Packet retransmission is a fundamental TCP feature that ensures reliable data transfer between two end nodes. Interestingly, when it comes to cellular data accounting, TCP retransmission creates an important policy issue. Cellular ISPs might argue that all retransmitted IP packets should be accounted for billing since they consume the resources of their infrastructures. On the other hand, the service subscribers might want to pay only for the application data by taking out the amount for retransmission. Regardless of the policies, however, we find that TCP retransmission can be easily abused to manipulate the current practice of cellular traffic accounting.
In this work, we investigate the TCP retransmission accounting policies of 12 cellular ISPs in the world and report the accounting vulnerabilities with TCP retransmission attacks. First, we find that cellular data accounting policies vary from ISP to ISP. While the majority of cellular ISPs blindly account for every IP packet, some ISPs intentionally remove the retransmission packets from the user bill for fairness. Second, we show that it is easy to launch the “usage-inflation”attack on the ISPs that blindly account for every IP packet. In our experiments, we could inflate the usage up to the monthly limit only within 9 minutes of the attack completely without the knowledge of the subscriber. For those ISPs that do not account for retransmission, we successfully launch the “free-riding”attack by tunneling the payload under fake TCP headers that look like retransmission. To counter the attacks, we argue that the ISPs should consider ignoring TCP retransmission for billing while detecting the tunneling attacks by deep packet inspection. We implement and evaluate Abacus, a light-weight accounting system that reliably detects “free-riding”attacks even in the 10 Gbps links.
Younghwan Go is currently a Ph.D. student at KAIST. His research interests are networked and distributed systems, network security and mobile network. He received a M.S. degree in Electrical Engineering and Information Security from KAIST in 2013. Previously, he received a Bachelor's degree in Electrical Engineering from KAIST in 2011.