On the Security of End-to-End Measurements Based on Packet-Pair Dispersions | IEEE Journals & Magazine | IEEE Xplore

On the Security of End-to-End Measurements Based on Packet-Pair Dispersions


Abstract:

The packet-pair technique is a widely adopted method to estimate the capacity of a path. The use of the packet-pair technique has been suggested in numerous applications ...Show More

Abstract:

The packet-pair technique is a widely adopted method to estimate the capacity of a path. The use of the packet-pair technique has been suggested in numerous applications including network management and end-to-end admission control. Recent observations also indicate that this technique can be used to fingerprint Internet paths. However, given that packet-pair measurements are performed in an open environment, end-hosts might try to alter these measurements to increase their gain in the network. In this paper, we explore the security of measurements based on the packet-pair technique. More specifically, we analyze the major threats against bandwidth estimation using the packet-pair technique and we demonstrate empirically that current implementations of this technique are vulnerable to a wide range of bandwidth manipulation attacks-in which end-hosts can accurately modify their claimed bandwidths. We propose lightweight countermeasures to detect attacks on bandwidth measurements; our technique can detect whether delays were inserted within the transmission of a packet-pair (e.g., by bandwidth shapers). We further propose a novel scheme for remote path identification using the distribution of packet-pair dispersions and we evaluate its accuracy, robustness, and potential use. Our findings suggest that the packet-pair technique can reveal valuable information about the identity/locations of remote hosts.
Published in: IEEE Transactions on Information Forensics and Security ( Volume: 8, Issue: 1, January 2013)
Page(s): 149 - 162
Date of Publication: 26 October 2012

ISSN Information:


References

References is not available for this document.