![Page 1: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/1.jpg)
Fairness Attacks in the Fairness Attacks in the eXplicit Control ProtocoleXplicit Control Protocol
Christo WilsonChristopher Coakley
Ben Y. ZhaoUniversity of California Santa Barbara
![Page 2: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/2.jpg)
MotivationMotivation
Heavy research in recent years into explicit feedback protocols Demonstrate desirable qualities
◦ Fairness between flows
◦ High utilization
◦ Few drops
◦ No slow start
Not security aware “Honesty is for the most part less profitable than dishonesty” --
Plato, The Republic Our work: quantifying the impact of attackers through detailed
experiments
![Page 3: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/3.jpg)
Table of ContentsTable of Contents
Background and Attack ModelExperimental SetupSender-side Attacker
◦ Congestion controlled
◦ Fully Unresponsive
Receiver-side AttackerProposed DefensesConclusion
![Page 4: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/4.jpg)
Background – Explicit FeedbackBackground – Explicit Feedback
Bottleneck
Explicit Feedback Enabled InternetFeedback =
-42
Throughput =-42
Throughput =
1000
![Page 5: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/5.jpg)
Attack ModelAttack Model
Feedback mechanism abuse enables attacks:◦ Selective compliance with feedback
◦ Falsified feedback
Two attack types:◦ Sender-side ignores feedback
◦ Receiver-side falsifies header information
Attacker goals:◦ Control as much bandwidth as possible
◦ Denial of Service (DoS) remote hosts
![Page 6: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/6.jpg)
Experimental SetupExperimental Setup
Attacker models implemented using XCPTests performed in ns2
◦ 10ms latency
◦ 1KB packets
◦ Drop-tail queues
◦ 20 Mbit bottleneck link
◦
![Page 7: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/7.jpg)
Sender-side AttackerSender-side Attacker
Explicit Feedback Enabled Internet
Feedback =
-42
Throughput =
1000
Throughput =
-42
![Page 8: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/8.jpg)
Sender-side AttackerSender-side Attacker
Two types of attackers implemented:◦ Congestion controlled
TCP like behavior Continuous additive c_wnd growth Multiplicative c_wnd back off after packet drop
◦ Fully unresponsive Only probes for bandwidth once (1 packet drop) Locks c_wnd at 50% of current size Trumps congestion controlled attackers Resumes probing in response to:
◦ positive feedback
◦ 25% reduction in RTT
![Page 9: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/9.jpg)
Sender-side Attacker (Congestion Controlled)Sender-side Attacker (Congestion Controlled)
9 Sender-Side Attackers w/ 1 Normal Flow
Normal Flow
Utilization
![Page 10: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/10.jpg)
Sender-side AttackerSender-side Attacker
Two types of attackers implemented:◦ Congestion controlled
TCP like behavior Continuous additive c_wnd growth Multiplicative c_wnd back off after packet drop
◦ Fully unresponsive Only probes for bandwidth once (1 packet drop) Locks c_wnd at 50% of current size Trumps congestion controlled attackers Resumes probing in response to:
◦ positive feedback
◦ 25% reduction in RTT
![Page 11: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/11.jpg)
Sender-side Attacker (Fully Unresponsive)Sender-side Attacker (Fully Unresponsive)
1 Sender-Side Attacker w/ 49 Normal Flows
A+10
B
+35
Total Flows = 5 Total Flows = 15 Total Flows = 50
![Page 12: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/12.jpg)
Sender-side Attacker (Fully Unresponsive)Sender-side Attacker (Fully Unresponsive)
4 Sender-Side Attackers w/ 1 Normal Flow
A+1 B
+1C+1
D-1
Normal Flow
![Page 13: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/13.jpg)
Receiver-side AttackerReceiver-side Attacker
Explicit Feedback Enabled Internet
Feedback =
9999
Throughput =
1000Throughput =
-42
![Page 14: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/14.jpg)
Receiver-side AttackerReceiver-side Attacker
1 Receiver-Side Attacker w/ 49 Normal Flows
![Page 15: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/15.jpg)
Proposed Defenses: Edge Proposed Defenses: Edge MonitorsMonitors
Edge monitors◦ Must be ubiquitous
◦ Requires per flow monitoring/state
Sender-side attacks detected by monitoring actual versus expected throughput
Receiver-side attacks are trivially detectedIssues:
◦ Ubiquity of monitors can not be guaranteed
◦ Unfeasible router overhead
◦ Network edge does not exist
![Page 16: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/16.jpg)
Proposed Defenses: Attack SeverityProposed Defenses: Attack Severity
Sender-side attacks are tractable problem◦ Elephant flow monitors exist
◦ Detectable anywhere in network path
◦ Motivation for attack is lacking
◦ Can not be used to DoS
Receiver-side attacks represent difficult challenge◦ Can target/break well behaved hosts
◦ DoS potential
◦ Motivation for attack is much stronger
![Page 17: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/17.jpg)
Proposed Defenses: Nonce Feedback InjectionProposed Defenses: Nonce Feedback Injection
Explicit Feedback Enabled Internet
Feedback =
-H4X0R3D
Throughput =
-H4X0R3D
![Page 18: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/18.jpg)
Proposed Defenses: Nonce Feedback InjectionProposed Defenses: Nonce Feedback Injection
Explicit Feedback Enabled Internet
Feedback =
9999
Throughput =
-H4X0R3D
![Page 19: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/19.jpg)
ConclusionConclusion
Existing explicit feedback protocols are vulnerable to exploitation◦ Sender-side attacks
◦ Receiver-side attacks
Attacks are highly effectiveApplies to existing explicit feedback protocols
◦ XCP, RCP, MaxNet, JetMax, etc
Proposed solutions are inadequate◦ Potential solution: nonce feedback injection
![Page 20: Fairness Attacks in the eXplicit Control Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062517/56812d13550346895d91ed5a/html5/thumbnails/20.jpg)
Questions?Questions?