Ill-effects of Tampered-TCP Flows and Protection Mechanisms for Well-behaved TCP Flows

TCP is a de facto standard transport-layer protocol in the current Internet. Because TCP works at end hosts, malicious users can selfishly modify its behavior. So there are many kind of TCP variants created by malicious users to get higher throughput than the normal TCP. We refer to such modified TCPs as tampered-TCPs. If the number of tampered-TCP connections increases in the network, they may occupy the network bandwidth because of their selfish behavior. In this thesis, we first investigate the effect of a tampered-TCP through mathematical analysis and simulation experiments, focusing on a tampered-TCP which changes the increase and decrease ratio of the congestion window size during the congestion avoidance phase. By the results of the evaluation, we point out that if tampered-TCP connections with SACK option co-exist with normal TCP connections, the fairness among those connections cannot be kept and the normal TCP connections suffer from low throughput. In a certain network situation, the throughput of the tampered-TCP connection is up to 50 times of that of co-existing TCP Reno connection. To protect normal TCP connections from tampered-TCP connections, we propose a new mechanism which keeps the fairness among TCP connections at edge routers. The proposed mechanism monitors TCP packets at an edge router and estimates a window size or an average throughput of each TCP connection. By using estimation results, the proposed mechanism assesses whether each TCP connection is tampered or not and drops packets intentionally if necessary to improve the fairness among TCP connections. From the results of simulation experiments, we exhibit that the proposed mechanism can identify tampered-TCP connections at high probability and regulate throughput ratio between tampered-TCP connections and competing TCP Reno connections to around 1.