TCP Congestion Control witth a Misbehaving Receiver
- State the problem the paper is trying to solve.
The main problem the paper is trying to solve is trying to modify TCP to eliminate
any incentive for a malicious Web client from misbehaving and driving a standard TCP
sender arbitrarily fast.
- State the main contribution of the paper: solving a new problem, proposing a
new algorithm, or presenting a new evaluation (analysis). If a new problem, why
was the problem important? Is the problem still important today? Will the
problem be important tomorrow? If a new algorithm or new
evaluation (analysis), what are the improvements over previous algorithms or
evaluations? How do they come up with the new algorithm or evaluation?
The main contribution of the paper is that it provides a solution for modifying TCP
to eliminate this type of undesirable behavior entirely, without requiring
assumptions of any kind about receiver behavior. This problem is especially
important because as the internet expands and grows to include more of the world,
the potential for malicious users and misbehaving increases. In addition, since TCP
accounts for 90 to 95% of the web traffic on the net. The potential to exploit any
of the assumptions it makes is enormous and the effects could be devastating. It is
best to solve these problems while disasters can be prevented. This problem will
continue to be important tommorow as the Internet continues to impact all facets of
our society. As more and more of society's services depend on the Internet, it will
be essential that it remains secure and resilient to attacks and foul play.
- Summarize the (at most) 3 key main ideas (each in 1 sentence.)
The three 3 key main ideas are:
(1) Three attacks on the congestion control mechanism of TCP that exploit a sender's
vulnerability to non-conforming receiver behavior are: ACK division; DupACK
spoofing; and Optimistic ACKing.
(2) These three attacks have been implemented in a malicious version of TCP, named
by the authors facetiously as: "TCP Daytona", and have demonstrated clear potential
detrimental effects to TCP traffic in a network.
(3) The design of TCP can be modified, without changing the nature of the
congestion control function, using a new Cumulative Nonce approach, and implemented
with sender-only modifications to allow immediate deployment, to eliminate
- Critique the main contribution
- Rate the significance of the paper on a scale of 5
(breakthrough), 4 (significant contribution), 3 (modest contribution), 2
(incremental contribution), 1 (no contribution or negative contribution).
Explain your rating in a sentence or two.
I give this paper a rating of 4 because it makes a contribution to an area that
desperately needs work as the Internet grows and grows in its popularity. It targets
the issue precisely and gives a decent and clear evaluation and solution.
- Rate how convincing the methodology is: how do the authors justify the solution
approach or evaluation? Do the authors use arguments, analyses, experiments,
simulations, or a combination of them? Do the claims and conclusions follow from the
arguments, analyses or experiments? Are the assumptions realistic (at the time of the
research)? Are the assumptions still valid today? Are the experiments well designed?
Are there different experiments that would be more convincing? Are there other
alternatives the authors should have considered? (And, of course, is the paper free of
Their methodology was pretty convincing. They provided proof of the problem by
identify key loopholes in the TCP protocol and implementing a malicious variation to
exploit these loopholes. The detrimental effects of exploitation were documented in
a series of tests they ran on a test machine with a 100Mbps Ethernet interface that
atacked a set of nine Web servers running a diverse array of popular server
operating systems. Their point was made clear with the fact that they not only had
one type of attack that could be orchestrated but three types of attacks that could
be made on the current TCP implementation. Their solution was well backed by
reference to inspiration from Abadi and Needham's paper, "Prudent
Engineering Practice for Cryptographic Protocols" and their first three principles:
(Principle 1.) Every message should say what it
means: the inter-pretation of the message should depend only on its content.
(Principle 2.) The conditions for a message to be acted upon should be clearly set
out so that someone reviewing a design may see whether they are acceptable or not.
(Principle 3.) If the identity of a principal is essential to the mean-ing of a
message, it is prudent to mention the principal' s name explicitly in the message.
By basing their solution on proven principles, it made it seem better grounded and
supported by prior work by other experts in the field. Finally, the fact that the
solution could be implemented with minimal changes to current Web traffic and
sender-side only without making assumption of receiver behavior makes it a very
convincing candidate for adoption in future TCP implementations. The use of
arguments proved to be rather convincing because it seemed the problem resulted from
the actual design of TCP and so a design solution seemed apt.
- What is the most important limitation of the approach?
The most important limitation of their experimental approach was that it was
simulated and so it may have been a little less realistic than possible but this was
done on purpose because they did not want to disrupt real Web traffic with their
experiments. Another limitation is it would have been nice if they included more
empirical results of not only the problem but also of the performance of their
solution. It would be nice to see that their solution does indeed blend seemlessly
with current implementations of TCP and is as simple of a change as they claim.
- What lessons should researchers and builders take away from this work. What
(if any) questions does this work leave open?
The lessons researchers should take away from this work are that their is always
potential assumptions in any implementation that can be exploited for malicious
purposes. It is best to account for these early on so that the effects and
possibilities of attacks can be minimized and prepared for. It is best to correct
the system for such potential risks before it is widely deployed as TCP is, but if
that is not done, at least they should correct for them before an attack actually
happens, which this paper intended to do.