The Experts below are selected from a list of 4845 Experts worldwide ranked by ideXlab platform
Nida Rashid - One of the best experts on this subject based on the ideXlab platform.
-
bandwidth efficient tcp frame design without Acknowledgment Number field
Computer Networks and Isdn Systems, 2011Co-Authors: Asjad Amin, Kanwal Afreen, Abida Shaheen, Tayyabah Nadeem, Nida RashidAbstract:This paper presents a novel design of a TCP frame. Unlike the original design, proposed design does not include 32 bit acknowl- edgment Number field. This modified TCP design is discussed with the help of state diagrams, pseudo code, general equations and computer simulations. A comparison is then made between suggested and original design for simplex, duplex and pipelined case. The result clearly indi- cates that our design provides same kind of functionality for any case but with reduced header size. This reduction of header size decreases trans- mission time, increases bandwidth efficiency which in return increases throughput.
Mark Allman - One of the best experts on this subject based on the ideXlab platform.
-
Resilience of Deployed TCP to Blind Attacks
2016Co-Authors: Matthew Luckie, Robert Beverly, Mark AllmanAbstract:As part of TCP’s steady evolution, recent standards have recommended mechanisms to protect against weaknesses in TCP. But adoption, configuration, and deployment of TCP improvements can be slow. In this work, we consider the re-silience of deployed TCP implementations to blind in-window attacks, where an off-path adversary disrupts an established connection by sending a packet that the victim believes came from its peer, causing data corruption or connection reset. We tested operating systems (and middleboxes deployed in front) of webservers in the wild in September 2015 and found 22 % of connections vulnerable to in-window SYN and re-set packets, 30 % vulnerable to in-window data packets, and 38.4 % vulnerable to at least one of three in-window attacks we tested. We also tested out-of-window packets and found that while few deployed systems were vulnerable to reset and SYN packets, 5.4 % of connections accepted in-window data with an invalid Acknowledgment Number. In addition to evaluating commodity TCP stacks, we found vulnerabili-ties in 12 of 14 of the routers and switches we characterized – critical network infrastructure where the potential impact of any TCP vulnerabilities is particularly acute. This surpris-ingly high level of extant vulnerabilities in the most mature Internet transport protocol in use today is a perfect illus-tration of the Internet’s fragility. Embedded in historical context, it also provides a strong case for more systematic, scientific, and longitudinal measurement and quantitative analysis of fundamental properties of critical Internet infras-tructure, as well as for the importance of better mechanisms to get best security practices deployed
Kc Claffy - One of the best experts on this subject based on the ideXlab platform.
-
Resilience of Deployed TCP to Blind Off-Path Attacks
'Association for Computing Machinery (ACM)', 2015Co-Authors: Luckie Matthew, Beverly Robert, Wu Tiange, Allman Mark, Kc ClaffyAbstract:Proceedings of the Fifteenth ACM SIGCOMM Internet Measurement (IMC 2015) Conference, Tokyo, JP, October 2015 (Awarded Best Paper).The article of record may be found at: http://dx.doi.org/10.1145/2815675.2815700.As part of TCP’s steady evolution, recent standards have recommended mechanisms to protect against weaknesses in TCP. But adoption, configuration, and deployment of TCP improvements can be slow. In this work, we consider the resilience of deployed TCP implementations to blind in-window attacks, where an off-path adversary disrupts an established connection by sending a packet that the victim believes came from its peer, causing data corruption or connection reset. We tested operating systems (and middleboxes deployed in front) of webservers in the wild in September 2015 and found 22% of connections vulnerable to in-window SYN and re- set packets, 30% vulnerable to in-window data packets, and 38.4% vulnerable to at least one of three in-window attacks we tested. We also tested out-of-window packets and found that while few deployed systems were vulnerable to reset and SYN packets, 5.4% of connections accepted in-window data with an invalid Acknowledgment Number. In addition to evaluating commodity TCP stacks, we found vulnerabilities in 12 of 14 of the routers and switches we characterized – critical network infrastructure where the potential impact of any TCP vulnerabilities is particularly acute. This surprisingly high level of extant vulnerabilities in the most mature Internet transport protocol in use today is a perfect illus- tration of the Internet’s fragility. Embedded in historical context, it also provides a strong case for more systematic, scientific, and longitudinal measurement and quantitative analysis of fundamental properties of critical Internet infrastructure, as well as for the importance of better mechanisms to get best security practices deployed.This work was supported in part by U.S. NSF grants CNS-1111449, ACI-1127506, and CNS- 1237265, and by DHS S&T Cyber Security Division BAA 11-02 and SPAWAR Systems Center Pacific via N66001- 12-C-0130 and Defence Research and Development Canada (DRDC) pursuant to an Agreement between the U.S. and Canadian governments for Cooperation in Science and Technology for Critical Infrastructure Protection and Border Security
Asjad Amin - One of the best experts on this subject based on the ideXlab platform.
-
bandwidth efficient tcp frame design without Acknowledgment Number field
Computer Networks and Isdn Systems, 2011Co-Authors: Asjad Amin, Kanwal Afreen, Abida Shaheen, Tayyabah Nadeem, Nida RashidAbstract:This paper presents a novel design of a TCP frame. Unlike the original design, proposed design does not include 32 bit acknowl- edgment Number field. This modified TCP design is discussed with the help of state diagrams, pseudo code, general equations and computer simulations. A comparison is then made between suggested and original design for simplex, duplex and pipelined case. The result clearly indi- cates that our design provides same kind of functionality for any case but with reduced header size. This reduction of header size decreases trans- mission time, increases bandwidth efficiency which in return increases throughput.
Matthew Luckie - One of the best experts on this subject based on the ideXlab platform.
-
Resilience of Deployed TCP to Blind Attacks
2016Co-Authors: Matthew Luckie, Robert Beverly, Mark AllmanAbstract:As part of TCP’s steady evolution, recent standards have recommended mechanisms to protect against weaknesses in TCP. But adoption, configuration, and deployment of TCP improvements can be slow. In this work, we consider the re-silience of deployed TCP implementations to blind in-window attacks, where an off-path adversary disrupts an established connection by sending a packet that the victim believes came from its peer, causing data corruption or connection reset. We tested operating systems (and middleboxes deployed in front) of webservers in the wild in September 2015 and found 22 % of connections vulnerable to in-window SYN and re-set packets, 30 % vulnerable to in-window data packets, and 38.4 % vulnerable to at least one of three in-window attacks we tested. We also tested out-of-window packets and found that while few deployed systems were vulnerable to reset and SYN packets, 5.4 % of connections accepted in-window data with an invalid Acknowledgment Number. In addition to evaluating commodity TCP stacks, we found vulnerabili-ties in 12 of 14 of the routers and switches we characterized – critical network infrastructure where the potential impact of any TCP vulnerabilities is particularly acute. This surpris-ingly high level of extant vulnerabilities in the most mature Internet transport protocol in use today is a perfect illus-tration of the Internet’s fragility. Embedded in historical context, it also provides a strong case for more systematic, scientific, and longitudinal measurement and quantitative analysis of fundamental properties of critical Internet infras-tructure, as well as for the importance of better mechanisms to get best security practices deployed
