Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols."— Presentation transcript:

1 Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols

2 Motivation l Sender-based TCP –Control functions given to the sender

3 Receiver-Based TCP l Receiver decides how much data can be sent, and which data should be sent by the sender l DATA – ACK communication becomes REQ - DATA l Example protocols –TFRC [RFC3448], WebTP, and RCP

4 Why Receiver-Based TCP? l Example: Busy web server –Receiver-based TCP distributes the state management across a large number of clients l Generally –Whenever a feedback is needed from the receiver, receiver-based TCP has advantage over sender-based schemes due to the locality of information l Benefits [RCP03] Performance Functionality - Loss recovery- Seamless handoffs - Congestion control- Server migration - Power management for - Bandwidth aggregation mobile devices - Web response times - Network-specific congestion control

5 Vulnerability l Receivers remotely control servers by deciding which packets and when to be sent l Receivers have both means and incentive to manipulate the congestion control algorithm –Means: open source OS –Incentive: faster web browsing & file download

6 An Example: Request-Flood Attack l Request flood attack –A misbehaving receiver floods the server with requests, which replies and congests the network l Resource stealing –A misbehaving receiver moderately re-tunes TCP parameters to gain performance, yet eludes detection

7 Remaining Outline l Modeling receiver misbehaviors l Evaluate network-based solutions l Present an end-point solution l Conclusion

8 Algorithmic Misbehavior Why parameter-based misbehaviors? –Easy to implement –Tells how much you can misbehave while eluding detection l Goal –Compute TCP throughput for arbitrary (misbehaving) parameters

9 Bandwidth Stealing

10 Network-Based Solutions l RED-PD [MFW01] designed to detect non- responsive flows –Monitors only a subset of flows at the router and compares their rates to the targeted bandwidth (TB)  TB is computed as a TCP-fair throughput for »Observed Ploss & RTT=40ms  If Ti > TB => flow i malicious l Pushback [RFC3168] –Once a misbehavior is detected, network nodes coordinate efforts to thwart a malicious (flooding) node

11 RED-PD l Fact –Network-based schemes lack the exact knowledge of end-point parameters l Example –RED-PD doesn’t know about RTT: TB=f(Ploss, RTT=40ms) l Implication –Clients with RTT > 40 ms can exploit this vulnerability l Algorithmic misbehavior –Our algorithm tells how to re-tune AIMD parameters to steal bandwidth, yet elude detection

12 Pushback l The request-flood attack and Pushback l But in the request flooding scenario, the flooding machine is not malicious –moreover, it is a victim…

13 An End-Point Solution l Sender-side verification: –Ping Agent:  Measures RTT by pinging the receiver –TFRC Agent:  Computes “TCP- fair” rate –Control Agent:  Enforces the sending rate

14 A Server-Side Only Solution l Secure RTT measurement –What if the receiver simulates a shorter RTT?  Use nonce [ESWSA01]  Randomize the time between pings l Secure Ploss measurement –What if the receiver floods the sender with requests?  Use nonce [ESWSA01]  The sender purposely drops a packet; if the receiver never re- request the packet – it is cheating! The solution is completely independent of a potentially misbehaving receiver

15 Evaluation l Scenarios: –with behaving receiver (to study false positives) –with misbehaving receivers (to study detection) End-point scheme is able to detect even very moderate misbehaviors Slight inaccuracy for higher packet loss ratios (due to TFRC conservatism)

16 Challenges l “Advanced” TCP stacks –From the sender’s perspective, advanced TCP stacks look like a receiver’s misbehavior l HTTP servers –A single malicious receiver can significantly degrade performance to others –Counter mechanisms discussed in the paper  Can protect against DoS, but at the same time can reduce the performance in absence of DoS attacks

17 Conclusions l Receiver-based TCP stacks are highly vulnerable to receiver misbehaviors –cannot be safely deployed in the Internet without some level of protection l Network-based schemes are fundamentally limited to thwart receiver misbehaviors l An end-point-based solution –accurate and independent of a potentially misbehaving receiver –system security and protocol performance  both cannot be maximized simultaneously

Download ppt "Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols."

Similar presentations

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Mobile Agents Mouse House Creative Technologies Mike OBrien.

Mobile Agents Mouse House Creative Technologies Mike OBrien.
1 Specifying New Congestion Control Algorithms Sally Floyd and Mark Allman draft-floyd-cc-alt-00.txt November 2006 TSVWG Slides:

1 Specifying New Congestion Control Algorithms Sally Floyd and Mark Allman draft-floyd-cc-alt-00.txt November 2006 TSVWG Slides:
Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.
Congestion Control Reasons: - too many packets in the network and not enough buffer space S = rate at which packets are generated R = rate at which receivers.

Congestion Control Reasons: - too many packets in the network and not enough buffer space S = rate at which packets are generated R = rate at which receivers.
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.
SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic CS740 Project Presentation by N. Gupta, S. Kumar, R. Rajamani.

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic CS740 Project Presentation by N. Gupta, S. Kumar, R. Rajamani.
Camarillo / Schulzrinne / Kantola November 26th, 2001 SIP over SCTP performance analysis

Camarillo / Schulzrinne / Kantola November 26th, 2001 SIP over SCTP performance analysis
Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.

Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.
Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.
The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)

The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)
CS 495 Advanced Networking David R. Choffnes, Spring 2005 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly.

CS 495 Advanced Networking David R. Choffnes, Spring 2005 Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, Edward W. Knightly.
The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP 2001 1.

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP
The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University
Rice Networks Group Aleksandar Kuzmanovic & Edward W. Knightly TCP-LP: A Distributed Algorithm for Low Priority Data Transfer.

Rice Networks Group Aleksandar Kuzmanovic & Edward W. Knightly TCP-LP: A Distributed Algorithm for Low Priority Data Transfer.
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University
ISCSI Performance in Integrated LAN/SAN Environment Li Yin U.C. Berkeley.

ISCSI Performance in Integrated LAN/SAN Environment Li Yin U.C. Berkeley.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Leveraging Multiple Network Interfaces for Improved TCP Throughput Sridhar Machiraju SAHARA Retreat, June 10-12, 2002.

Leveraging Multiple Network Interfaces for Improved TCP Throughput Sridhar Machiraju SAHARA Retreat, June 10-12, 2002.

Similar presentations

Ads by Google