Show simple item record

dc.contributor.advisorBeverly, Robert
dc.contributor.authorCraven, Ryan M.
dc.dateJune 2014
dc.date.accessioned2014-08-13T20:17:33Z
dc.date.available2014-08-13T20:17:33Z
dc.date.issued2014-06
dc.identifier.urihttp://hdl.handle.net/10945/42602
dc.descriptionApproved for public release; distribution is unlimiteden_US
dc.description.abstractUnderstanding, measuring, and debugging IP networks, particularly across administrative domains, is challenging. One aspect of the challenge are transparent middleboxes, which are now common in today’s Internet. In-path middleboxes that modify packet headers are typically transparent to a TCP, yet can impact the end-to-end performance of its connections. Of equal importance, middleboxes cause architectural ossification that hinders network protocol evolution—new options or redefined header fields are often misconstrued, modified, or disabled. We develop TCP HICCUPS to reveal packet header manipulation to both endpoints of a TCP connection. HICCUPS adds a lightweight tamper-evident seal to TCP that is incrementally deployable and introduces no new options. HICCUPS provides an optional feature, AppSalt, that allows applications to request added protection for their connection’s integrity, making it more difficult for middleboxes to falsify integrity values. HICCUPS is implemented in both an operating system patch to the Linux TCP stack as well as a set of cross-platform user-space tools. To evaluate HICCUPS, we deploy it to a diverse set of Internet nodes spread across 197 networks and 48 countries, measuring packet header manipulations on over 26 thousand directed port/path pairs. We discover over 11 thousand instances of unique non-NAT in-path packet header modifications across those flows, all with the potential to negatively affect TCP performance.en_US
dc.description.urihttp://archive.org/details/designndevaluati1094542602
dc.publisherMonterey, California: Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, may not be copyrighted.en_US
dc.titleDesign and evaluation for the end-to-end detection of TCP/IP header manipulationen_US
dc.typeThesisen_US
dc.contributor.departmentComputer Science
dc.subject.authorComputer networksen_US
dc.subject.authorTCP/IPen_US
dc.subject.authorInternet measurementen_US
dc.subject.authormiddleboxesen_US
dc.subject.authorpacket header modificationsen_US
dc.subject.authorHICCUPSen_US
dc.description.serviceCivilian, Space and Naval Warfare Systems Center Atlanticen_US
etd.thesisdegree.nameDoctor of Philosophy In Computer Scienceen_US
etd.thesisdegree.levelDoctoralen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US


Files in this item

Icon
Thumbnail

This item appears in the following Collection(s)

Show simple item record