Fairness Attacks in the eXplicit Control Protocol Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara.

Slides:



Advertisements
Similar presentations
Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.
Advertisements

Packet Video TCP Video Streaming to Bandwidth-Limited Access Links Puneet Mehra and Avideh Zakhor Video and Image Processing Lab University of California,
PCP a Savior or a Saboteur? Presented by: Ao-Jan Su.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.
Restricted Slow-Start for TCP William Allcock 1,2, Sanjay Hegde 3 and Rajkumar Kettimuthu 1,2 1 Argonne National Laboratory 2 The University of Chicago.
Router-assisted congestion control Lecture 8 CS 653, Fall 2010.
1 Service Differentiation at Transport Layer via TCP Westwood Low- Priority (TCPW-LP) H. Shimonishi, M.Y. Sanadidi and M. Geria System Platforms Research.
Presentation by Joe Szymanski For Upper Layer Protocols May 18, 2015.
Approximate Fair Control-delay (AF-CODEL) Queue over High-speed Networks Lin Xue Nov
Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.
Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.
XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.
The War Between Mice and Elephants Liang Guo and Ibrahim Matta Boston University ICNP 2001 Presented by Thangam Seenivasan 1.
An Implementation and Experimental Study of the eXplicit Control Protocol (XCP) Yongguang Zhang and Tom Henderson INFOCOMM 2005 Presenter - Bob Kinicki.
Congestion control in data centers
Adaptive Packet Marking for Maintaining End-to-End Throughput in a Differentiated-Services Internet Wu-Chang Feng, Dilip D.Kandlur, Member, IEEE, Debanjan.
Explicit Congestion Notification ECN Tilo Hamann Technical University Hamburg-Harburg, Germany.
Networks: Congestion Control1 Congestion Control.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)
A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University
High speed TCP’s. Why high-speed TCP? Suppose that the bottleneck bandwidth is 10Gbps and RTT = 200ms. Bandwidth delay product is packets (1500.
TCP on High-Speed Networks Sangtae Ha and Injong Rhee North Carolina State University.
1 Minseok Kwon and Sonia Fahmy Department of Computer Sciences Purdue University {kwonm, TCP Increase/Decrease.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168)
1 Chapter 3 Transport Layer. 2 Chapter 3 outline 3.1 Transport-layer services 3.2 Multiplexing and demultiplexing 3.3 Connectionless transport: UDP 3.4.
1 Emulating AQM from End Hosts Presenters: Syed Zaidi Ivor Rodrigues.
Efficient Internet Traffic Delivery over Wireless Networks Sandhya Sumathy.
FTDCS 2003 Network Tomography based Unresponsive Flow Detection and Control Authors Ahsan Habib, Bharat Bhragava Presenter Mohamed.
Reliable Transport Layers in Wireless Networks Mark Perillo Electrical and Computer Engineering.
L13: Sharing in network systems Dina Katabi Spring Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans.
TCP Congestion Control
Congestion Control for High Bandwidth-delay Product Networks Dina Katabi, Mark Handley, Charlie Rohrs.
Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly.
Low-Rate TCP Denial of Service Defense Johnny Tsao Petros Efstathopoulos Tutor: Guang Yang UCLA 2003.
Congestion Control for High Bandwidth-Delay Product Environments Dina Katabi Mark Handley Charlie Rohrs.
Introduction 1 Lecture 14 Transport Layer (Congestion Control) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science.
Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.
Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.
Adaptive Packet Marking for Providing Differentiated Services in the Internet Wu-chang Feng, Debanjan Saha, Dilip Kandlur, Kang Shin October 13, 1998.
Implementing High Speed TCP (aka Sally Floyd’s) Yee-Ting Li & Gareth Fairey 1 st October 2002 DataTAG CERN (Kinda!)
Sharing Information across Congestion Windows CSE222A Project Presentation March 15, 2005 Apurva Sharma.
I-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai Mochinaga**, and Katsushi Kobayashi*** 1 * Waseda University **
Congestion Control for High Bandwidth-Delay Product Networks D. Katabi (MIT), M. Handley (UCL), C. Rohrs (MIT) – SIGCOMM’02 Presented by Cheng.
Hybrid Modeling of TCP Congestion Control João P. Hespanha, Stephan Bohacek, Katia Obraczka, Junsoo Lee University of Southern California.
Transport Layer 3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March
1 Analysis of a window-based flow control mechanism based on TCP Vegas in heterogeneous network environment Hiroyuki Ohsaki Cybermedia Center, Osaka University,
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.
XCP: eXplicit Control Protocol Dina Katabi MIT Lab for Computer Science
@Yuan Xue A special acknowledge goes to J.F Kurose and K.W. Ross Some of the slides used in this lecture are adapted from their.
@Yuan Xue A special acknowledge goes to J.F Kurose and K.W. Ross Some of the slides used in this lecture are adapted from their.
Congestion Control for High Bandwidth-Delay Product Networks Dina Katabi, Mark Handley, Charlie Rohrs Presented by Yufei Chen.
Low-Latency Software Rate Limiters for Cloud Networks
Corelite Architecture: Achieving Rated Weight Fairness
Internet Networking recitation #9
TCP Vegas Congestion Control Algorithm
Chapter 3 outline 3.1 transport-layer services
CUBIC Marcos Vieira.
Chapter 6 Congestion Avoidance
i-Path : Network Transparency Project
So far, On the networking side, we looked at mechanisms to links hosts using direct linked networks and then forming a network of these networks. We introduced.
FAST TCP : From Theory to Experiments
AMP: A Better Multipath TCP for Data Center Networks
Congestion Control in SDN-Enabled Networks
Internet Networking recitation #10
Stability of Congestion Control Algorithms Using Control Theory with an application to XCP Ioannis Papadimitriou George Mavromatis.
TCP Congestion Control
Congestion Control in SDN-Enabled Networks
Review of Internet Protocols Transport Layer
Presentation transcript:

