1 / 31

Analyzing the jitter-attacks against TCP flows

Analyzing the jitter-attacks against TCP flows. Moumbe Arno Patrice. 09 february 2005. Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux. Outline. How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion.

Download Presentation

Analyzing the jitter-attacks against TCP flows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Analyzing the jitter-attacks against TCP flows Moumbe Arno Patrice 09 february 2005 Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux

  2. Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion

  3. Sender Receiver Packet RTT RTO ACK Packet How does TCP work? • RTT (Round Trip Time) is the time elapsed between sending a packet and receiving its Acknowledgement • RTO (Retransmission Time Out)is the time after which the packet is sent again if there is no ACK Figure 1: TCP

  4. How does TCP work according to RFC2988 SRTT(k+1) = a * SRTT(k) + (1-a) * RTT(k+1) (SRTT = Smoothed Round Trip Time) is the average of RTT estimator. RTTVAR = (1 - β) * RTTVAR + β* |SRTT - RTT| RTTVAR is the smoothed RTT deviation estimator. α =1/8 and β =1/4 RTO = max (minRTO , SRTT+ max (G, 4 RTTVAR)) (RTO = Retransmission Time Out)is the time that elapses after a packet has been sent until the sender considers it lost and therefore retransmits it. G <= 100 msec 3 sec

  5. Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion

  6. Differents kinds of attacks on TCP • JellyFish Drop • JellyFish reorder • JellyFish Jitter

  7. Differents kinds of attacks on TCP • JellyFish Drop • JellyFish reorder • JellyFish Jitter

  8. Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion

  9. Our goal Find the best way to drop the throughput of TCP by using Jitter Attack We simulated several methods, and present the performance of three of them We will emphasize on the best one

  10. Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion

  11. First Method Figure 2: first method of jitter attack Figure 3: RTT increase

  12. Second Method Figure 4: RTT increase (second method)

  13. Third Method Figure 5: RTT increase

  14. Third Method (cont’d) Figure 6: δRTT to be added to RTT of a packet

  15. Comparison of Methods two and three Figure 7: comparison of throughput of two methods Attack starts at second 100

  16. Comparison of Methods two and three Figure 8: difference of throughputs of methods two and three Th = Th_Method3 – Th_Method2

  17. Third Method (cont’d) We have three parameters to use in our implementation • Number of Hops • The Period T (s) • tp (s) Figure 9: presentation of parameters

  18. Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion

  19. Simulation Results (Number of Hops) Figure 10: Throughput over 2 hops, T=1 s, tp = 0,1 s Figure 11: Throughput over 8 hops, T = 1 s, tp = 0,1 s

  20. Simulation Results (cont’d) Period T (s) Figure 12: Comparison of throughputs for two periods (T)

  21. Simulation Results (cont’d) tp (s) Figure 13 : throughputs vs tp

  22. Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion

  23. Discussion Effect of the Jitter First we compute the average additional delay introduce by the Jitter implementation Jitter approach We build a new implementation where we shift all the packets by d0 delay approach RTT1 = RTT2 = … = RTTn = d0 Therefore , for two implementations, we have the same average delay

  24. Discussion (cont’d) Figure 14: Comparison of the throughputs of the delay and Jitter approaches For 2 and 4 hops

  25. Discussion (cont’d) For 6 and 8 hops Figure 15: Comparison of the throughputs of the delay and Jitter approaches

  26. Discussion (cont’d) Table 1: equivalence of percent / average for each number of hops

  27. Discussion (cont’d) Figure 16: Comparison of difference of throughput between Jitter and Delay

  28. Discussion (cont’d) Using Table 1 and Figure 16, we can say that to have a good throughput drop using the Jitter attack, (without caring about the number of hops): • Number of hops = don’t care • T = 1 s • 0,1 < tp < 0,5 (with a good result for tp = 0.3 s) Possibility to automate the drop of the throughput (by trying several values of tp)

  29. Outline • How does TCP work? • Different kinds of attacks on TCP • Our goal • Different methods of Jitter Attack • Simulation Results • Discussion • Conclusion

  30. Conclusion We derived the good parameters that drop the throughput of TCP, regardless of the number of hops. • Period = T = 1 second • Percent = tp = 0.3 second We also showed that the Jitter attack may drop very few throughput if throughput is low

  31. Thanks you for your attention

More Related