Hongyan Liu,Xiang Chen,Yi Shen,Qun Huang,Zhengyan Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iwqos57198.2023.10188714

2023-01-01

Abstract:In programmable networks, some networking systems coordinate data plane switches to realize in-network functions (e.g., in-band network telemetry). However, the vulnerabilities of inter-device coordination are still largely unknown and neglected, which is highly concerning given the increasing popularity of this paradigm. In this paper, we identify three attack scenarios built upon such vulnerabilities, where attackers mislead the behaviors of networking systems that exploit inter-device coordination to execute in-network functions. We implement 20 existing networking systems on Tofino-based switches and a simulator, and attack these systems with the identified attacks. The experimental results indicate that our attacks significantly interfere with the normal operations of the selected networking systems, e.g., the cache hit rate of NetCache drops 38%. Our analysis also demonstrates that none of existing methods can fully mitigate our attacks since they fail to verify the packets for inter-device coordination.

Wei-Qiang Xu,Tie-Jun Wu

DOI: https://doi.org/10.1007/s11390-006-0072-2

2006-01-01

Abstract:Mobile ad hoc networks (MANETs) are a kind of very complex distributed communication systems with wireless mobile nodes that can be freely and dynamically self-organized into arbitrary and temporary network topologies. MANETs inherit several limitations of wireless networks, meanwhile make new challenges arising from the specificity of MANETs, such as route failures, hidden terminals and exposed terminals. When TCP is applied in a MANET environment, a number of tough problems have to be dealt with. In this paper, a comprehensive survey on this dynamic field is given. Specifically, for the first time all factors impairing TCP performance are identified based on network protocol hierarchy, i.e., lossy wireless channel at the physical layer; excessive contention and unfair access at the MAC layer; frail routing protocol at the network layer, the MAC layer and the network layer related mobile node; unfit congestion window size at the transport layer and the transport layer related asymmetric path. How these factors degrade TCP performance is clearly explained. Then, based on how to alleviate the impact of each of these factors listed above, the existing solutions are collected as comprehensively as possible and classified into a number of categories, and their advantages and limitations are discussed. Based on the limitations of these solutions, a set of open problems for designing more robust solutions is suggested.

Xuewei Feng,Qi Li,Kun Sun,Ke Xu,Jianping Wu

2024-11-19

Abstract:After more than 40 years of development, the fundamental TCP/IP protocol suite, serving as the backbone of the Internet, is widely recognized for having achieved an elevated level of robustness and security. Distinctively, we take a new perspective to investigate the security implications of cross-layer interactions within the TCP/IP protocol suite caused by ICMP error messages. Through a comprehensive analysis of interactions among Wi-Fi, IP, ICMP, UDP, and TCP due to ICMP errors, we uncover several significant vulnerabilities, including information leakage, desynchronization, semantic gaps, and identity spoofing. These vulnerabilities can be exploited by off-path attackers to manipulate network traffic stealthily, affecting over 20% of popular websites and more than 89% of public Wi-Fi networks, thus posing risks to the Internet. By responsibly disclosing these vulnerabilities to affected vendors and proposing effective countermeasures, we enhance the robustness of the TCP/IP protocol suite, receiving acknowledgments from well-known organizations such as the Linux community, the OpenWrt community, the FreeBSD community, Wi-Fi Alliance, Qualcomm, HUAWEI, China Telecom, Alibaba, and H3C.

