Paper review: TCP Congestion Control witth a Misbehaving Receiver

Reviewer: Mike Liu

1. State the problem the paper is trying to solve.
The main problem the paper is trying to solve is trying to modify TCP to eliminate any incentive for a malicious Web client from misbehaving and driving a standard TCP sender arbitrarily fast.
2. State the main contribution of the paper: solving a new problem, proposing a new algorithm, or presenting a new evaluation (analysis). If a new problem, why was the problem important? Is the problem still important today? Will the problem be important tomorrow?  If a new algorithm or new evaluation (analysis), what are the improvements over previous algorithms or evaluations? How do they come up with the new algorithm or evaluation? 
The main contribution of the paper is that it provides a solution for modifying TCP to eliminate this type of undesirable behavior entirely, without requiring assumptions of any kind about receiver behavior. This problem is especially important because as the internet expands and grows to include more of the world, the potential for malicious users and misbehaving increases. In addition, since TCP accounts for 90 to 95% of the web traffic on the net. The potential to exploit any of the assumptions it makes is enormous and the effects could be devastating. It is best to solve these problems while disasters can be prevented. This problem will continue to be important tommorow as the Internet continues to impact all facets of our society. As more and more of society's services depend on the Internet, it will be essential that it remains secure and resilient to attacks and foul play.
3. Summarize the (at most) 3 key main ideas (each in 1 sentence.) 
The three 3 key main ideas are: (1) Three attacks on the congestion control mechanism of TCP that exploit a sender's vulnerability to non-conforming receiver behavior are: ACK division; DupACK spoofing; and Optimistic ACKing. (2) These three attacks have been implemented in a malicious version of TCP, named by the authors facetiously as: "TCP Daytona", and have demonstrated clear potential detrimental effects to TCP traffic in a network. (3) The design of TCP can be modified, without changing the nature of the congestion control function, using a new Cumulative Nonce approach, and implemented with sender-only modifications to allow immediate deployment, to eliminate these vulnerabilities.
4. Critique the main contribution
   • Rate the significance of the paper on a scale of 5 (breakthrough), 4 (significant contribution), 3 (modest contribution), 2 (incremental contribution), 1 (no contribution or negative contribution). Explain your rating in a sentence or two.
   I give this paper a rating of 4 because it makes a contribution to an area that desperately needs work as the Internet grows and grows in its popularity. It targets the issue precisely and gives a decent and clear evaluation and solution.
   • Rate how convincing the methodology is: how do the authors justify the solution approach or evaluation? Do the authors use arguments, analyses, experiments, simulations, or a combination of them? Do the claims and conclusions follow from the arguments, analyses or experiments? Are the assumptions realistic (at the time of the research)? Are the assumptions still valid today? Are the experiments well designed? Are there different experiments that would be more convincing? Are there other alternatives the authors should have considered? (And, of course, is the paper free of methodological errors.)
   Their methodology was pretty convincing. They provided proof of the problem by identify key loopholes in the TCP protocol and implementing a malicious variation to exploit these loopholes. The detrimental effects of exploitation were documented in a series of tests they ran on a test machine with a 100Mbps Ethernet interface that atacked a set of nine Web servers running a diverse array of popular server operating systems. Their point was made clear with the fact that they not only had one type of attack that could be orchestrated but three types of attacks that could be made on the current TCP implementation. Their solution was well backed by reference to inspiration from Abadi and Needham's paper, "Prudent Engineering Practice for Cryptographic Protocols" and their first three principles: (Principle 1.) Every message should say what it means: the inter-pretation of the message should depend only on its content. (Principle 2.) The conditions for a message to be acted upon should be clearly set out so that someone reviewing a design may see whether they are acceptable or not. (Principle 3.) If the identity of a principal is essential to the mean-ing of a message, it is prudent to mention the principal' s name explicitly in the message. By basing their solution on proven principles, it made it seem better grounded and supported by prior work by other experts in the field. Finally, the fact that the solution could be implemented with minimal changes to current Web traffic and sender-side only without making assumption of receiver behavior makes it a very convincing candidate for adoption in future TCP implementations. The use of arguments proved to be rather convincing because it seemed the problem resulted from the actual design of TCP and so a design solution seemed apt.
   • What is the most important limitation of the approach?
   The most important limitation of their experimental approach was that it was simulated and so it may have been a little less realistic than possible but this was done on purpose because they did not want to disrupt real Web traffic with their experiments. Another limitation is it would have been nice if they included more empirical results of not only the problem but also of the performance of their solution. It would be nice to see that their solution does indeed blend seemlessly with current implementations of TCP and is as simple of a change as they claim.
5. What lessons should researchers and builders take away from this work. What (if any) questions does this work leave open?
The lessons researchers should take away from this work are that their is always potential assumptions in any implementation that can be exploited for malicious purposes. It is best to account for these early on so that the effects and possibilities of attacks can be minimized and prepared for. It is best to correct the system for such potential risks before it is widely deployed as TCP is, but if that is not done, at least they should correct for them before an attack actually happens, which this paper intended to do.