Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Robust Protocol Design: 4 Ways to Kill TCP without Much Trouble Aleksandar Kuzmanovic Northwestern University

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards Robust Protocol Design: 4 Ways to Kill TCP without Much Trouble Aleksandar Kuzmanovic Northwestern University"— Presentation transcript:

1 Towards Robust Protocol Design: 4 Ways to Kill TCP without Much Trouble Aleksandar Kuzmanovic Northwestern University http://networks.cs.northwestern.edu

2 A. Kuzmanovic Towards Robust Protocol Design 2 The Internet 1969 The system of astonishing scale and complexity 2007

3 A. Kuzmanovic Towards Robust Protocol Design 3 Denial of Service Problem Assumption –Trust and cooperation among endpoints Denial of Service Attacks –A malicious way to consume resources in a network, a server cluster or in an end host, thereby denying service to other legitimate users FBI Computer Crime & Security Survey: –Overall financial losses: $201,000,000 –Denial of Service: $65,000,000

4 A. Kuzmanovic Towards Robust Protocol Design 4 Approach Should we find ways to defend the Internet from DoS attacks? –Of course! Anticipating novel types of DoS attacks is essential –More relevant and more challenging My focus: TCP –More than 90% of traffic today is TCP

5 A. Kuzmanovic Towards Robust Protocol Design 5 Outline Brief background on TCP Four ways to kill TCP –Shrew attacks –Padding misbehavior –TCP poisoning attacks –Receiver-driven TCP stacks

6 A. Kuzmanovic Towards Robust Protocol Design 6 Slow-start phase Double the sending...... rate each round-trip... time Reach high throughput...quickly TCP Congestion Control

7 A. Kuzmanovic Towards Robust Protocol Design 7 TCP Congestion Control Additive Increase –...Multiplicative Decrease Fairness among flows

8 A. Kuzmanovic Towards Robust Protocol Design 8 TCP Congestion Control Exponential.backoff System stability Vulnerability to.....high-rate attacks

9 A. Kuzmanovic Towards Robust Protocol Design 9 TCP is vulnerable to low-rate DoS attacks Shrew Attacks

10 A. Kuzmanovic Towards Robust Protocol Design 10 Shrew Very small but aggressive mammal that ferociously attacks and kills much larger animals with a venomous bite Reviewer 3: “only some shrews are venomous and the amount of venom in even the venomous species is very mild.”

11 A. Kuzmanovic Towards Robust Protocol Design 11 TCP: a Dual Time-Scale Perspective Two time-scales fundamentally required –RTT time-scales (~10-100 ms) AIMD control –RTO time-scales (RTO=SRTT+4*RTTVAR) Avoid congestion collapse Lower-bounding the RTO parameter: –[AllPax99]: minRTO = 1 sec to avoid spurious retransmissions –RFC2988 recommends minRTO = 1 secRFC2988

12 A. Kuzmanovic Towards Robust Protocol Design 12 The Shrew Attack

13 A. Kuzmanovic Towards Robust Protocol Design 13 A short burst (~RTT) sufficient to create outage Outage – event of correlated packet losses that forces TCP to enter RTO mechanism The Shrew Attack

14 A. Kuzmanovic Towards Robust Protocol Design 14 The outage synchronizes all TCP flows –All flows react simultaneously and identically backoff for minRTO The Shrew Attack

15 A. Kuzmanovic Towards Robust Protocol Design 15 Once the TCP flows try to recover – hit them again Exploit protocol determinism The Shrew Attack

16 A. Kuzmanovic Towards Robust Protocol Design 16 And keep repeating… RTT-time-scale outages inter-spaced on minRTO periods can deny service to TCP traffic The Shrew Attack

17 A. Kuzmanovic Towards Robust Protocol Design 17 l/T << 1 Low-rate flow is hard to detect –Most counter-DOS mechanisms tuned for high-rate attacks –Detecting Shrews may have unacceptably many false alarms (due to legitimate bursty flows) Shrews are Hard to Detect

18 A. Kuzmanovic Towards Robust Protocol Design 18 Outline Brief background on TCP Four ways to kill TCP –Shrew attacks –Padding misbehavior –TCP poisoning attacks –Receiver-driven TCP stacks

19 A. Kuzmanovic Towards Robust Protocol Design 19 The Source of the Problem TCP optimized for throughput –Interactive applications may suffer telnet, ssh, games, chat… RTO improvement A B CD Incentive for misbehavior!

20 A. Kuzmanovic Towards Robust Protocol Design 20 data packets “dummy” packets strict priority TCP-fair rate Padding misbehavior Upgrading Mice to Elephants

21 A. Kuzmanovic Towards Robust Protocol Design 21 Implication Packet switched => Circuit switched

22 A. Kuzmanovic Towards Robust Protocol Design 22 REDFIFO Fully-backlogged flows always achieve gain relative to interactive flows Gain

23 A. Kuzmanovic Towards Robust Protocol Design 23 Short-term padding with dummy packets –Enable that a packet loss is detected via fast retransmit mechanism – Actual packet followed by three tiny dummy packets. A diversity approach – TCP sends k (k>1, k is a small integer) copies of the packet without violating congestion control mechanism – In reality k=2 is sufficient Sustainable Countermeasures Both approaches de-motivate greedy users from using the fully-backlogged approach

24 A. Kuzmanovic Towards Robust Protocol Design 24 Outline Brief background on TCP Four ways to kill TCP –Shrew attacks –Padding misbehavior –TCP poisoning attacks –Receiver-driven TCP stacks

