200 likes | 313 Views
Fairness Attacks in the eXplicit Control Protocol. Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara. Heavy research in recent years into explicit feedback protocols Demonstrate desirable qualities Fairness between flows High utilization Few drops
E N D
Fairness Attacks in the eXplicit Control Protocol ChristoWilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara
Heavy research in recent years into explicit feedback protocols • Demonstrate desirable qualities • Fairness between flows • High utilization • Few drops • No slow start • Not security aware • “Honesty is for the most part less profitable than dishonesty” -- Plato, The Republic • Our work: quantifying the impact of attackers through detailed experiments Motivation
Background and Attack Model • Experimental Setup • Sender-side Attacker • Congestion controlled • Fully Unresponsive • Receiver-side Attacker • Proposed Defenses • Conclusion Table of Contents
Throughput = 1000 Throughput = -42 Bottleneck Feedback = -42 Explicit Feedback Enabled Internet Background – Explicit Feedback
Feedback mechanism abuse enables attacks: • Selective compliance with feedback • Falsified feedback • Two attack types: • Sender-side ignores feedback • Receiver-side falsifies header information • Attacker goals: • Control as much bandwidth as possible • Denial of Service (DoS) remote hosts Attack Model
Attacker models implemented using XCP • Tests performed in ns2 • 10ms latency • 1KB packets • Drop-tail queues • 20 Mbit bottleneck link Experimental Setup
Throughput = 1000 Throughput = -42 Explicit Feedback Enabled Internet Feedback = -42 Sender-side Attacker
Two types of attackers implemented: • Congestion controlled • TCP like behavior • Continuous additive c_wnd growth • Multiplicative c_wnd back off after packet drop • Fully unresponsive • Only probes for bandwidth once (1 packet drop) • Locks c_wnd at 50% of current size • Trumps congestion controlled attackers • Resumes probing in response to: • positive feedback • 25% reduction in RTT Sender-side Attacker
9 Sender-Side Attackers w/ 1 Normal Flow Normal Flow Utilization Sender-side Attacker (Congestion Controlled)
Two types of attackers implemented: • Congestion controlled • TCP like behavior • Continuous additive c_wnd growth • Multiplicative c_wnd back off after packet drop • Fully unresponsive • Only probes for bandwidth once (1 packet drop) • Locks c_wnd at 50% of current size • Trumps congestion controlled attackers • Resumes probing in response to: • positive feedback • 25% reduction in RTT Sender-side Attacker
1 Sender-Side Attacker w/ 49 Normal Flows Total Flows = 5 Total Flows = 15 Total Flows = 50 B +35 A +10 Sender-side Attacker (Fully Unresponsive)
4 Sender-Side Attackers w/ 1 Normal Flow A +1 B +1 C +1 D -1 Normal Flow Sender-side Attacker (Fully Unresponsive)
Throughput = 1000 Throughput = -42 Explicit Feedback Enabled Internet Feedback = 9999 Receiver-side Attacker
1 Receiver-Side Attacker w/ 49 Normal Flows Receiver-side Attacker
Edge monitors • Must be ubiquitous • Requires per flow monitoring/state • Sender-side attacks detected by monitoring actual versus expected throughput • Receiver-side attacks are trivially detected • Issues: • Ubiquity of monitors can not be guaranteed • Unfeasible router overhead • Network edge does not exist Proposed Defenses: Edge Monitors
Sender-side attacks are tractable problem • Elephant flow monitors exist • Detectable anywhere in network path • Motivation for attack is lacking • Can not be used to DoS • Receiver-side attacks represent difficult challenge • Can target/break well behaved hosts • DoS potential • Motivation for attack is much stronger Proposed Defenses: Attack Severity
Throughput = -H4X0R3D Explicit Feedback Enabled Internet Feedback = -H4X0R3D Proposed Defenses: Nonce Feedback Injection
Throughput = -H4X0R3D Explicit Feedback Enabled Internet Feedback = 9999 Proposed Defenses: Nonce Feedback Injection
Existing explicit feedback protocols are vulnerable to exploitation • Sender-side attacks • Receiver-side attacks • Attacks are highly effective • Applies to existing explicit feedback protocols • XCP, RCP, MaxNet, JetMax, etc • Proposed solutions are inadequate • Potential solution: nonce feedback injection Conclusion