Cryptography and Security

Yang Qin,Weihong Yang,Yibin Ye,Yao Shi

DOI: https://doi.org/10.1016/j.jnca.2016.04.014

IF: 7.574

2016-01-01

Journal of Network and Computer Applications

Abstract:The unfairness caused by bandwidth sharing via TCP in data center networks is called TCP Outcast problem. Some researchers show that the throughput of a flow with small Round Trip Time (RTT) is less than that with large RTT which is completely contrary to the classic Transmission Control Protocol (TCP) protocol, and they believe that the Outcast problem is caused by port blackout in data center. However, we find that there are more important reasons for outcast which are an unfair distribution of the flows with different RTT on physical link and the differences in congestion window size when finishing the transmission of current block. TCP Incast is a throughput collapse that occurs when many flows arrive at the switch destined for the same output port. Incast deteriorates the performance of networks by increasing the queuing delay of flows and decreasing the throughput of applications. In this paper, we develop an analytical model for goodput when TCP Outcast occurs. Then we propose a new protocol based on window notification mechanism called TCP congestion window replacement (TCP-CWR), which can improve the goodput of the flows with small RTT to solve the outcast problem. Second, we propose a new transport layer protocol based on acknowledgment (ACK) reply changing rate to solve the Incast problem named TCP with Acknowledgment Changing Rate (TCP-ACR). The TCP-ACR protocol adjusts the current congestion window according to the changing rate of ACK and the theoretical maximum congestion window, and it can alleviate the congestion in data center networks. Last, we conduct simulation experiments to verify our proposed schemes. The results show that our analysis of Outcast is correct and our proposed protocols for Outcast and Incast are effective and practical.

Shanshan Hao,Renjie Liu,Deliang Chang,Chenhuan Liu,Xing Li

DOI: https://doi.org/10.1109/imcec46724.2019.8984017

2019-01-01

Abstract:The Domain Name System (DNS) is a critical Internet infrastructure that maps a name to an IP. The Top-Level Domain (TLD) of a name represents its administrative jurisdiction, and the location of the IP represents where the service is operating, however the two are sometimes inconsistent. This inconsistency can lead to anomalies in network accessibility in special cases, and has been exploited to evade regulation. In this work, we analyze the statistics, characteristics and causes of this inconsistency between whether a name is part of .cn ccTLD and whether its IP locates in China, using a dataset of the most requested 100k names generated from 157839692 queries collected during two weeks by the campus network resolver. As a result, 4% of .cn names locate out of China, up to 76% of names with IP within China are not part of .cn, and only 28% of them own a corresponding .cn name. Our work shows the threats of this inconsistency and provides insights for future network administration.

ZAN Feng-biao,XU Ming-wei,WU Jian-ping

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.02.007

2007-01-01

Abstract:When TCP/IP Protocol suite was originally designed, it did not concern about Mobility and Multi-Homing, and also not provide security and authentication mechanism for hosts. Today it becomes a severe problem of Internet to address Mobility and Multi-Homing. Host Identity Protocol (HIP) becomes one of effective approaches to resolve these problems. In this paper, it introduces HIP architecture and HIP base exchange, and discusses the resolution of Host's Mobility, Multi-Homing and secure communication as well as the migration of traditional systems and legacy applications in detail. The problems of HIP are also presented.

Run Guo,Jianjun Chen,Baojun Liu,Jia Zhang,Chao Zhang,Haixin Duan,Tao Wan,Jian Jiang,Shuang Hao,Yaoqi Jia

DOI: https://doi.org/10.1109/srds.2018.00011

2018-01-01

Abstract:Content Delivery Networks (CDNs) are critical Internet infrastructure. Besides high availability and high performance, CDNs also provide security services such as anti-DoS and Web Application Firewalls to CDN-powered websites. However, the massive resources of CDNs may also be leveraged by attackers exploiting their architectural, implementation, or operational weaknesses. In this paper, we show that today's CDN operation is overly loose in customer-controlled forwarding policy and the lack of origin validation leads to a wide range of abuse cases such as DoS attack and stealthy port scan. We systematically study these abuse cases and demonstrate their feasibility in popular CDNs. Further, we evaluate the impact of these abuses by discovering that there are millions of CDN edge servers, and a substantial fraction of them can be abused. Lastly, we propose mitigation solutions against such abuses and discuss their feasibility.

