On the Security of End-to-End Measurements Based on Packet-Pair Dispersions

The packet-pair technique is a widely adopted method to estimate the capacity of a path. The use of the packet-pair technique has been suggested in numerous applications including network management and end-to-end admission control. Recent observations also indicate that this technique can be used to fingerprint Internet paths. However, given that packet-pair measurements are performed in an open environment, end-hosts might try to alter these measurements to increase their gain in the network. In this paper, we explore the security of measurements based on the packet-pair technique. More specifically, we analyze the major threats against bandwidth estimation using the packet-pair technique and we demonstrate empirically that current implementations of this technique are vulnerable to a wide range of bandwidth manipulation attacks-in which end-hosts can accurately modify their claimed bandwidths. We propose lightweight countermeasures to detect attacks on bandwidth measurements; our technique can detect whether delays were inserted within the transmission of a packet-pair (e.g., by bandwidth shapers). We further propose a novel scheme for remote path identification using the distribution of packet-pair dispersions and we evaluate its accuracy, robustness, and potential use. Our findings suggest that the packet-pair technique can reveal valuable information about the identity/locations of remote hosts.

[1]  Hongxia Jin,et al.  Forensic analysis for tamper resistant software , 2003, 14th International Symposium on Software Reliability Engineering, 2003. ISSRE 2003..

[2]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[3]  Eddie Kohler,et al.  MultiQ: automated detection of multiple bottleneck capacities along a path , 2004, IMC '04.

[4]  Ghassan O. Karame,et al.  On the Security of Bottleneck Bandwidth Estimation Techniques , 2009, SecureComm.

[5]  Mary Baker,et al.  Measuring link bandwidths using a deterministic model of packet delay , 2000, SIGCOMM.

[6]  Michael Welzl,et al.  Accurate Shared Bottleneck Detection Based On SVD and Outliers Detection , 2008 .

[7]  Mary Baker,et al.  Measuring link bandwidths using a deterministic model of packet delay , 2000, SIGCOMM 2000.

[8]  R. Hunt,et al.  TCP/IP security threats and attack methods , 1999, Comput. Commun..

[9]  Radford M. Neal Pattern Recognition and Machine Learning , 2007, Technometrics.

[10]  G. Cybenko,et al.  Temporal and spatial distributed event correlation for network security , 2004, Proceedings of the 2004 American Control Conference.

[11]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[12]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Parameswaran Ramanathan,et al.  Packet-dispersion techniques and a capacity-estimation methodology , 2004, IEEE/ACM Transactions on Networking.

[14]  Parameswaran Ramanathan,et al.  What do packet dispersion techniques measure? , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[15]  Mary Baker,et al.  Nettimer: A Tool for Measuring Bottleneck Link Bandwidth , 2001, USITS.

[16]  Steven McCanne,et al.  Inference of multicast routing trees and bottleneck bandwidths using end-to-end measurements , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[17]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[18]  John Heidemann,et al.  Fingerprinting Internet Paths using Packet Pair Dispersion , 2006 .

[19]  Mario Gerla,et al.  CapProbe: a simple and accurate capacity estimation technique , 2004, SIGCOMM.

[20]  Pascal Felber,et al.  Self-organization in Cooperative Content Distribution Networks , 2005, Fourth IEEE International Symposium on Network Computing and Applications.

[21]  Cristina Nita-Rotaru,et al.  A framework for mitigating attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks , 2008, TNET.

[22]  Nikita Borisov,et al.  EigenSpeed: secure peer-to-peer bandwidth evaluation , 2009, IPTPS.

[23]  Krishna P. Gummadi,et al.  Sprobe: A fast technique for measuring bottleneck bandwidth in uncooperative environments , 2002, INFOCOM 2002.

[24]  A. Pasztor,et al.  The packet size dependence of packet pair like methods , 2002, IEEE 2002 Tenth IEEE International Workshop on Quality of Service (Cat. No.02EX564).

[25]  Wenyuan Xu,et al.  Securing Emerging Wireless Systems - Lower-layer Approaches , 2008 .

[26]  Walid Dabbous,et al.  Securing internet coordinate embedding systems , 2007, SIGCOMM '07.

[27]  Stefan Saroiu,et al.  A Measurement Study of Peer-to-Peer File Sharing Systems , 2001 .