Fairness Attacks in the eXplicit Control Protocol Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara

Motivation Heavy research in recent years into explicit feedback protocols Demonstrate desirable qualities ◦Fairness between flows ◦High utilization ◦Few drops ◦No slow start Not security aware “Honesty is for the most part less profitable than dishonesty” -- Plato, The Republic Our work: quantifying the impact of attackers through detailed experiments

Table of Contents Background and Attack Model Experimental Setup Sender-side Attacker ◦Congestion controlled ◦Fully Unresponsive Receiver-side Attacker Proposed Defenses Conclusion

Background – Explicit Feedback Bottleneck Explicit Feedback Enabled Internet Feedback = -42 Throughput = -42 Throughput = 1000

Attack Model Feedback mechanism abuse enables attacks: ◦Selective compliance with feedback ◦Falsified feedback Two attack types: ◦Sender-side ignores feedback ◦Receiver-side falsifies header information Attacker goals: ◦Control as much bandwidth as possible ◦Denial of Service (DoS) remote hosts

Experimental Setup Attacker models implemented using XCP Tests performed in ns2 ◦10ms latency ◦1KB packets ◦Drop-tail queues ◦20 Mbit bottleneck link ◦

Sender-side Attacker Explicit Feedback Enabled Internet Feedback = -42 Throughput = 1000 Throughput = -42

Sender-side Attacker Two types of attackers implemented: ◦Congestion controlled  TCP like behavior  Continuous additive c_wnd growth  Multiplicative c_wnd back off after packet drop ◦Fully unresponsive  Only probes for bandwidth once (1 packet drop)  Locks c_wnd at 50% of current size  Trumps congestion controlled attackers  Resumes probing in response to: ◦ positive feedback ◦ 25% reduction in RTT

Sender-side Attacker (Congestion Controlled) 9 Sender-Side Attackers w/ 1 Normal Flow Normal FlowUtilization

Sender-side Attacker Two types of attackers implemented: ◦Congestion controlled  TCP like behavior  Continuous additive c_wnd growth  Multiplicative c_wnd back off after packet drop ◦Fully unresponsive  Only probes for bandwidth once (1 packet drop)  Locks c_wnd at 50% of current size  Trumps congestion controlled attackers  Resumes probing in response to: ◦ positive feedback ◦ 25% reduction in RTT

Sender-side Attacker (Fully Unresponsive) 1 Sender-Side Attacker w/ 49 Normal Flows A +10 B +35 Total Flows = 5Total Flows = 15Total Flows = 50

Sender-side Attacker (Fully Unresponsive) 4 Sender-Side Attackers w/ 1 Normal Flow A +1 B +1 C +1 D Normal Flow

Receiver-side Attacker Explicit Feedback Enabled Internet Feedback = 9999 Throughput = 1000 Throughput = -42

Receiver-side Attacker 1 Receiver-Side Attacker w/ 49 Normal Flows

Proposed Defenses: Edge Monitors Edge monitors ◦Must be ubiquitous ◦Requires per flow monitoring/state Sender-side attacks detected by monitoring actual versus expected throughput Receiver-side attacks are trivially detected Issues: ◦Ubiquity of monitors can not be guaranteed ◦Unfeasible router overhead ◦Network edge does not exist

Proposed Defenses: Attack Severity Sender-side attacks are tractable problem ◦Elephant flow monitors exist ◦Detectable anywhere in network path ◦Motivation for attack is lacking ◦Can not be used to DoS Receiver-side attacks represent difficult challenge ◦Can target/break well behaved hosts ◦DoS potential ◦Motivation for attack is much stronger

Proposed Defenses: Nonce Feedback Injection Explicit Feedback Enabled Internet Feedback = -H4X0R3D Throughput = -H4X0R3D

Proposed Defenses: Nonce Feedback Injection Explicit Feedback Enabled Internet Feedback = 9999 Throughput = -H4X0R3D

Conclusion Existing explicit feedback protocols are vulnerable to exploitation ◦Sender-side attacks ◦Receiver-side attacks Attacks are highly effective Applies to existing explicit feedback protocols ◦XCP, RCP, MaxNet, JetMax, etc Proposed solutions are inadequate ◦Potential solution: nonce feedback injection

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.