analyzing the jitter-attacks against tcp flows
DESCRIPTION
Analyzing the jitter-attacks against TCP flows. Moumbe Arno Patrice. 09 february 2005. Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux. Outline. How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
Analyzing the jitter-attacks against TCP
flows
Analyzing the jitter-attacks against TCP
flows
Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux
Moumbe Arno Patrice
09 february 2005
2
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
3
How does TCP work?
How does TCP work?
RTT (Round Trip Time ) is the time elapsed between sending a
packet and receiving its Acknowledgement
RTO (Retransmission Time Out) is the time after which the packet is sent again if there is no ACK
Sender Receiver
RTT
ACK
Packet
Packet
RTO
Figure 1: TCP
4
according to RFC2988
SRTT(k+1) = a * SRTT(k) + (1-a) * RTT(k+1)(SRTT = Smoothed Round Trip Time) is the average of RTT estimator.
RTTVAR = (1 - β) * RTTVAR + β* |SRTT - RTT|RTTVAR is the smoothed RTT deviation estimator. α =1/8 and β =1/4
RTO = max (minRTO , SRTT+ max (G, 4 RTTVAR))(RTO = Retransmission Time Out) is the time that elapses after a packet
has been sent until the sender considers it lost and therefore retransmits it. G <= 100 msec 3 sec
How does TCP workHow does TCP work
5
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
6
JellyFish Drop
JellyFish reorder
JellyFish Jitter
Differents kinds of attacks on TCP
Differents kinds of attacks on TCP
7
JellyFish Drop
JellyFish reorder
JellyFish Jitter
Differents kinds of attacks on TCP
Differents kinds of attacks on TCP
8
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
9
Our goalOur goal
Find the best way to drop the throughput of TCP by using Jitter Attack
We simulated several methods, and present the performance of three of them
We will emphasize on the best one
10
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
11
Figure 2: first method of jitter
attack
Figure 3: RTT increase
First MethodFirst Method
12
Second MethodSecond Method
Figure 4: RTT increase (second method)
13
Third MethodThird Method
Figure 5: RTT increase
14
Third Method (cont’d)
Third Method (cont’d)
Figure 6: δRTT to be added to RTT of a packet
15
Comparison of Methods two and three
Comparison of Methods two and three
comparison of Method three and two
0
20000
40000
60000
80000
100000
1200000 19 38 57 76 95 114
133
152
171
190
Time (s)
Th
rou
gh
pu
t (b
it/s
)
third Method
Second Method
Figure 7: comparison of throughput of two methods
Attack starts at second 100
16
Comparison of Methods two and three
Comparison of Methods two and three
Figure 8: difference of throughputs of methods two and three
Th = Th_Method3 – Th_Method2
Th_Method 3 - Th_Method 2
-20000
-15000
-10000
-5000
0
5000
10000
150000 18 36 54 72 90 108
126
144
162
180
198
Time (S)
Th
rou
gh
pu
t (b
it/s
)
Difference ofThroughput
17
We have three parameters to use in our implementation
Number of Hops The Period T (s) tp (s)
Third Method (cont’d)
Third Method (cont’d)
Figure 9: presentation of parameters
18
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
19
Simulation ResultsSimulation Results
Figure 10: Throughput over 2 hops, T=1 s, tp = 0,1 s
Throughput of 3 nodes
0
20000
40000
60000
80000
100000
120000
0 17 34 51 68 85 102
119
136
153
170
187
time (s)
Th
rou
gh
pu
t (b
it/s
)
Throughput
Throughput of 9 nodes
0
10000
20000
30000
40000
50000
0 17 34 51 68 85 102
119
136
153
170
187
time (s)
Th
rou
gh
pu
t (b
it/s
)
Throughput
Figure 11: Throughput over 8 hops, T = 1 s, tp = 0,1 s
(Number of Hops)
20
Simulation Results (cont’d)
Simulation Results (cont’d)
Figure 12: Comparison of throughputs for two periods (T)
Comparison of Periods
0
200000
400000
600000
8000001
0,8
0,6
0,4
0,2
0,1
0,05
0,03
0,02
0,01
Percent / Period (%)
Th
rou
gh
pu
t (b
it/s
)
Period = 0,5 sec
Period = 1 sec
Period T (s)
21
Simulation Results (cont’d)
Simulation Results (cont’d)
Figure 13 : throughputs vs tp
tp (s)
Throughput for 2 Hops
0100000200000300000400000500000600000700000800000
0,00
380,
015
0,05 0,
20,
40,
60,
8 1
tp (s)
Th
rou
gh
pu
t (b
it/s
)
Jitter
22
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
23
DiscussionDiscussion
Effect of the JitterFirst we compute the average additional delay introduce by the
Jitter implementation
n
RTTnRTTRTTd
...210
We build a new implementation where we shift all the packets by d0
RTT1 = RTT2 = … = RTTn = d0
Therefore , for two implementations, we have the same average delay
Jitter approach
delay approach
24
Discussion (cont’d)Discussion (cont’d)
Figure 14: Comparison of the throughputs of the delay and Jitter approaches
Throughput of 3 Nodes
0100000200000300000400000500000600000700000800000
Average_Delay (s)
Thro
ughp
ut (b
it/s)
Jitter
Delay
Throughput of 5 Nodes
0
50000
100000
150000
200000
250000
Average_Delay (s)
Th
rou
gh
pu
t (b
it/s
)
Jitter
Delay
For 2 and 4 hops
25
Discussion (cont’d)Discussion (cont’d)
Throughput of 7 Nodes
0
50000
100000
150000
200000
Average_Delay (s)
Thro
ughp
ut (b
it/s)
Jitter
Delay
Throughput of 9 Nodes
0
50000
100000
150000
200000
Average_Delay (s)
Thro
ughp
ut (b
it/s)
Jitter
Delay
Figure 15: Comparison of the throughputs of the delay and Jitter approaches
For 6 and 8 hops
26
Discussion (cont’d)Discussion (cont’d)
Table 1: equivalence of percent / average for each number of hops
27
Discussion (cont’d)Discussion (cont’d)
Figure 16: Comparison of difference of throughput between Jitter and Delay
Comparison of Throughput between Jitter and Delay
-50000
0
50000
100000
150000
200000
0 0,01 0,02 0,03 0,05 0,1 0,2 0,3 0,4 0,5 0,6 0,7 0,8 0,9 1Percent (s)
Thro
ughp
ut (b
it/s) 3 NODES
5 NODES
7 NODES
9 NODES
28
Discussion (cont’d)Discussion (cont’d)
Using Table 1 and Figure 16, we can say that to have a good throughput drop using the Jitter attack, (without caring about the number of hops):
Number of hops = don’t care T = 1 s 0,1 < tp < 0,5 (with a good result for tp = 0.3 s)
Possibility to automate the drop of the throughput (by trying several values of tp)
29
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
30
ConclusionConclusion
We derived the good parameters that drop the throughput of TCP, regardless of the number of hops.
Period = T = 1 second Percent = tp = 0.3 second
We also showed that the Jitter attack may drop very few throughput if throughput is low
31
Thanks you for your attention