Paper Review: TCP Congestion Control with a Misbehaving Receiver
Reviewer: Kenneth Chin
This paper is a organized and succinct paper which illustrates the vulnerability of TCP. In essence, the author raised three types of attacks from a misbehaving receiver:
All these kinds of attacks are all valid and are very well depicted by figures 1, 2 and 3 in the paper accordingly.
- ACK division (section 2.2)
- DupACK spoofing (section 2.3)
- Optimistic ACKing (section 2.4)
However, this paper is not perfect. As for the solutions proposed to tackle those kinds of attacks, only the one for attack 1 is a viable and decent solution. Although the author admit that in order to eradicate attacks 2 and 3 the ultimate solution would be changing both the sender and the receiver and also add a new field to identify the packet sent, it is very hard to achieve because it is talking about almost the entire Internet population. Instead, he proposed an alternative way which somewhat mitigate the attack 2. Regarding to the attack 3, the author proposed the idea of cumulative nonce to eliminate the problem of optimistic acking.
It seems to be a brilliant idea to use cumulative nonce, but I doubted that it is impractical. The major idea behind is that for each packet there is a random number, and the acknowledgment from the receiver contains the cumulative sum (i.e. the sum of random numbers of all in-order-arrival packets up to the one that is missing). The space that the cumulative sum spans (i.e. the number of bits used to represent the cumulative sum) would increase with the amount of packets being transferred along an open connection. If the number of packets is exceptionally large, the number of bits to represent the cumulative sum would be infinite. Since the nonce field is suggested as compulsory as opposed to an option, it must be placed inside the header which has a finite number of bits. I am not saying the cumulative nonce does not work, it needs modification to handle scalability. Another thing is that the cumulative nonce might not work in TCP-SACK because apart from cumulative acknowledgments there are selective acknowledgments.
The thing I can take from this paper is the idea of cumulative nonce.
This paper is a decent paper in pointing out the vulnerability of TCP. Although the solution proposed is somewhat not complete working, I still think that it is a 4th grade paper meaning it has significant contribution.