Mingming Zhang,Xiang Li,Baojun Liu,Jianyu Lu,Yiming Zhang,Jianjun Chen,Haixin Duan,Shuang Hao,Xiaofeng Zheng

DOI: https://doi.org/10.1145/3579440

2023-01-01

ACM SIGMETRICS Performance Evaluation Review

Abstract:Public hosting services offer a convenient and secure option for creating web applications. However, adversaries can take over a domain by exploiting released service endpoints, leading to hosting-based domain takeover. This threat has affected numerous popular websites, including the subdomains of microsoft.com. However, no effective detection system for identifying vulnerable domains at scale exists to date. This paper fills the research gap by presenting a novel framework, HostingChecker, for detecting domain takeovers. HostingChecker expands detection scope and improves efficiency compared to previous work by: (i) identifying vulnerable hosting services using a semi-automated method; and (ii) detecting vulnerable domains through passive reconstruction of domain dependency chains. The framework enables us to detect the subdomains of Tranco sites on a daily basis. It discovers 10,351 vulnerable subdomains under Tranco Top-1M apex domains, which is over 8× more than previous findings, demonstrating its effectiveness. Furthermore, we conduct an in-depth security analysis on the affected vendors (e.g., Amazon, Alibaba) and gain a suite of new insights, including flawed domain ownership validation implementation. In the end, we have reported the issues to the security response centers of affected vendors, and some (e.g., Baidu and Tencent) have adopted our mitigation. The full paper is provided in [2].

Mingming Zhang,Xiaofeng Zheng,Kaiwen Shen,Ziqiao Kong,Chaoyi Lu,Yu Wang,Haixin Duan,Shuang Hao,Baojun Liu,Min Yang

DOI: https://doi.org/10.1145/3372297.3417252

2020-01-01

Abstract:HTTPS is principally designed for secure end-to-end communication, which adds confidentiality and integrity to sensitive data transmission. While several man-in-the-middle attacks (e.g., SSL Stripping) are available to break the secured connections, state-of-the-art security policies (e.g., HSTS) have significantly increased the cost of successful attacks. However, the TLS certificates shared by multiple domains make HTTPS hijacking attacks possible again. In this paper, we term the HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack). Despite a known threat, it has not yet been studied thoroughly. We aim to fill this gap with an in-depth empirical assessment of SCC Attack. We find the attack can succeed even for servers that have deployed current best practice of security policies. By rerouting encrypted traffic to another flawed server that shares the TLS certificate, attackers can bypass the security practices, hijack the ongoing HTTPS connections, and subsequently launch additional attacks including phishing and payment hijacking. Particularly, vulnerable HTTP headers from a third-party server are exploitable for this attack, and it is possible to hijack an already-established secure connection. Through tests on popular websites, we find vulnerable subdomains under 126 apex domains in Alexa top 500 sites, including large vendors like Alibaba, JD, and Microsoft. Meanwhile, through a large-scale measurement, we find that TLS certificate sharing is prominent, which uncovers the high potential of such attacks, and we summarize the security dependencies among different parties. For responsible disclosure, we have reported the issues to affected vendors and received positive feedback. Our study sheds light on an influential attack surface of the HTTPS ecosystem and calls for proper mitigation against MITM attacks.

Kaiwen Shen,Jianyu Lu,Yaru Yang,Jianjun Chen,Mingming Zhang,Haixin Duan,Jia Zhang,Xiaofeng Zheng

DOI: https://doi.org/10.1109/dsn53405.2022.00014

2022-01-01

Abstract:The Internet has become a complex distributed network with numerous middle-boxes, where an end-to-end HTTP request is often processed by multiple intermediate servers before it reaches its destination. However, a general problem in this distributed network is the semantic gap attack, which is defined as inconsistent semantic interpretations in the processing chain. While some studies have found individual semantic gap attacks, most of them are based on ad-hoc manual analysis, which is inadequate for fundamentally enhancing the security assurance of a system as complex as the HTTP network.In this work, we propose HDiff, a novel semi-automatic detecting framework, systematically exploring semantic gap attacks in HTTP implementations. We designed a documentation analyzer that employs natural language processing techniques to extract rules from specifications, and utilized differential testing to discover semantic gap attacks. We implemented and evaluated it to find three kinds of semantic gap attacks in 10 popular HTTP implementations. In total, HDiff found 14 vulnerabilities and 29 affected server pairs covering all three types of attacks. In particular, HDiff also discovered three new types of attack vectors. We have already duly reported all identified vulnerabilities to the involved HTTP software vendors and obtained 7 new CVEs from well-known HTTP software, including Apache, Tomcat, Weblogic, and Microsoft IIS Server.

