Cryptographic Defence against Misbehaving TCP Receivers

The congestion control algorithm in TCP relies on {\em correct} feedback from the receiver to determine the rate at which packets should be sent into the network. Hence, correct receiver feedback (in the form of acknowledgements in TCP) is essential to the goal of sharing the scarce bandwidth resources fairly and avoiding congestion collapse in the Internet. However, the assumption that a TCP receiver can always be trusted (to generate feedback correctly) no longer holds as there are plenty of incentives for a receiver to deviate from the protocol. In fact, it has been shown that a misbehaving receiver (whose aim is to bring about congestion collapse) can easily generate acknowledgements to conceal loss and drive a number of honest, innocent senders arbitrary fast to create a significant number of non-responsive packet flows leading to denial of service to other Internet users. We give two efficient, provably secure mechanisms to force a receiver to generate feedback correctly; any incorrect acknowledgement will be detected at the sender. The first scheme is based on an ideal cryptographic hash, and the second one on aggregate authenticators. We also show variants of the second scheme which can (partially) solve the problem of man-in-the-middle attacks, which is not achievable previously.