analyzing the jitter-attacks against tcp flows

Analyzing the jitter-attacks against TCP

flows

Analyzing the jitter-attacks against TCP

flows

Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux

Moumbe Arno Patrice

09 february 2005

2

OutlineOutline

How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion

3

How does TCP work?

How does TCP work?

RTT (Round Trip Time ) is the time elapsed between sending a

packet and receiving its Acknowledgement

RTO (Retransmission Time Out) is the time after which the packet is sent again if there is no ACK

Sender Receiver

RTT

ACK

Packet

Packet

RTO

Figure 1: TCP

4

according to RFC2988

SRTT(k+1) = a * SRTT(k) + (1-a) * RTT(k+1)(SRTT = Smoothed Round Trip Time) is the average of RTT estimator.

RTTVAR = (1 - β) * RTTVAR + β* |SRTT - RTT|RTTVAR is the smoothed RTT deviation estimator. α =1/8 and β =1/4

RTO = max (minRTO , SRTT+ max (G, 4 RTTVAR))(RTO = Retransmission Time Out) is the time that elapses after a packet

has been sent until the sender considers it lost and therefore retransmits it. G <= 100 msec 3 sec

How does TCP workHow does TCP work

5

OutlineOutline


6

JellyFish Drop

JellyFish reorder

JellyFish Jitter

Differents kinds of attacks on TCP


7

JellyFish Drop

JellyFish reorder

JellyFish Jitter



8

OutlineOutline


9

Our goalOur goal

Find the best way to drop the throughput of TCP by using Jitter Attack

We simulated several methods, and present the performance of three of them

We will emphasize on the best one

10

OutlineOutline


11

Figure 2: first method of jitter

attack

Figure 3: RTT increase

First MethodFirst Method

12

Second MethodSecond Method

Figure 4: RTT increase (second method)

13

Third MethodThird Method

Figure 5: RTT increase

14

Third Method (cont’d)


Figure 6: δRTT to be added to RTT of a packet

15

Comparison of Methods two and three


comparison of Method three and two

0

20000

40000

60000

80000

100000

1200000 19 38 57 76 95 114

133

152

171

190

Time (s)

Th

rou

gh

pu

t (b

it/s

)

third Method

Second Method

Figure 7: comparison of throughput of two methods

Attack starts at second 100

16



Figure 8: difference of throughputs of methods two and three

Th = Th_Method3 – Th_Method2

Th_Method 3 - Th_Method 2

-20000

-15000

-10000

-5000

0

5000

10000

150000 18 36 54 72 90 108

126

144

162

180

198

Time (S)

Th

rou

gh

pu

t (b

it/s

)

Difference ofThroughput

17

We have three parameters to use in our implementation

Number of Hops The Period T (s) tp (s)



Figure 9: presentation of parameters

18

OutlineOutline


19

Simulation ResultsSimulation Results

Figure 10: Throughput over 2 hops, T=1 s, tp = 0,1 s

Throughput of 3 nodes

0

20000

40000

60000

80000

100000

120000

0 17 34 51 68 85 102

119

136

153

170

187

time (s)

Th

rou

gh

pu

t (b

it/s

)

Throughput

Throughput of 9 nodes

0

10000

20000

30000

40000

50000

0 17 34 51 68 85 102

119

136

153

170

187

time (s)

Th

rou

gh

pu

t (b

it/s

)

Throughput

Figure 11: Throughput over 8 hops, T = 1 s, tp = 0,1 s

(Number of Hops)

20

Simulation Results (cont’d)


Figure 12: Comparison of throughputs for two periods (T)

Comparison of Periods

0

200000

400000

600000

8000001

0,8

0,6

0,4

0,2

0,1

0,05

0,03

0,02

0,01

Percent / Period (%)

Th

rou

gh

pu

t (b

it/s

)

Period = 0,5 sec

Period = 1 sec

Period T (s)

21



Figure 13 : throughputs vs tp

tp (s)

Throughput for 2 Hops

0100000200000300000400000500000600000700000800000

0,00

380,

015

0,05 0,

20,

40,

60,

8 1

tp (s)

Th

rou

gh

pu

t (b

it/s

)

Jitter

22

OutlineOutline


23

DiscussionDiscussion

Effect of the JitterFirst we compute the average additional delay introduce by the

Jitter implementation

n

RTTnRTTRTTd

...210

We build a new implementation where we shift all the packets by d0

RTT1 = RTT2 = … = RTTn = d0

Therefore , for two implementations, we have the same average delay

Jitter approach

delay approach

24

Discussion (cont’d)Discussion (cont’d)

Figure 14: Comparison of the throughputs of the delay and Jitter approaches

Throughput of 3 Nodes

0100000200000300000400000500000600000700000800000

Average_Delay (s)

Thro

ughp

ut (b

it/s)

Jitter

Delay


0

50000

100000

150000

200000

250000

Average_Delay (s)

Th

rou

gh

pu

t (b

it/s

)

Jitter

Delay

For 2 and 4 hops

25



0

50000

100000

150000

200000

Average_Delay (s)

Thro

ughp

ut (b

it/s)

Jitter

Delay


0

50000

100000

150000

200000

Average_Delay (s)

Thro

ughp

ut (b

it/s)

Jitter

Delay

Figure 15: Comparison of the throughputs of the delay and Jitter approaches

For 6 and 8 hops

26


Table 1: equivalence of percent / average for each number of hops

27


Figure 16: Comparison of difference of throughput between Jitter and Delay

Comparison of Throughput between Jitter and Delay

-50000

0

50000

100000

150000

200000

0 0,01 0,02 0,03 0,05 0,1 0,2 0,3 0,4 0,5 0,6 0,7 0,8 0,9 1Percent (s)

Thro

ughp

ut (b

it/s) 3 NODES

5 NODES

7 NODES

9 NODES

28


Using Table 1 and Figure 16, we can say that to have a good throughput drop using the Jitter attack, (without caring about the number of hops):

Number of hops = don’t care T = 1 s 0,1 < tp < 0,5 (with a good result for tp = 0.3 s)

Possibility to automate the drop of the throughput (by trying several values of tp)

29

OutlineOutline


30

ConclusionConclusion

We derived the good parameters that drop the throughput of TCP, regardless of the number of hops.

Period = T = 1 second Percent = tp = 0.3 second

We also showed that the Jitter attack may drop very few throughput if throughput is low

31

Thanks you for your attention

analyzing the jitter-attacks against tcp flows

Documents