Xiaofeng Zheng,Jian Jiang,Jinjin Liang,Haixin Duan,Shuo Chen,Tao Wan,Nicholas Weaver

2015-01-01

Abstract:A cookie can contain a "secure" flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-midddle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections. Similar attacks can also be launched by a web attacker from a related domain. Although an acknowledged threat, it has not yet been studied thoroughly. This paper aims to fill this gap with an in-depth empirical assessment of cookie injection attacks. We find that cookie-related vulnerabilities are present in important sites (such as Google and Bank of America), and can be made worse by the implementation weaknesses we discovered in major web browsers (such as Chrome, Firefox, and Safari). Our successful attacks have included privacy violation, online victimization, and even financial loss and account hijacking. We also discuss mitigation strategies such as HSTS, possible browser changes, and present a proof-of-concept browser extension to provide better cookie isolation between HTTP and HTTPS, and between related domains.

Sen Wang,Jun Bi,Jianping Wu,Xu Yang,Lingyuan Fan

DOI: https://doi.org/10.1145/2377310.2377312

2012-01-01

Abstract:Designed around host-reachability, today's Internet architecture faces many limitations while serving content-oriented applications which generate most traffic load to the Internet. CCN (Content Centric Networking) [1] is one of the most important proposals for future Internet architecture, which aims to build a content/data oriented network to solve these limitations. On the other hand, HTTP is the most important protocol to deploy new services and applications on current TCP/IP-based Internet. In this paper, we attempt to run HTTP protocol on CCN and combine the two by stitching them semantically on their content-oriented features, such as content caching. We expect that this combination can be leveraged to build CCN testbed with real HTTP traffic which is vital to validation and redesigning of specific mechanisms of CCN and to finding a transition way of CCN in which great incentive is provided for service providers in the economic ecosystem of content distribution. We designed and implemented a HTTP-CCN gateway to transform HTTP request and HTTP response into CCN Interest and Data respectively. We illustrate how to semantically map HTTP caching to CCN caching, which is one of the most attractive properties of CCN. We also discuss how to achieve transparent caching with CCN and find out that it is nontrivial to achieve complete transparency of caching with CCN given no cooperation with CDNs and content providers.

John Nagle

DOI: https://doi.org/10.1145/205447.205454

IF: 1.937

1995-01-11

ACM SIGCOMM Computer Communication Review

Abstract:Congestion control is a recognized problem in complex networks. We have discovered that the Department of Defense's Internet Protocol (IP), a pure datagram protocol, and Transmission Control Protocol (TCP), a transport layer protocol, when used together, are subject to unusual congestion problems caused by interactions between the transport and datagram layers. In particular, IP gateways are vulnerable to a phenomenon we call congestion collapse, especially when such gateways connect networks of widely different bandwidth. We have developed solutions that prevent congestion collapse.These problems are not generally recognized because these protocols are used most often on networks built on top of ARPANET IMP technology. ARPANET IMP based networks traditionally have uniform bandwidth, identical switching nodes, and are sized with substantial excess capacity. This excess capacity, and the ability of the IMP system to throttle the transmissions of hosts has for most IP/TCP hosts and networks, been adequate to handle congestion. With the recent split of the ARPANET into two interconnected networks and the growth of other networks with differing properties connected to the ARPANET, however, reliance on the benign properties of the IMP system is no longer enough to allow hosts to communicate rapidly and reliably. Improved handling of congestion is now mandatory for successful network operation under load.Ford Aerospace and Communications Corporation, and its parent company, Ford Motor Company, operate the only private IP/TCP long-haul network in existence today. This network connects six facilities (one in Michigan, two in California, one in Colorado, one in Texas, and one in England) some with extensive local networks. This net is cross-tied to the ARPANET but uses its own long-haul circuits; traffic between Ford facilities flows over private leased circuits, including a leased transatlantic satellite connection. All switching nodes are pure IP datagram switches with no node-to-node flow control, and all hosts run software either written or heavily modified by Ford or Ford Aerospace. Bandwidth of links in this network varies widely, from 1200 to 10,000,000 bits per second. In general, we have not been able to afford the luxury of excess long-haul bandwidth that the ARPANET possesses, and our long-haul links are heavily loaded during peak periods. Transit times of several seconds are thus common in our network.Because of our pure datagram orientation, heavy loading, and wide variation in bandwidth, we have had to solve problems that the ARPANET/MILNET community is just beginning to recognize. Our network is sensitive to suboptimal behavior by host TCP implementations, both on and off our own net. We have devoted considerable effort to examining TCP behavior under various conditions, and have solved some widely prevalent problems with TCP. We present here two problems and their solutions. Many TCP implementations have these problems; if throughput is worse through an ARPANET/MILNET gateway for a given TCP implementation than throughput across a single net, there is a high probability that the TCP implementation has one or both of these problems.

