Paper review: <
TCP Congestion Control with a Misbehaving Receiver
Reviewer: <Ryan Gehl>
- State the problem the paper is trying to solve.
The purpose of this paper is to explore the impact that a misbehaving receiver
can have on TCP congestion control.
- State the main contribution of the paper: solving a new problem,
proposing a new algorithm, or presenting a new evaluation (analysis). If a
new problem, why was the problem important? Is the problem still
important today? Will the problem be important tomorrow? If a new
algorithm or new evaluation (analysis), what are the improvements over
previous algorithms or evaluations? How do they come up with the new
algorithm or evaluation?
The main contribution of this paper is to describe three potential attacks
allowed by malicious receivers under the current TCP specification. In
addition, the paper addresses a solution to these problems in which a
receiver can only _reduce_ the data transfer rate by misbehaving, thereby
eleminating the incentive to do so.
- Summarize the (at most) 3 key main ideas (each in 1
(1) TCP is vulnerable to attacks by malicious receivers, three of which
are: ACK division, DupACK spoofing, and optimistic ACKing.
(2) With simple modifications to the TCP protocol that, without changing
the nature of congestion control, allow the verification of what has
historically been an implicit contract between the sender and the receiver.
- Critique the main contribution
- Rate the significance of the paper on a scale of 5
(breakthrough), 4 (significant contribution), 3 (modest contribution), 2
(incremental contribution), 1 (no contribution or negative contribution).
Explain your rating in a sentence or two.
I would rate this paper as a 5 because it is a breakthrough which not only
describes how one could be a malicious receiver (in less than 50 lines of
code), but also how to design the protocol such that these attacks can no
- Rate how convincing the methodology is: how do the authors
justify the solution approach or evaluation? Do the authors use arguments,
analyses, experiments, simulations, or a combination of them? Do the
claims and conclusions follow from the arguments, analyses or experiments?
Are the assumptions realistic (at the time of the research)? Are the
assumptions still valid today? Are the experiments well designed? Are
there different experiments that would be more convincing? Are there other
alternatives the authors should have considered? (And, of course, is the
paper free of methodological errors.)
By actually hacking Linux, the authors implemented the three proposed "attacks"
and proved that, pretty much across the board, various operating systems
were vulnerable to "TCP Daytona" attacks.
- What is the most important limitation of the approach?
The most important limitation of this approach is that there is still no way
to prevent the receiver from concealing a loss, but the cumulative nonce idea
does mitigate the effects of optimistic ACKs.
- What lessons should researchers and builders take away from this
work. What (if any) questions does this work leave open?
One lesson researchers should take away from this work is that a valuable
method of research is to try to act as a "malicious user" and then fix
the problems you were able to find as a result.