2 Test If a receiver fails the first test we can perform a tougher test similar to Sherwood’s skipped segment test ●Select a segment, S. Start a congestion response. Don’t transmit S until you receive a dup. ACK for segment S-1 ●If you receive an ACK for a segment between S-1 and R, then the receiver fails the test SEQ S-1 S+1 S+2 S+3. R S ACK S-1. R SEQ S-1 S+1 S+2 S+3. FAIL ACK S-1 S+1 S+2.

Assessing Stage 2 of the New Test Comparing the stage 2 test against the list of requirements: Doesn’t interfere in congestion control Utilise existing features Receiver plays passive role No negotiable TCP options Receiver unaware of testing Able to prove dishonesty? Doesn’t harm innocent receiver * * By this stage we are already suspicious of the receiver

Conclusions ●Receiver cheating can skew a sender’s allocation of its own resources (getting the cheating receiver more resources) ●Receiver cheating can fool the sender into giving excess network resources to the receiver, possibly causing collapse ●This 2-stage test allows senders to easily identify cheating receivers ●It causes minimal problems for honest receivers ●It encourages honest behaviour because cheating carries delay penalty ●Only requires modification of sender behaviour so easy to implement ●If enough senders implement this it provides protection to network

draft-moncaster-tcpm-rcv-cheat-00.txt Questions?