Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission
Younghwan Go,
Korea Advanced Institute of Science and Technology
Thursday, September 19, 12pm
Computer Science 402
Packet retransmission is a fundamental TCP feature that ensures reliable
data transfer between two end nodes. Interestingly, when it comes to
cellular data accounting, TCP retransmission creates an important policy
issue. Cellular ISPs might argue that all retransmitted IP packets
should be accounted for billing since they consume the resources of
their infrastructures. On the other hand, the service subscribers might
want to pay only for the application data by taking out the amount for
retransmission. Regardless of the policies, however, we find that TCP
retransmission can be easily abused to manipulate the current practice
of cellular traffic accounting.
In this work, we investigate the TCP retransmission accounting policies
of 12 cellular ISPs in the world and report the accounting
vulnerabilities with TCP retransmission attacks. First, we find that
cellular data accounting policies vary from ISP to ISP. While the
majority of cellular ISPs blindly account for every IP packet, some ISPs
intentionally remove the retransmission packets from the user bill for
fairness. Second, we show that it is easy to launch the
“usage-inflation” attack on the ISPs that blindly account for every IP
packet. In our experiments, we could inflate the usage up to the monthly
limit only within 9 minutes of the attack completely without the
knowledge of the subscriber. For those ISPs that do not account for
retransmission, we successfully launch the “free-riding” attack by
tunneling the payload under fake TCP headers that look like
retransmission. To counter the attacks, we argue that the ISPs should
consider ignoring TCP retransmission for billing while detecting the
tunneling attacks by deep packet inspection. We implement and evaluate
Abacus, a light-weight accounting system that reliably detects
“free-riding” attacks even in the 10 Gbps links.
Younghwan Go is currently a Ph.D. student at KAIST. His research
interests are networked and distributed systems, network security and
mobile network. He received a M.S. degree in Electrical Engineering and
Information Security from KAIST in 2013. Previously, he received a
Bachelor's degree in Electrical Engineering from KAIST in 2011.
Nicole Wagenblast
Computer Science Department
Princeton University
35 Olden Street
Princeton, NJ 08540
609-258-4624