Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fairness Attacks in the eXplicit Control Protocol Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara.

Published byJunior Sims Modified over 9 years ago

Similar presentations

Presentation on theme: "Fairness Attacks in the eXplicit Control Protocol Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara."— Presentation transcript:

1 Fairness Attacks in the eXplicit Control Protocol Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara

2 Motivation Heavy research in recent years into explicit feedback protocols Demonstrate desirable qualities ◦Fairness between flows ◦High utilization ◦Few drops ◦No slow start Not security aware “Honesty is for the most part less profitable than dishonesty” -- Plato, The Republic Our work: quantifying the impact of attackers through detailed experiments

3 Table of Contents Background and Attack Model Experimental Setup Sender-side Attacker ◦Congestion controlled ◦Fully Unresponsive Receiver-side Attacker Proposed Defenses Conclusion

4 Background – Explicit Feedback Bottleneck Explicit Feedback Enabled Internet Feedback = -42 Throughput = -42 Throughput = 1000

5 Attack Model Feedback mechanism abuse enables attacks: ◦Selective compliance with feedback ◦Falsified feedback Two attack types: ◦Sender-side ignores feedback ◦Receiver-side falsifies header information Attacker goals: ◦Control as much bandwidth as possible ◦Denial of Service (DoS) remote hosts

6 Experimental Setup Attacker models implemented using XCP Tests performed in ns2 ◦10ms latency ◦1KB packets ◦Drop-tail queues ◦20 Mbit bottleneck link ◦

7 Sender-side Attacker Explicit Feedback Enabled Internet Feedback = -42 Throughput = 1000 Throughput = -42

8 Sender-side Attacker Two types of attackers implemented: ◦Congestion controlled  TCP like behavior  Continuous additive c_wnd growth  Multiplicative c_wnd back off after packet drop ◦Fully unresponsive  Only probes for bandwidth once (1 packet drop)  Locks c_wnd at 50% of current size  Trumps congestion controlled attackers  Resumes probing in response to: ◦ positive feedback ◦ 25% reduction in RTT

9 Sender-side Attacker (Congestion Controlled) 9 Sender-Side Attackers w/ 1 Normal Flow Normal FlowUtilization

10 Sender-side Attacker Two types of attackers implemented: ◦Congestion controlled  TCP like behavior  Continuous additive c_wnd growth  Multiplicative c_wnd back off after packet drop ◦Fully unresponsive  Only probes for bandwidth once (1 packet drop)  Locks c_wnd at 50% of current size  Trumps congestion controlled attackers  Resumes probing in response to: ◦ positive feedback ◦ 25% reduction in RTT

11 Sender-side Attacker (Fully Unresponsive) 1 Sender-Side Attacker w/ 49 Normal Flows A +10 B +35 Total Flows = 5Total Flows = 15Total Flows = 50

12 Sender-side Attacker (Fully Unresponsive) 4 Sender-Side Attackers w/ 1 Normal Flow A +1 B +1 C +1 D Normal Flow

13 Receiver-side Attacker Explicit Feedback Enabled Internet Feedback = 9999 Throughput = 1000 Throughput = -42

14 Receiver-side Attacker 1 Receiver-Side Attacker w/ 49 Normal Flows

15 Proposed Defenses: Edge Monitors Edge monitors ◦Must be ubiquitous ◦Requires per flow monitoring/state Sender-side attacks detected by monitoring actual versus expected throughput Receiver-side attacks are trivially detected Issues: ◦Ubiquity of monitors can not be guaranteed ◦Unfeasible router overhead ◦Network edge does not exist

16 Proposed Defenses: Attack Severity Sender-side attacks are tractable problem ◦Elephant flow monitors exist ◦Detectable anywhere in network path ◦Motivation for attack is lacking ◦Can not be used to DoS Receiver-side attacks represent difficult challenge ◦Can target/break well behaved hosts ◦DoS potential ◦Motivation for attack is much stronger

17 Proposed Defenses: Nonce Feedback Injection Explicit Feedback Enabled Internet Feedback = -H4X0R3D Throughput = -H4X0R3D

