Candidate definitions: Spoofing, Proxying, Splitting, etc.

[Keith Scott <Keith.Scott@jpl.nasa.gov>]

There was a good deal of discussion at NASA Lewis Research Center's
'Satellite Networks: Architectures Applications and Technologies' workshop
this week about spoofing, proxying, and connection splitting.  It was
generally agreed that we need common definitions for the terms spoofing,
proxying, and tcp splitting or connection splitting.  I have previously in
my own mind been using the following definitions.

Topology:
Node A wants to send data to B, and C is some intermediate entity (router,
bridge, satellite hop including groundstations, network, etc.) in the
information path.  Note that the return traffic (acknowledgments) from B to
A may or may not go through C but in general does not have to.
       ______             ______
      |      |           |      |
  A --+ Net  +---- C ----+ Net  +------ B
      |______|           |______|

Definitions:

Spoofing:  C is a spoofer if it modifies the information flowing between A
and B unbeknownst to either.  This definition was designed to cover ACK
spoofing, where C would acknowledge packets sent by A as it forwarded them
to B.  In this case, C then becomes responsible for seeing that the packets
actually make it to B.  Depending on your religious persuasion it can be
argued that this is 'bad' because it breaks TCP's end-2-end semantics.

Proxying:  C is a proxy if it aids A's transmission to B in such a way that
either:  1) it does not modify the data/ack stream flowing though it or  2)
the endpoint knows that C is there and what it is doing.  This definition
covers proxy servers, for example.  It would also cover the ACK' method I
discussed.  I included item (1) in case C only cooperates with one side and
simply does nothing special in the other direction.

As an aside, I think Berkeley's snoop would fall under the definition of
spoofing, which makes me somewhat unhappy with the definition, as I think
we'd generally like spoofing to be bad.  It was also mentioned that maybe
the entire term 'spoofing' should be replaced, as it is unclear and
certainly has bad connotations.  How about something like [hidden/known]
performance enhancing proxies for spoofing and proxying?
[covert/cooperative] PEPs?

TCP Splitting: C splits the TCP connection if it terminates the TCP
connection from A and opens up a separate connection to B.  In this case,
as C receives segments from A, it acknowledges them (since it is the end of
the connection from A) and resends them on the other side to B.  Again,
once C has acknowledged a packet from A it becomes responsible for its
delivery.

Protocol Translation:  If C is a network or piece of a network (in the
above picture, think of breaking C into C and C' separated by a 'net' box),
C could take in TCP packets from A and encapsulate them with the C network
header/trailer and forward them to C', which removes the C network wrapping
before sending the packets on their way to B.  The C network might do its
own ARQ, send each packet multiple times, etc.  Alternately C might modify
the TCP headers in such a way that C' could recover the originals (VJ
Header compression is a link layer version of this, but if you had some
other way to do routing within the C network you could conceive of a scheme
to compress the TCP header at C, move the packet to C', then uncompress the
header before releasing the packet from the C network).

Other:  Consider a 'protocol booster' model, with the same topology as for
the protocol translation definition, but instead of encapsulating the
incoming TCP packets or changing their formats, C simply forwards them to
C' and _separately_ sends extra information (FEC, timestamps, etc) to C';
C' then uses this extra information for something.  This is slightly
different from protocol translation, as if either the 'special sender' (C)
or 'special receiver' (C') is removed, the original TCP packets will still
be forwarded to B.

------------------

I would appreciate any comments on or additions to the above definitions.
I would also like to thank Lewis Research Center for their excellent
workshop on Satellite Networks and Architectures.  I found it enlightening
and think that it was an excellent forum to bring together people from
government, academia, and the commercial sector to continue to push for
integration of satellites into the communications infrastructure.


			--keith




-----------------------------------------------------------------------------
Keith Scott                                         kscott@zorba.jpl.nasa.gov
Jet Propulsion Laboratory
4800 Oak Grove MS 161-260                             (Voice) +1.818.354.9250
Pasadena, CA 91109-8099                               (FAX)   +1.818.393.4643
-----------------------------------------------------------------------------