310 likes | 450 Views
Analyzing the jitter-attacks against TCP flows. Moumbe Arno Patrice. 09 february 2005. Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux. Outline. How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion.
E N D
Analyzing the jitter-attacks against TCP flows Moumbe Arno Patrice 09 february 2005 Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux
Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion
Sender Receiver Packet RTT RTO ACK Packet How does TCP work? • RTT (Round Trip Time) is the time elapsed between sending a packet and receiving its Acknowledgement • RTO (Retransmission Time Out)is the time after which the packet is sent again if there is no ACK Figure 1: TCP
How does TCP work according to RFC2988 SRTT(k+1) = a * SRTT(k) + (1-a) * RTT(k+1) (SRTT = Smoothed Round Trip Time) is the average of RTT estimator. RTTVAR = (1 - β) * RTTVAR + β* |SRTT - RTT| RTTVAR is the smoothed RTT deviation estimator. α =1/8 and β =1/4 RTO = max (minRTO , SRTT+ max (G, 4 RTTVAR)) (RTO = Retransmission Time Out)is the time that elapses after a packet has been sent until the sender considers it lost and therefore retransmits it. G <= 100 msec 3 sec
Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion
Differents kinds of attacks on TCP • JellyFish Drop • JellyFish reorder • JellyFish Jitter
Differents kinds of attacks on TCP • JellyFish Drop • JellyFish reorder • JellyFish Jitter
Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion
Our goal Find the best way to drop the throughput of TCP by using Jitter Attack We simulated several methods, and present the performance of three of them We will emphasize on the best one
Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion
First Method Figure 2: first method of jitter attack Figure 3: RTT increase
Second Method Figure 4: RTT increase (second method)
Third Method Figure 5: RTT increase
Third Method (cont’d) Figure 6: δRTT to be added to RTT of a packet
Comparison of Methods two and three Figure 7: comparison of throughput of two methods Attack starts at second 100
Comparison of Methods two and three Figure 8: difference of throughputs of methods two and three Th = Th_Method3 – Th_Method2
Third Method (cont’d) We have three parameters to use in our implementation • Number of Hops • The Period T (s) • tp (s) Figure 9: presentation of parameters
Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion
Simulation Results (Number of Hops) Figure 10: Throughput over 2 hops, T=1 s, tp = 0,1 s Figure 11: Throughput over 8 hops, T = 1 s, tp = 0,1 s
Simulation Results (cont’d) Period T (s) Figure 12: Comparison of throughputs for two periods (T)
Simulation Results (cont’d) tp (s) Figure 13 : throughputs vs tp
Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion
Discussion Effect of the Jitter First we compute the average additional delay introduce by the Jitter implementation Jitter approach We build a new implementation where we shift all the packets by d0 delay approach RTT1 = RTT2 = … = RTTn = d0 Therefore , for two implementations, we have the same average delay
Discussion (cont’d) Figure 14: Comparison of the throughputs of the delay and Jitter approaches For 2 and 4 hops
Discussion (cont’d) For 6 and 8 hops Figure 15: Comparison of the throughputs of the delay and Jitter approaches
Discussion (cont’d) Table 1: equivalence of percent / average for each number of hops
Discussion (cont’d) Figure 16: Comparison of difference of throughput between Jitter and Delay
Discussion (cont’d) Using Table 1 and Figure 16, we can say that to have a good throughput drop using the Jitter attack, (without caring about the number of hops): • Number of hops = don’t care • T = 1 s • 0,1 < tp < 0,5 (with a good result for tp = 0.3 s) Possibility to automate the drop of the throughput (by trying several values of tp)
Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion
Conclusion We derived the good parameters that drop the throughput of TCP, regardless of the number of hops. • Period = T = 1 second • Percent = tp = 0.3 second We also showed that the Jitter attack may drop very few throughput if throughput is low