The packet-pair technique is a widely adopted Method to estimate the capacity of a path. The use of the packet-pair technique has been suggested in numerous applications including network management and end-to-end admission control. Recent observations also indicate that this technique can be used to fingerprint Internet paths. However, given that packet-pair measurements are performed in an open environment, end-hosts might try to alter these measurements to increase their gain in the network. In this paper, we explore the security of measurements based on the packet-pair technique. More specifically, we analyze the major threats against bandwidth estimation using the packet-pair technique and we demonstrate empirically that current implementations of this technique are vulnerable to a wide range of bandwidth manipulation attacks—in which end-hosts can accurately modify their claimed bandwidths. We propose lightweight countermeasure to detect attacks on bandwidth measurements; our technique can detect whether delays were inserted within the transmission of a packet-pair (e.g., by bandwidth shapers). We further propose a novel scheme for remote path identification using the distribution of packet-pair dispersions and we evaluate its accuracy, robustness , and potential use. Our findings suggest that the packet-pair technique can reveal valuable information about the identity/locations of remote hosts.
1. R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, ―Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility,‖ Future Generation Comput. Syst., vol. 25, pp.599–616, 2009. 2.S. Yu, C. Wang, K. Ren, and W. Lou, ―Achiving secure, scalable, and fine-grained data access control in cloud computing,‖ in Proc. IEEEINFOCOM 2010, 2010, pp. 534–542. R. Bobba, H. Khurana, and M. Prabhakaran, ―Attribute-sets: A practically motivated enhancement to attribute-based encryption,‖ in Proc.ESORICS, Saint Malo, France, 2009. J. Bethencourt, A. Sahai, and B. Waters, ―Ciphertext-policy attributebased encryption,‖ in Proc. IEEE Symp. Security and Privacy, Oakland, CA, 2007. 3.A. Sahai and B. Waters, ―Fuzzy identity based encryption,‖ in Proc. Acvances in Cryptology—Eurocrypt, 2005, vol. 3494, LNCS, pp.457–473. 4.G.Wang, Q. Liu, and J.Wu, ―Hierachicalattibute-based encryption for fine-grained access control in cloud storage services,‖ in Proc. ACMConf. Computer and Communications Security (ACM CCS), Chicago, IL, 2010. 5. Goyal, O. Pandey, A. Sahai, and B.Waters, “Attibute-based encryption for fine-grained access control of encrypted data,” in Proc. ACMConf. Computer and Communications Security (ACM CCS), Alexandria, VA, 2006. 6.H. Harney, A. Colgrove, and P. D. McDaniel, “Principles of policy in secure groups,” in Proc. NDSS, San Diego, CA, 2001.