fairness attacks in the explicit control protocol
DESCRIPTION
Fairness Attacks in the eXplicit Control Protocol. Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara. Heavy research in recent years into explicit feedback protocols Demonstrate desirable qualities Fairness between flows High utilization Few drops - PowerPoint PPT PresentationTRANSCRIPT
Fairness Attacks in the Fairness Attacks in the eXplicit Control ProtocoleXplicit Control Protocol
Christo WilsonChristopher Coakley
Ben Y. ZhaoUniversity of California Santa Barbara
MotivationMotivation
Heavy research in recent years into explicit feedback protocols Demonstrate desirable qualities
◦ Fairness between flows
◦ High utilization
◦ Few drops
◦ No slow start
Not security aware “Honesty is for the most part less profitable than dishonesty” --
Plato, The Republic Our work: quantifying the impact of attackers through detailed
experiments
Table of ContentsTable of Contents
Background and Attack ModelExperimental SetupSender-side Attacker
◦ Congestion controlled
◦ Fully Unresponsive
Receiver-side AttackerProposed DefensesConclusion
Background – Explicit FeedbackBackground – Explicit Feedback
Bottleneck
Explicit Feedback Enabled InternetFeedback =
-42
Throughput =-42
Throughput =
1000
Attack ModelAttack Model
Feedback mechanism abuse enables attacks:◦ Selective compliance with feedback
◦ Falsified feedback
Two attack types:◦ Sender-side ignores feedback
◦ Receiver-side falsifies header information
Attacker goals:◦ Control as much bandwidth as possible
◦ Denial of Service (DoS) remote hosts
Experimental SetupExperimental Setup
Attacker models implemented using XCPTests performed in ns2
◦ 10ms latency
◦ 1KB packets
◦ Drop-tail queues
◦ 20 Mbit bottleneck link
◦
Sender-side AttackerSender-side Attacker
Explicit Feedback Enabled Internet
Feedback =
-42
Throughput =
1000
Throughput =
-42
Sender-side AttackerSender-side Attacker
Two types of attackers implemented:◦ Congestion controlled
TCP like behavior Continuous additive c_wnd growth Multiplicative c_wnd back off after packet drop
◦ Fully unresponsive Only probes for bandwidth once (1 packet drop) Locks c_wnd at 50% of current size Trumps congestion controlled attackers Resumes probing in response to:
◦ positive feedback
◦ 25% reduction in RTT
Sender-side Attacker (Congestion Controlled)Sender-side Attacker (Congestion Controlled)
9 Sender-Side Attackers w/ 1 Normal Flow
Normal Flow
Utilization
Sender-side AttackerSender-side Attacker
Two types of attackers implemented:◦ Congestion controlled
TCP like behavior Continuous additive c_wnd growth Multiplicative c_wnd back off after packet drop
◦ Fully unresponsive Only probes for bandwidth once (1 packet drop) Locks c_wnd at 50% of current size Trumps congestion controlled attackers Resumes probing in response to:
◦ positive feedback
◦ 25% reduction in RTT
Sender-side Attacker (Fully Unresponsive)Sender-side Attacker (Fully Unresponsive)
1 Sender-Side Attacker w/ 49 Normal Flows
A+10
B
+35
Total Flows = 5 Total Flows = 15 Total Flows = 50
Sender-side Attacker (Fully Unresponsive)Sender-side Attacker (Fully Unresponsive)
4 Sender-Side Attackers w/ 1 Normal Flow
A+1 B
+1C+1
D-1
Normal Flow
Receiver-side AttackerReceiver-side Attacker
Explicit Feedback Enabled Internet
Feedback =
9999
Throughput =
1000Throughput =
-42
Receiver-side AttackerReceiver-side Attacker
1 Receiver-Side Attacker w/ 49 Normal Flows
Proposed Defenses: Edge Proposed Defenses: Edge MonitorsMonitors
Edge monitors◦ Must be ubiquitous
◦ Requires per flow monitoring/state
Sender-side attacks detected by monitoring actual versus expected throughput
Receiver-side attacks are trivially detectedIssues:
◦ Ubiquity of monitors can not be guaranteed
◦ Unfeasible router overhead
◦ Network edge does not exist
Proposed Defenses: Attack SeverityProposed Defenses: Attack Severity
Sender-side attacks are tractable problem◦ Elephant flow monitors exist
◦ Detectable anywhere in network path
◦ Motivation for attack is lacking
◦ Can not be used to DoS
Receiver-side attacks represent difficult challenge◦ Can target/break well behaved hosts
◦ DoS potential
◦ Motivation for attack is much stronger
Proposed Defenses: Nonce Feedback InjectionProposed Defenses: Nonce Feedback Injection
Explicit Feedback Enabled Internet
Feedback =
-H4X0R3D
Throughput =
-H4X0R3D
Proposed Defenses: Nonce Feedback InjectionProposed Defenses: Nonce Feedback Injection
Explicit Feedback Enabled Internet
Feedback =
9999
Throughput =
-H4X0R3D
ConclusionConclusion
Existing explicit feedback protocols are vulnerable to exploitation◦ Sender-side attacks
◦ Receiver-side attacks
Attacks are highly effectiveApplies to existing explicit feedback protocols
◦ XCP, RCP, MaxNet, JetMax, etc
Proposed solutions are inadequate◦ Potential solution: nonce feedback injection
Questions?Questions?