This AlgorithmWhen congestion window(cnwd) size increases above slow

This chapter captures the details of congestion control mechanisms in TCP in the early sections. Then after vulnerabilities as a main part of the paper have been described. Later sections present proposed three attacks to confirm those vulnerabilities in TCP.3.1 OperationOne of the main characteristics of TCP is its vital Congestion Control mechanism. Congestion can be defined as an event when the load on the network increases beyond the capacity of the network. The purpose of this mechanism is to control the rate at which TCP sends data to prevent the sender from overloading the network. 5 Many congestion control mechanisms have been added over the years in TCP. Popular algorithms for congestion control in TCP are as below.1. Slow start2. Congestion avoidance3. Fast retransmit4. Fast recovery3.2 Slow Start AlgorithmSlow Start is a mechanism used by the sender to control the transmission rate. It can be achieved by return rate of acknowledgements from the receiver. Flow of the algorithm is shown in fig.2.Upon an establishment of TCP connection, the Slow Start algorithm sets the value of congestion window variable (cnwd) to one segment. One segment refers to one sender maximum segment size (SMSS). SMSS can be referred as maximum amount of data that can be grabbed and placed in a segment. 2 When acknowledgements are returned by the receiver, the congestion window(cnwd) increases by one segment for each acknowledgement returned. Thus, the sender can transmit the minimum of the congestion window(cnwd) and advertised window on receiver side.5Figure 2 Slow Start algorithm3.3 Congestion Avoidance AlgorithmWhen congestion window(cnwd) size increases above slow start threshold (ssthresh), slow starts phase stops and it enters in a phase called Congestion avoidance. Flow of the congestion avoidance algorithm is shown in fig.3.In the Congestion Avoidance algorithm, sender immediately sets its transmission window to half of the current window size. Thus, minimum of the congestion window and the receiver’s advertised window size is considered. If congestion was indicated by a timeout, the congestion window is reset to one segment, which automatically puts the sender into Slow Start mode. 66Figure 3 Congestion Avoidance algorithm3.4 VulnerabilitiesBased on TCP congestion control mechanism, two major vulnerabilities mentioned as below are found in TCP.1. Bytes Vs Segment2. Fast retransmit and Fast recoveryIn order to confirm these vulnerabilities in TCP., three attacks were deployed to confirm the same. Three attacks are as below.1. ACK Division2. DupACK Spoofing3. Optimistic ACKing3.5 ACK DivisionThe most recent specification of TCP’ s congestion control behavior, RFC 2581, states 2:71. During slow start, TCP increments congestion window by at most SMSS bytes for each ACK received that acknowledges new data. 22. During congestion avoidance, congestion is incremented by 1 full sized segment per round trip time (RTT). 2As soon as receiver receives the data segment, the receiver divides the resulting acknowledgement. Assuming for 8 bytes of data segment, the receiver divides acknowledgement into 7 bytes. Thus, the sender sets congestion window size to 1 SMSS, which can be incremented for each of the valid acknowledgements.In this attack, TCP preserves end-to-end semantics. Acknowledgement spoofing is illustrated in fig.4. in which we can see that each acknowledgement is valid which leads TCP sender to grow the window at the rate that is M times faster than the usual rate. 2Figure 4 ACK Division 23.5 DupACK SpoofingAs mentioned in section 3.3, fast retransmit and fast recovery are two algorithms to make the effects of packet loss less severe apart from slow start and congestion avoidance algorithm. Loss8can be detected by observing three duplicate ACKs by fast re-transmit algorithm. After that, it retransmit missing segment. 2 However, the receipt of a duplicate ACK also suggests that segments are leaving the network. 2The fast recovery algorithm employs this information as follows (RFC 2581): 2 7Set cwnd to ssthresh plus 3*SMSS. This artificially “inflates” the congestion window by the number of segments (three) that have left the network and which the receiver has buffered. 2 7For each additional duplicate ACK received, increment cwnd by SMSS 7. This artificially inflates the congestion window in order to reflect the additional segment that has left the network 2 7Figure 5 DupACK Spoofing 23.5 Optimistic ACKingRound Trip Time (RTT) for TCP can be defined as the time between the starting point when the sender begin to transmit segment and the sender receives an acknowledgement for these segments. 2 RTT is important parameter as it relates directly to congestion control window growth.9However, it is possible for a receiver to get short round trip times by sending ACK earlier for the data which is not yet received. 2Upon receiving the data, receiver predicts what data will be sent by sender in future and receiver continues to send stream of acknowledgments even before sender send the data segment. Thus, it describes predictability nature of the receiver. On other end, sender sends data segment in proportion to acknowledgement rate. In this attack, it also violates end-to-end semantics.Figure 6 Optimistic ACKing 2104.0 Implementation