In this paper, the authors discuss the impact that misbehaving receivers
can have on TCP congestion control. In end-to-end congestion control
mechanisms, a misbehaving sender may increase the rate of sending data to
overwhelm the network. This paper shows that, a misbehaving receiver can
achieve the same result. The interesting result is the misbehaving
receivers would not get a higher data transmission rate than well behaved
ones.
The authors first identify several vulnerabilities in TCP that allows
malicious receivers to control the sending rate of TCP senders. These
vulnerabilities are: ACK division, DupACK spoofing, and optimistic ACKing.
The authors also demonstrate that these vulnerabilities are widely
applicable in most current TCP implementations. Several modifications of
the TCP protocol are proposed to eliminate these vulnerabilities. To avoid
the ACK division vulnerability, the solutions aim to eliminate the
ambiguity about the interpretation of ACKs. Singular nonce and cumulative
nonce are used for DupACK spoofing and optimistic ACKing separately. These
solutions can be applied to other protocols.
Although TCP protocol has many assumptions and ambiguous specifications,
as discussed in this paper, it is a widely used and successful protocol in
the Internet. Because of this, big changes to TCP are not practical. The
singular nonce and cumulative nonce protocols require the change at both
sender and receiver side. They are complete solutions to eliminate DupACK
spoofing and optimistic ACKing vulnerabilities. However, TCP-based soft
wares are too many and too hard to change. The solutions are not applied
in the TCP protocol.
We can also learn something from the attacking patterns. Take the
optimistic ACKing for example. By sending the anticipated data
acknowledges, the optimistic ACKing reduces the RTT and data is
transferred more quickly. There is a danger of losing data packages and
saturate the sender's connection however. If the recovers behaves wisely,
instead of maliciously, link conditions are good which means less package
loss, and applications can tolerant a certain package loss degree, the
optimistic ACKing may speed up the data transmission. The results show
that the gain of the rate is modest, unlike the other two attacks which
send data in a single burst.
Received on Sun Oct 30 2005 - 20:50:20 EST
This archive was generated by hypermail 2.2.0 : Mon Oct 31 2005 - 01:09:02 EST