![Page 1: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/1.jpg)
Analyzing the jitter-attacks against TCP
flows
Analyzing the jitter-attacks against TCP
flows
Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux
Moumbe Arno Patrice
09 february 2005
![Page 2: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/2.jpg)
2
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
![Page 3: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/3.jpg)
3
How does TCP work?
How does TCP work?
RTT (Round Trip Time ) is the time elapsed between sending a
packet and receiving its Acknowledgement
RTO (Retransmission Time Out) is the time after which the packet is sent again if there is no ACK
Sender Receiver
RTT
ACK
Packet
Packet
RTO
Figure 1: TCP
![Page 4: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/4.jpg)
4
according to RFC2988
SRTT(k+1) = a * SRTT(k) + (1-a) * RTT(k+1)(SRTT = Smoothed Round Trip Time) is the average of RTT estimator.
RTTVAR = (1 - β) * RTTVAR + β* |SRTT - RTT|RTTVAR is the smoothed RTT deviation estimator. α =1/8 and β =1/4
RTO = max (minRTO , SRTT+ max (G, 4 RTTVAR))(RTO = Retransmission Time Out) is the time that elapses after a packet
has been sent until the sender considers it lost and therefore retransmits it. G <= 100 msec 3 sec
How does TCP workHow does TCP work
![Page 5: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/5.jpg)
5
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
![Page 6: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/6.jpg)
6
JellyFish Drop
JellyFish reorder
JellyFish Jitter
Differents kinds of attacks on TCP
Differents kinds of attacks on TCP
![Page 7: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/7.jpg)
7
JellyFish Drop
JellyFish reorder
JellyFish Jitter
Differents kinds of attacks on TCP
Differents kinds of attacks on TCP
![Page 8: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/8.jpg)
8
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
![Page 9: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/9.jpg)
9
Our goalOur goal
Find the best way to drop the throughput of TCP by using Jitter Attack
We simulated several methods, and present the performance of three of them
We will emphasize on the best one
![Page 10: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/10.jpg)
10
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
![Page 11: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/11.jpg)
11
Figure 2: first method of jitter
attack
Figure 3: RTT increase
First MethodFirst Method
![Page 12: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/12.jpg)
12
Second MethodSecond Method
Figure 4: RTT increase (second method)
![Page 13: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/13.jpg)
13
Third MethodThird Method
Figure 5: RTT increase
![Page 14: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/14.jpg)
14
Third Method (cont’d)
Third Method (cont’d)
Figure 6: δRTT to be added to RTT of a packet
![Page 15: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/15.jpg)
15
Comparison of Methods two and three
Comparison of Methods two and three
comparison of Method three and two
0
20000
40000
60000
80000
100000
1200000 19 38 57 76 95 114
133
152
171
190
Time (s)
Th
rou
gh
pu
t (b
it/s
)
third Method
Second Method
Figure 7: comparison of throughput of two methods
Attack starts at second 100
![Page 16: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/16.jpg)
16
Comparison of Methods two and three
Comparison of Methods two and three
Figure 8: difference of throughputs of methods two and three
Th = Th_Method3 – Th_Method2
Th_Method 3 - Th_Method 2
-20000
-15000
-10000
-5000
0
5000
10000
150000 18 36 54 72 90 108
126
144
162
180
198
Time (S)
Th
rou
gh
pu
t (b
it/s
)
Difference ofThroughput
![Page 17: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/17.jpg)
17
We have three parameters to use in our implementation
Number of Hops The Period T (s) tp (s)
Third Method (cont’d)
Third Method (cont’d)
Figure 9: presentation of parameters
![Page 18: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/18.jpg)
18
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
![Page 19: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/19.jpg)
19
Simulation ResultsSimulation Results