computer science, information systems

Xurong Li,Chunming Wu,Shouling Ji,Qinchen Gu,Raheem A. Beyah

DOI: https://doi.org/10.1007/978-3-319-78813-5_25

2017-01-01

Abstract:HTTPS has played a significant role in the Internet world. HSTS is deployed to ensure the proper running of HTTPS. To get a good understanding of the deployment of HSTS, we conducted an in-depth measurement of the deployment of HSTS among Alexa top 1 million sites, and investigated bookmarks and navigation panels in different browsers. We found five types of threats, including transmission errors, redirection errors, field setting errors, the auto completion mechanism in bookmarks and the embedded addresses in navigation panels. To demonstrate defects we found, we designed an enhanced HTTPS stripping attack, which was upgraded from the original sslstrip attack. Finally, we gave three effective suggestions to eliminate these defects. This paper exposed various risks of HTTPS and HSTS, making it possible to deploy HTTPS and HSTS in a more secure way.

WANG Quan-li,FU Yan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.07.030

2008-01-01

Abstract:Since homogeneous wireless network technology is no longer suitable for the development of heterogeneous networks, the future wireless communication network is going to be a heterogeneous network environment which combines different wireless technology and network architectures. This paper proposes a new mobility management scheme based on Host Identity Protocol (HIP) and Session Initiation Protocol (SIP). The hybrid model HIP-SIP scheme is for all services, and the IPsec scheme in the model TCP-HIP is used to ensure communication in security.

J Bi,X Li,G Ren,MI Williams

2007-01-01

Abstract:The Internet is a decentralized system which basically provides best effort, packet-based data forwarding service. In the forwarding process, the device (router, switch, gateway, etc.) forwards IP packets based on the destination IP address. In most cases, the source IP address is not checked. The lack of source IP address checking makes it easy for the attackers to spoof the source address. And it has facilitated many existing attacks in the Internet.In recent years, there have been some efforts in the research community to design mechanisms on fighting against source address spoofing. We think it is now a suitable time to summarize the progress and to standardize some results of research efforts to protocols, to enhance the authenticity of the source address. Providing authentic IP address is not only helpful to network security, but also helpful to some other aspects, eg, network application, network management and …

Xiaozhu Lin,Haiyan Wu,Dongxing Jiang,Fengyuan Ren

DOI: https://doi.org/10.1109/ATNAC.2007.4665265

2008-01-01

Abstract:In modern web applications, several web sites often inhabit one single web server, asking for some software mechanisms to allocate server resources among those virtual hosts. This paper tries to study this issue from the perspective of control theory. First, solid proofs are shown to demonstrate that web servers could hardly be modeled with fixed parameters, which cast doubt on foundations of existing parametric web QoS schemes. Furthermore, we present the self-adaptive architecture for web servers, whose objective is to perform finer control over the performance while suiting varying run-time conditions of web servers. A series of tests validate the efficiency of our strategy, showing that comparing with QoS schemes based on fixed parameters, self-adaptive architecture tracks demanding request latency more closely, even when run-time environments change dramatically. In addition, our architecture requires no superfluous off-line identification of system parameters. We also point out that the self-adaptive architecture for web servers could be implemented with other various QoS facilities.

