TCP Congestion Avoidance Algorithm Identification

Fingerprinting the Operating System (OS) running on a device based on its traffic has several applications, such as NAT detection, policy enforcement in enterprise networks, and billing for shared access in mobile networks. In this paper, we propose to utilize several features in TCP/IP headers for OS identification, and use real traffic traces to evaluate the accuracy of fingerprinting. Our tracedriven study shows that several techniques that successfully fingerprint desktop OSes are not effective for fingerprinting mobile devices. Therefore, we propose new features for fingerprinting OSes on mobile devices. We also consider NAT/tethering detection, an important application of OS fingerprinting. We use the presence of multiple OSes from the same IP address along with TCP timestamp, clock frequency, and boot time to detect tethering. Evaluation shows that our approach effectively detects tethering and outperforms existing schemes.

show abstract

“…Active probing of targeted system is adopted by [2,5,19,27,30,33,41,43]. Passive and hybrid schemes are studied as well [18,26].…”

Section: Related Workmentioning

confidence: 99%

OS Fingerprinting and Tethering Detection in Mobile Networks

Chen

Liao²,

Baldi³

et al. 2014

Proceedings of the 2014 Conference on Internet Measurement Conference

View full text Add to dashboard Cite

show abstract

“…Second, to detect and eliminate MPTCP connections whose congestion control algorithms may not satisfy the design objectives, we intend to investigate methods to fingerprint the congestion control algorithms employed by MPTCP connections. Towards this end, the active congestion control algorithm identification tool proposed by Yang et al [15] can be extended or novel passive fingerprinting models can be developed for MPTCP.…”

Section: Congestion Control Algorithm Identificationmentioning

confidence: 99%

Cross-path inference attacks on multipath TCP

Shafiq

Srivatsa

et al. 2013

Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks

View full text Add to dashboard Cite

Multipath TCP (MPTCP) allows the concurrent use of multiple paths between two end points, and as such holds great promise for improving application performance. However, in this paper, we report a newly discovered class of attacks on MPTCP that may jeopardize and hamper its wide-scale adoption. The attacks stem from the interdependence between the multiple subflows in an MPTCP connection. MPTCP congestion control algorithms are designed to achieve resource pooling and fairness with single-path TCP users at shared bottlenecks. Therefore, multiple MPTCP subflows are inherently coupled with each other, resulting in potential side-channels that can be exploited to infer cross-path properties. In particular, an ISP monitoring one or more paths used by an MPTCP connection can infer sensitive and proprietary information (e.g., level of network congestion, endto-end TCP throughput, packet loss, network delay) about its competitors. Since the side-channel information enabled by the coupling among the subflows in an MPTCP connection results directly from the design goals of MPTCP congestion control algorithms, it is not obvious how to circumvent this attack easily. We believe our findings provide insights that can be used to guide future security-related research on MPTCP and other similar multipath extensions.

show abstract

“…The RW is essential for the sender in order not to overwhelm the receiver. In addition to TCP-Reno, there are other more recent variants of TCP such as TCP-Vegas, TCP-Compound, and TCP-CUBIC, the latter two designed for networks with large bandwidth-delay product and are currently in use in Windows and Linux operating systems, respectively, [18,[22][23][24]. However, the exploration of TCP variants other than TCP-Reno is left outside the scope of this paper throughout which TCPReno and TCP are used interchangeably unless otherwise stated.…”

Section: Introductionmentioning

confidence: 99%

A novel queue-aware wireless link adaptation mechanism and its fixed-point analytical model

Öztürk

Akar

2015

J Wireless Com Network

View full text Add to dashboard Cite

A point-to-point (PTP) wireless link is studied that carries long-lived TCP flows and is controlled with active queue management (AQM). A cross-layer queue-aware adaptive modulation and coding (AMC)-based link adaptation (LA) mechanism is proposed for this wireless link to improve the TCP-level throughput relative to the case where AMC decisions are made based solely on the physical layer (PHY) parameters. The proposed simple-to-implement LA mechanism involves the use of an aggressive modulation and coding scheme (MCS) with high spectral efficiency and high block error rates when the queue occupancy exceeds a certain threshold, but otherwise a relatively conservative MCS with lower spectral efficiency and lower block error rates. A fixed-point analytical model is proposed to obtain the aggregate TCP throughput attained at this wireless link and the model is validated by ns-3 simulations. Numerical experimentation with the proposed analytical model applied to an IEEE 802.16-based wireless link demonstrates the effectiveness of the proposed queue-aware LA (QAWLA) mechanism in a wide variety of scenarios including cases where the channel information is imperfect. The impact of the choice of the queue occupancy threshold of QAWLA is extensively studied with respect to the choice of AQM parameters in order to provide engineering guidelines for the provisioning of the wireless link.

show abstract

TCP Congestion Avoidance Algorithm Identification

Cited by 98 publications

References 42 publications

OS Fingerprinting and Tethering Detection in Mobile Networks

OS Fingerprinting and Tethering Detection in Mobile Networks

Cross-path inference attacks on multipath TCP

A novel queue-aware wireless link adaptation mechanism and its fixed-point analytical model

Contact Info

Product

Resources

About