In this work, we investigate the TCP retransmission accounting policies of 12 cellular ISPs in the world and report the accounting vulnerabilities with TCP retransmission attacks. First, we find that cellular data accounting policies vary from ISP to ISP. While the majority of cellular ISPs blindly account for every IP packet, some ISPs intentionally remove the retransmission packets from the user bill for fairness. Second, we show that it is easy to launch the “usage-inflation”attack on the ISPs that blindly account for every IP packet. In our experiments, we could inflate the usage up to the monthly limit only within 9 minutes of the attack completely without the knowledge of the subscriber. For those ISPs that do not account for retransmission, we successfully launch the “free-riding”attack by tunneling the payload under fake TCP headers that look like retransmission. To counter the attacks, we argue that the ISPs should consider ignoring TCP retransmission for billing while detecting the tunneling attacks by deep packet inspection. We implement and evaluate Abacus, a light-weight accounting system that reliably detects “free-riding”attacks even in the 10 Gbps links.
Younghwan Go is currently a Ph.D. student at KAIST. His research interests are networked and distributed systems, network security and mobile network. He received a M.S. degree in Electrical Engineering and Information Security from KAIST in 2013. Previously, he received a Bachelor's degree in Electrical Engineering from KAIST in 2011.