In the Internet, TCP[1] is the most widely used protocol and hence dominate the Internet. In order to mitigate network congestion, congestion control in include in TCP. It will let sender to deduce his transmission rate when he get the information about network congestion.
Conventionally, the information is gotten from whether the packets he transmitted are lost. This can be done bye monitor the transmitted packets and corresponding acknowledgement. If sender does not receive any acknowledgement to transmitted packet for Retransmission Timeout (RTO), he thinks that the packet is lost and retransmits it immediately. At the same time congestion window and slow start threshold id reduced and TCP goes in to slow start state. This is very harmful to TCP.
Therefore, the value of RTO plays an important role in TCP. When it is too small, retransmission timer will expire even then packet is just delayed, not lost. The timeout will become unnecessary.
When RTO is too large, sender will wait longer to retransmit even the transmitted is really lost.
This will cause unnecessary waiting. Both will reduce the performance of TCP. Originally, RTO is estimated from the value of Round Trip Time (RTT) since RTO can be thought as the upper bound of RTT. But in some condition, there will be sudden delay in network and spurious timeout will occur. In this condition, retransmission and other TCP parameter reduction still take place.
However, these will all be unnecessary since the transmitted packet is probably delayed and not lost.
There are now two kinds of approaches to deal with this problem. One is to set a minimum value of RTO (minRTO), i.e. when RTO estimated from RTT is less than RTO, it is set to minRTO[2][3].
We refer this kind as conservative approach. The other one is to keep the original estimation but store TCP states and parameters before retransmission [4][5][6][7][8][9]. When unnecessary retransmission is detected, TCP states and parameters will be restored. We refer this as aggressive approach. In conservative mode, RTO will become predictable since RTO for some connections is
set to minRTO. This weakness can be exploited by attackers for malicious behavior. In this paper we will propose a scheme to adjust RTO in conservative approach and make the RTO unpredictable.
1.1. Background
In this section we will describe some background to facilitate understanding our works. It includes TCP Retransmission Timeout and Spurious Timeout.
1.1.1. TCP Retransmission Timeout (RTO)
TCP, a reliable protocol, maintains connection state between two hosts. It will let sender know whether transmitted packets are received by receiver. This is achieved by positive acknowledgement transmitted by receiver to sender. That is, when sender receives a positive acknowledgement from receiver, he judges that receiver has received the transmitted packet. In contrast, when sender does not receive positive acknowledgement respect to the transmitted packet for a period of time, that packet will be thought lost. This period is referred as RTO. Therefore, in TCP, each time a packet a transmitted, a timer will be set and start for that packet. When the timer expires, lost packet will be retransmitted, and the same, a timer will be set for that packet, but RTO will back off. It is because TCP thinks that lost packet implies network congestion and everyone should slow down to mitigate the congestion. When continuous expiration occurs, it will keep backing off until a predefined upper bound is reached.
On the other hand, when the timer expires, congestion control will be triggered [10][11].
Sender’s congestion window will be reduced to one segment and slow-start threshold will also be reduced. Hence, timer expiration is treated as an important indicator of network congestion. The setting of the value of RTO becomes important consequently. If the value is too large, there will be
unnecessary waiting at sender side when transmitted packets are lost in the network. If the value is too small, there will be unnecessary timer expiration even transmitted packets or acknowledgement packets are just on the flight, not lost. TCP performance decreases in both situations.
1.1.2. Spurious Timeout
Briefly speaking, spurious timeout out is unnecessary timeout. It usually happens when there is sudden delay in the network. This will cause retransmission timer to expire before the positive acknowledgement packet is received. Spurious timeout will cause unnecessary retransmission and reduce TCP performance seriously. Some algorithms have been proposed to solve this problem.
In the Internet, there are many cases in which the delay may vary, for example, path result from route flipping [2][12][13]. Dial-up connections may also result delay of many seconds due to link-layer error recovery by a modem [14]. The most obvious one, wireless network, will cause delays because of its inherent property. With the development of network technology and hardware device, many different devices can connect to the Internet through different media and communicate to each other. Hence, the number of wireless device connected to the Internet become larger and larger. Wireless links, however, are much slower than wired ones and wireless hosts may hand off from cell to cell. The network properties may differ from one cell to another.
Besides, wireless link has higher packet loss rate and may have his owns link-layer retransmission mechanism. When communicating with wireless host, the connection will not be as stable as with wired host. Especially when host is handing off, the delay will not be avoided easily, even in the near future [15].
Two kinds of approaches have been proposed to deal with this problem. One is to adjust RTO.
Originally, RTO is estimated from the estimated value of RTT. Later on, in RFC2988 [3], it is suggested that there should be a minimum value of RTO. This also prevents spurious timeout and
is widely deployed today. This is referred as conservative RTO in this paper. The other one is to keep the original estimation and store TCP states and parameters before retransmission. When unnecessary retransmission is detected, TCP states and parameters will be restored. We call this aggressive RTO.
1.2. Contribution
In TCP with conservative RTO, there is a minimum value of RTO (minRTO). When RTO estimated from RTT is less than RTO it is set to minRTO. In this situation, RTO will become predictable and maybe exploited by attackers. Low-Rate TCP Targeted DoS takes advantage of this weakness and make throughput of victim approximate zero. In this paper we will propose a scheme to adjust RTO and make it unpredictable to improve the security of TCP in which conservative RTO is deployed. In our scheme, the damage of attack will be reduced and better throughput will be gained apparently. On the other hand, TCP performance will only be affected slightly in usual condition.
1.3. Synopsis
This paper is organized as follows. The related work of our scheme is given in Chapter 2. In Chapter 3, our scheme is proposed. Then, the experiment, evaluation and analysis are illustrated in Chapter 4. Finally, a conclusion presented in Chapter 5.