Figure 10: Throughput over 2 hops, T=1 s, tp = 0,1 s
Throughput of 3 nodes
0
20000
40000
60000
80000
100000
120000
0 17 34 51 68 85 102
119
136
153
170
187
time (s)
Th
rou
gh
pu
t (b
it/s
)
Throughput
Throughput of 9 nodes
0
10000
20000
30000
40000
50000
0 17 34 51 68 85 102
119
136
153
170
187
time (s)
Th
rou
gh
pu
t (b
it/s
)
Throughput
Figure 11: Throughput over 8 hops, T = 1 s, tp = 0,1 s
(Number of Hops)
![Page 20: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/20.jpg)
20
Simulation Results (cont’d)
Simulation Results (cont’d)
Figure 12: Comparison of throughputs for two periods (T)
Comparison of Periods
0
200000
400000
600000
8000001
0,8
0,6
0,4
0,2
0,1
0,05
0,03
0,02
0,01
Percent / Period (%)
Th
rou
gh
pu
t (b
it/s
)
Period = 0,5 sec
Period = 1 sec
Period T (s)
![Page 21: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/21.jpg)
21
Simulation Results (cont’d)
Simulation Results (cont’d)
Figure 13 : throughputs vs tp
tp (s)
Throughput for 2 Hops
0100000200000300000400000500000600000700000800000
0,00
380,
015
0,05 0,
20,
40,
60,
8 1
tp (s)
Th
rou
gh
pu
t (b
it/s
)
Jitter
![Page 22: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/22.jpg)
22
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
![Page 23: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/23.jpg)
23
DiscussionDiscussion
Effect of the JitterFirst we compute the average additional delay introduce by the
Jitter implementation
n
RTTnRTTRTTd
...210
We build a new implementation where we shift all the packets by d0
RTT1 = RTT2 = … = RTTn = d0
Therefore , for two implementations, we have the same average delay
Jitter approach
delay approach
![Page 24: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/24.jpg)
24
Discussion (cont’d)Discussion (cont’d)
Figure 14: Comparison of the throughputs of the delay and Jitter approaches
Throughput of 3 Nodes
0100000200000300000400000500000600000700000800000
Average_Delay (s)
Thro
ughp
ut (b
it/s)
Jitter
Delay
Throughput of 5 Nodes
0
50000
100000
150000
200000
250000
Average_Delay (s)
Th
rou
gh
pu
t (b
it/s
)
Jitter
Delay
For 2 and 4 hops
![Page 25: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/25.jpg)
25
Discussion (cont’d)Discussion (cont’d)
Throughput of 7 Nodes
0
50000
100000
150000
200000
Average_Delay (s)
Thro
ughp
ut (b
it/s)
Jitter
Delay
Throughput of 9 Nodes
0
50000
100000
150000
200000
Average_Delay (s)
Thro
ughp
ut (b
it/s)
Jitter
Delay
Figure 15: Comparison of the throughputs of the delay and Jitter approaches
For 6 and 8 hops
![Page 26: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/26.jpg)
26
Discussion (cont’d)Discussion (cont’d)
Table 1: equivalence of percent / average for each number of hops
![Page 27: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/27.jpg)
27
Discussion (cont’d)Discussion (cont’d)
Figure 16: Comparison of difference of throughput between Jitter and Delay
Comparison of Throughput between Jitter and Delay
-50000
0
50000
100000
150000
200000
0 0,01 0,02 0,03 0,05 0,1 0,2 0,3 0,4 0,5 0,6 0,7 0,8 0,9 1Percent (s)
Thro
ughp
ut (b
it/s) 3 NODES
5 NODES
7 NODES
9 NODES
![Page 28: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/28.jpg)
28
Discussion (cont’d)Discussion (cont’d)
Using Table 1 and Figure 16, we can say that to have a good throughput drop using the Jitter attack, (without caring about the number of hops):
Number of hops = don’t care T = 1 s 0,1 < tp < 0,5 (with a good result for tp = 0.3 s)
Possibility to automate the drop of the throughput (by trying several values of tp)
![Page 29: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/29.jpg)
29
OutlineOutline
How does TCP work? Different kinds of attacks on TCP Our goal Different methods of Jitter Attack Simulation Results Discussion Conclusion
![Page 30: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/30.jpg)
30
ConclusionConclusion
We derived the good parameters that drop the throughput of TCP, regardless of the number of hops.
Period = T = 1 second Percent = tp = 0.3 second
We also showed that the Jitter attack may drop very few throughput if throughput is low
![Page 31: Analyzing the jitter-attacks against TCP flows](https://reader036.vdocument.in/reader036/viewer/2022062422/568136e3550346895d9e7df8/html5/thumbnails/31.jpg)
31
Thanks you for your attention