18 Proposed Defenses: Nonce Feedback Injection Explicit Feedback Enabled Internet Feedback = 9999 Throughput = -H4X0R3D

19 Conclusion Existing explicit feedback protocols are vulnerable to exploitation ◦Sender-side attacks ◦Receiver-side attacks Attacks are highly effective Applies to existing explicit feedback protocols ◦XCP, RCP, MaxNet, JetMax, etc Proposed solutions are inadequate ◦Potential solution: nonce feedback injection

20 Questions?

Download ppt "Fairness Attacks in the eXplicit Control Protocol Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara."

Similar presentations

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.
Packet Video 2003 1 TCP Video Streaming to Bandwidth-Limited Access Links Puneet Mehra and Avideh Zakhor Video and Image Processing Lab University of California,

Packet Video TCP Video Streaming to Bandwidth-Limited Access Links Puneet Mehra and Avideh Zakhor Video and Image Processing Lab University of California,
PCP a Savior or a Saboteur? Presented by: Ao-Jan Su.

PCP a Savior or a Saboteur? Presented by: Ao-Jan Su.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.

TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.
Restricted Slow-Start for TCP William Allcock 1,2, Sanjay Hegde 3 and Rajkumar Kettimuthu 1,2 1 Argonne National Laboratory 2 The University of Chicago.

Restricted Slow-Start for TCP William Allcock 1,2, Sanjay Hegde 3 and Rajkumar Kettimuthu 1,2 1 Argonne National Laboratory 2 The University of Chicago.
Router-assisted congestion control Lecture 8 CS 653, Fall 2010.

Router-assisted congestion control Lecture 8 CS 653, Fall 2010.
1 Service Differentiation at Transport Layer via TCP Westwood Low- Priority (TCPW-LP) H. Shimonishi, M.Y. Sanadidi and M. Geria System Platforms Research.

1 Service Differentiation at Transport Layer via TCP Westwood Low- Priority (TCPW-LP) H. Shimonishi, M.Y. Sanadidi and M. Geria System Platforms Research.
Presentation by Joe Szymanski For Upper Layer Protocols May 18, 2015.

Presentation by Joe Szymanski For Upper Layer Protocols May 18, 2015.
Approximate Fair Control-delay (AF-CODEL) Queue over High-speed Networks Lin Xue Nov.2012 1.

Approximate Fair Control-delay (AF-CODEL) Queue over High-speed Networks Lin Xue Nov
Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.
Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.

Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.
XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.

XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.
The War Between Mice and Elephants Liang Guo and Ibrahim Matta Boston University ICNP 2001 Presented by Thangam Seenivasan 1.

The War Between Mice and Elephants Liang Guo and Ibrahim Matta Boston University ICNP 2001 Presented by Thangam Seenivasan 1.
An Implementation and Experimental Study of the eXplicit Control Protocol (XCP) Yongguang Zhang and Tom Henderson INFOCOMM 2005 Presenter - Bob Kinicki.

An Implementation and Experimental Study of the eXplicit Control Protocol (XCP) Yongguang Zhang and Tom Henderson INFOCOMM 2005 Presenter - Bob Kinicki.
Congestion control in data centers

Congestion control in data centers
Adaptive Packet Marking for Maintaining End-to-End Throughput in a Differentiated-Services Internet Wu-Chang Feng, Dilip D.Kandlur, Member, IEEE, Debanjan.

Adaptive Packet Marking for Maintaining End-to-End Throughput in a Differentiated-Services Internet Wu-Chang Feng, Dilip D.Kandlur, Member, IEEE, Debanjan.
Explicit Congestion Notification ECN Tilo Hamann Technical University Hamburg-Harburg, Germany.

Explicit Congestion Notification ECN Tilo Hamann Technical University Hamburg-Harburg, Germany.
Networks: Congestion Control1 Congestion Control.

Networks: Congestion Control1 Congestion Control.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)

1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)

Similar presentations

Ads by Google