On the Security of End-to-End Measurements Based on Packet-Pair Dispersions

The packet-pair technique is a widely adopted method to estimate the capacity of a path. The use of the packet-pair technique has been suggested in numerous applications including network management and end-to-end admission control. Recent observations also indicate that this technique can be used to fingerprint Internet paths. However, given that packet-pair measurements are performed in an open environment, end-hosts might try to alter these measurements to increase their gain in the network. In this paper, we explore the security of measurements based on the packet-pair technique. More specifically, we analyze the major threats against bandwidth estimation using the packet-pair technique and we demonstrate empirically that current implementations of this technique are vulnerable to a wide range of bandwidth manipulation attacks-in which end-hosts can accurately modify their claimed bandwidths. We propose lightweight countermeasures to detect attacks on bandwidth measurements; our technique can detect whether delays were inserted within the transmission of a packet-pair (e.g., by bandwidth shapers). We further propose a novel scheme for remote path identification using the distribution of packet-pair dispersions and we evaluate its accuracy, robustness, and potential use. Our findings suggest that the packet-pair technique can reveal valuable information about the identity/locations of remote hosts.