Magic Train: Design of Measurement Methods against Bandwidth Inflation Attacks

Bandwidth measurement is important for many network applications and services, such as peer-to-peer networks, video caching and anonymity services. To win a bandwidth-based competition for some malicious purpose, adversarial Internet hosts may falsely announce a larger network bandwidth. Some preliminary solutions have been proposed to this problem. They can either evade the bandwidth inflation by a consensus view (i.e., opportunistic bandwidth measurements) or detect bandwidth frauds via forgeable tricks (i.e., detection through bandwidth's CDF symmetry). However, smart adversaries can easily remove the forgeable tricks and report an equally larger bandwidth to avoid the consensus analyses. To defend against the smart bandwidth inflation frauds, we design magic train, a new measurement method which combines an unpredictable packet train with estimated round-trip time (RTT) for detection. The inflation behaviors can be detected through highly contradictory bandwidth results calculated using different magic trains or a train's different segments, or large deviation between the estimated RTT and the RTT reported by the train's first packet. Being an uncooperative measurement method, magic train can be easily deployed on the Internet. We have implemented the magic train using RAW socket and LibPcap, and evaluated the implementation in a controlled testbed and the Internet. The results have successfully confirmed the effectiveness of magic train in detecting and preventing smart bandwidth inflation attacks.