25 A. Kuzmanovic Towards Robust Protocol Design 25 A TCP Poisoning Attack Background –Mis-configured load balancers can reset TCP connections –Simply send a RST packet to an endpoint Implication –Monitoring -> DoS attacks Just send a bogus packet and poison an endpoint –TCP behaves as a dummy state machine Both control and data planes are vulnerable

26 A. Kuzmanovic Towards Robust Protocol Design 26 Large-Scale TCP Poisoning Attacks C1 C2 Cn A1 A2 Server Example –Poison clients instead of a server

27 A. Kuzmanovic Towards Robust Protocol Design 27 Why Not Cryptography? Explicit monitoring required in networks –Advanced congestion control protocols (e.g., XCP) –Intrusion-detection mechanisms Not implemented widely –E.g., IPSec Even cryptography won’t help –Key exchange vulnerable to poisoning

28 A. Kuzmanovic Towards Robust Protocol Design 28 Our Approach Deferred protocol reaction –Attack detection Forward nonces –Distinguish packet streams from different hosts Self-clocking based correlation –Identify the valid packet stream

29 A. Kuzmanovic Towards Robust Protocol Design 29 How long to defer?

30 A. Kuzmanovic Towards Robust Protocol Design 30 Forward Nonces FNPNFNPNFNPNFNPN … FNPNFN … Chaining mechanism to distinguish among different packet sources Past and future nonce 8-bit random numbers Overhead: 2 bytes/packet

31 A. Kuzmanovic Towards Robust Protocol Design 31 Server Client IATi IDTi+1 IDTi+2 IDTi IATi+1 IATi+2 ACKi ACKi+1 ACKi+2 ACKi+3 DATAi DATAi+1 DATAi+2 DATAi+3 Self Clocking Based Correlation Idea: Exploit strong correlation among inter- departure and inter-arrival times at an endpoint

32 A. Kuzmanovic Towards Robust Protocol Design 32 Evaluation Our approach dramatically improves performance over standard TCP

33 A. Kuzmanovic Towards Robust Protocol Design 33 Outline Brief background on TCP Four ways to kill TCP –Shrew attacks –Padding misbehavior –TCP poisoning attacks –Receiver-driven TCP stacks

34 A. Kuzmanovic Towards Robust Protocol Design 34 Why Receiver-Based TCP? Example: Busy web server –Receiver-based TCP distributes the state management across a large number of clients Generally –Whenever a feedback is needed from the receiver, receiver- based TCP has advantage over sender-based schemes due to the locality of information Benefits [RCP03] Performance Functionality - Loss recovery- Seamless handoffs - Congestion control- Server migration - Power management for - Bandwidth aggregation mobile devices - Web response times - Network-specific congestion control

35 A. Kuzmanovic Towards Robust Protocol Design 35 Vulnerability Receivers remotely control servers by deciding which packets and when to be sent Receivers have both means and incentive to manipulate the congestion control algorithm –Means: open source OS –Incentive: faster web browsing & file download

36 A. Kuzmanovic Towards Robust Protocol Design 36 An Example: Request-Flood Attack Request flood attack –A misbehaving receiver floods the server with requests, which replies and congests the network

37 A. Kuzmanovic Towards Robust Protocol Design 37 Conclusions Think of attacks, not just defenses –More challenging and more relevant Robust protocol design –Avoid determinism whenever you can –Understand extreme scenarios –Explore novel defense mechanisms E.g., use measurements to achieve DoS resilience –Anticipate effects before applying a change

38 A. Kuzmanovic Towards Robust Protocol Design 38 Thank You! More information available at –http://networks.cs.northwestern.edu Questions?

Download ppt "Towards Robust Protocol Design: 4 Ways to Kill TCP without Much Trouble Aleksandar Kuzmanovic Northwestern University"

Similar presentations

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.

Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.
When TCP Friendliness Becomes Harmful Amit Mondal Aleksandar Kuzmanovic Northwestern University

When TCP Friendliness Becomes Harmful Amit Mondal Aleksandar Kuzmanovic Northwestern University
TCP Vegas: New Techniques for Congestion Detection and Control.

TCP Vegas: New Techniques for Congestion Detection and Control.
Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.
Camarillo / Schulzrinne / Kantola November 26th, 2001 SIP over SCTP performance analysis

Camarillo / Schulzrinne / Kantola November 26th, 2001 SIP over SCTP performance analysis
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.

Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.
School of Information Technologies TCP Congestion Control NETS3303/3603 Week 9.

School of Information Technologies TCP Congestion Control NETS3303/3603 Week 9.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6600: Internet Protocols Informal Quiz #05: SOLUTIONS Shivkumar Kalyanaraman: GOOGLE: “Shiv.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6600: Internet Protocols Informal Quiz #05: SOLUTIONS Shivkumar Kalyanaraman: GOOGLE: “Shiv.
The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University
Rice Networks Group Aleksandar Kuzmanovic & Edward W. Knightly TCP-LP: A Distributed Algorithm for Low Priority Data Transfer.

Rice Networks Group Aleksandar Kuzmanovic & Edward W. Knightly TCP-LP: A Distributed Algorithm for Low Priority Data Transfer.
Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.

Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)

1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)
A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University
High-performance bulk data transfers with TCP Matei Ripeanu University of Chicago.

High-performance bulk data transfers with TCP Matei Ripeanu University of Chicago.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Rice University R. Les Cottrell SLAC/SCS-Network Monitoring.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Rice University R. Les Cottrell SLAC/SCS-Network Monitoring.

Similar presentations

Ads by Google