1 / 20

Fairness Attacks in the eXplicit Control Protocol

Fairness Attacks in the eXplicit Control Protocol. Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara. Heavy research in recent years into explicit feedback protocols Demonstrate desirable qualities Fairness between flows High utilization Few drops

ila-calhoun
Download Presentation

Fairness Attacks in the eXplicit Control Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fairness Attacks in the eXplicit Control Protocol ChristoWilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara

  2. Heavy research in recent years into explicit feedback protocols • Demonstrate desirable qualities • Fairness between flows • High utilization • Few drops • No slow start • Not security aware • “Honesty is for the most part less profitable than dishonesty” -- Plato, The Republic • Our work: quantifying the impact of attackers through detailed experiments Motivation

  3. Background and Attack Model • Experimental Setup • Sender-side Attacker • Congestion controlled • Fully Unresponsive • Receiver-side Attacker • Proposed Defenses • Conclusion Table of Contents

  4. Throughput = 1000 Throughput = -42 Bottleneck Feedback = -42 Explicit Feedback Enabled Internet Background – Explicit Feedback

  5. Feedback mechanism abuse enables attacks: • Selective compliance with feedback • Falsified feedback • Two attack types: • Sender-side ignores feedback • Receiver-side falsifies header information • Attacker goals: • Control as much bandwidth as possible • Denial of Service (DoS) remote hosts Attack Model

  6. Attacker models implemented using XCP • Tests performed in ns2 • 10ms latency • 1KB packets • Drop-tail queues • 20 Mbit bottleneck link Experimental Setup

  7. Throughput = 1000 Throughput = -42 Explicit Feedback Enabled Internet Feedback = -42 Sender-side Attacker

  8. Two types of attackers implemented: • Congestion controlled • TCP like behavior • Continuous additive c_wnd growth • Multiplicative c_wnd back off after packet drop • Fully unresponsive • Only probes for bandwidth once (1 packet drop) • Locks c_wnd at 50% of current size • Trumps congestion controlled attackers • Resumes probing in response to: • positive feedback • 25% reduction in RTT Sender-side Attacker

  9. 9 Sender-Side Attackers w/ 1 Normal Flow Normal Flow Utilization Sender-side Attacker (Congestion Controlled)

  10. Two types of attackers implemented: • Congestion controlled • TCP like behavior • Continuous additive c_wnd growth • Multiplicative c_wnd back off after packet drop • Fully unresponsive • Only probes for bandwidth once (1 packet drop) • Locks c_wnd at 50% of current size • Trumps congestion controlled attackers • Resumes probing in response to: • positive feedback • 25% reduction in RTT Sender-side Attacker

  11. 1 Sender-Side Attacker w/ 49 Normal Flows Total Flows = 5 Total Flows = 15 Total Flows = 50 B +35 A +10 Sender-side Attacker (Fully Unresponsive)

  12. 4 Sender-Side Attackers w/ 1 Normal Flow A +1 B +1 C +1 D -1 Normal Flow Sender-side Attacker (Fully Unresponsive)

  13. Throughput = 1000 Throughput = -42 Explicit Feedback Enabled Internet Feedback = 9999 Receiver-side Attacker

  14. 1 Receiver-Side Attacker w/ 49 Normal Flows Receiver-side Attacker

  15. Edge monitors • Must be ubiquitous • Requires per flow monitoring/state • Sender-side attacks detected by monitoring actual versus expected throughput • Receiver-side attacks are trivially detected • Issues: • Ubiquity of monitors can not be guaranteed • Unfeasible router overhead • Network edge does not exist Proposed Defenses: Edge Monitors

  16. Sender-side attacks are tractable problem • Elephant flow monitors exist • Detectable anywhere in network path • Motivation for attack is lacking • Can not be used to DoS • Receiver-side attacks represent difficult challenge • Can target/break well behaved hosts • DoS potential • Motivation for attack is much stronger Proposed Defenses: Attack Severity

  17. Throughput = -H4X0R3D Explicit Feedback Enabled Internet Feedback = -H4X0R3D Proposed Defenses: Nonce Feedback Injection

  18. Throughput = -H4X0R3D Explicit Feedback Enabled Internet Feedback = 9999 Proposed Defenses: Nonce Feedback Injection

  19. Existing explicit feedback protocols are vulnerable to exploitation • Sender-side attacks • Receiver-side attacks • Attacks are highly effective • Applies to existing explicit feedback protocols • XCP, RCP, MaxNet, JetMax, etc • Proposed solutions are inadequate • Potential solution: nonce feedback injection Conclusion

  20. Questions?

More Related