Sheng Zhonghua,Yu Xiangzhan,Liu Pi'e

DOI: https://doi.org/10.1109/ICIT.2008.4608679

2008-01-01

Abstract:In order to smoothly transit the IPv4 internet to IPv6, some related network transiting mechanisms[J] were developed, which basically put emphasize on the co-existence of IPv4 and IPv6 network while transiting. However, the most significant problem preventing common user from trying and adopting IPv6 is that many kind of now-existing software take no support of IPv6, especially those used in some special area which has been used and tested for years. This brings a rather high cost and risk in the software transiting. In this paper, the author tries to propose a new mechanism to solve this problem, which makes the net-layer protocol transparent to the application layer software by modifying the socket calls. ©2008 IEEE.

Guoliang Xing,Jun Huang

2012-01-01

Abstract:Recent years have witnessed the phenomenal penetration rate of wireless networks in our daily lives, ranging from 802.11-based wireless LANs that provide ubiquitous Internet access, to 802.15.4-based wireless sensor networks that carry out various mission-critical tasks such as security surveillance and patient monitoring. However, despite the advances in the field of wireless networking, how to design high-performance wireless networks remains an open problem because of the fundamental challenges of wireless interference and coexistence. Interference is the fundamental factor that limits the link concurrency of wireless networks. Due to the broadcast nature of wireless channel, concurrent transmissions on the same frequency interfere with each other over the air, resulting in lower throughput and higher delivery delay. Handling interference in wireless networks is difficult because of the hidden terminal problem and the exposed terminal problem. Although the former is well studied in existing literature, the later is not, especially in networks where multiple bit rates are available. Another challenge is that interference significantly hinders the coexistence of different wireless technologies. In particular, recent studies show that wireless coexistence is becoming a growing issue due to the unprecedented proliferation of wireless devices in the unlicensed 2.4GHz band. When devices of heterogeneous physical layer operating on the same frequency, interference is more difficult to resolve as devices cannot decode the signals of each other. Moreover, co-existing devices commonly transmit at different powers, which leads to unfair channel usage. The issue is particularly critical to lower power wireless devices. This thesis tackles the fundamental challenges of wireless interference and coexistence to the link layer design of wireless networks. In particular, we identify two problems in the design of existing link layer protocols, and advance the state-of-the-art by offering practical solutions: (1) the rate-adaptive exposed terminal problem where link concurrency cannot be fully exploited by conventional link layers because of they are oblivious to the bit rate diversity; and (2) the blind terminal problem where existing link layer protocols fail to work in co-existing environments due to the heterogeneous physical layer and power asymmetry of co-existing devices. We motivate this research by showing that existing link layer protocols are surprisingly ineffective in handling these problems. Our experiments pinpoint the fundamental reasons of such ineffectiveness and reveal their implications on the design of link layer protocols. We then develop practical solutions to tackle the identified problems. Extensive testbed-based experiments validate the design of proposed solutions, and demonstrate their significant performance gains over existing link layer protocols.

Qi Li,Xingqun Qi,Jiaming Liu,Hongfeng Han

DOI: https://doi.org/10.1109/icctec.2017.00303

2017-01-01

Abstract:Hosts need to identify their location on the Internet. One way is to use an IP address. In IPV4 networks, each computer is identified by a unique 4-byte number, which is generally written as a four-point format, such as 199.1.35.90. When data are transmitted via the network, the header of the packet will contain the IP address of the destination host. Another method is to use the host name to identify themselves, such as www.yahoo.com, www.google.com. Compared with the IP address, it is more memorable. However, the host name provides little or no information about the host's location in the network. In addition, since host names are usually composed of alphanumeric characters of varying lengths, routers are better at handling fixed-length, hierarchical IP addresses. Therefore, domain name system (DNS) has been developed for converting host names that are easy to be remembered by humans into digital Internet addresses. But the use of DNS sometimes reduces the efficiency of accessing the network because the network environment varies all the time, which results in the transmission rate of information between the client and the DNS server. If the package losses due to timeout, the respond of the DNS server cannot be received. As a result, this paper designs a model that can decrease the probability of these problems by introducing a local DNS database.