Minimum-Pairs Protocol


The minimum-pairs is an active measurement protocol to estimate in real-time the smaller of the forward and reverse one-way network delays. It is designed to work in hostile environments, where a set of three network nodes can estimate an upper-bound OWDs between themselves and a fourth untrusted node. All four nodes must cooperate, though honest cooperation from the fourth node is not required. The objective is to conduct such estimates without involving the untrusted nodes in clock synchronization, and in a manner more accurate than simply half the Round-Trip Time. The MP protocol can be used in delay-sensitive applications or for secure Internet geolocation.

Methodology

The MP protocol requires the three trusted network nodes to synchronize their clocks, and securely have access to their public keys, which could be achieved through a closed public-key infrastructure system. The untrusted node needs not follow suit because it is not assumed to cooperate honestly. To estimate an upper bound to the smaller of the forward and reverse OWD between node A and the untrusted node X, X first establishes an application-layer connection to all three nodes. This could be done transparently over the browser using, e.g., Web-sockets. The three nodes then take turns in exchanging digitally-signed timestamps.
Assuming node A begins, it sends a signed timestamp to X. Node X forwards that message to the other two nodes. When the message is received, its receiving time is recorded. The receiving node then verifies the signature, and calculates the time it took the message to traverse the network from its originator to the recipient passing by the untrusted node. This is done by subtracting the timestamp in the message from the receiving time. Node B then repeats the process, followed by node C. After all three nodes have taken turns, they end-up with six delay estimates corresponding to the links:
To estimate the smaller of the forward and reverse OWDs on the three network links between A, B, C and X, the minimum of each such pairs above is taken. Each of the three pairs then represents an approximate to the smaller OWD on each link, which generates a system of three equations in three unknowns. Solving those simultaneously for a, b, and c gives the delay estimate.

Numerical Example

Assume the actual delays to node X from nodes A, B and C and vice versa are as follows:
ABC
To node X582
From node X644

Those are the unknown delays. We need to estimate the smaller of the forward and reverse on each of the three links. In this example, the smaller is 5ms, 4ms, and 2ms on the links between X and the three trusted nodes respectively. When the nodes exchange the timestamp messages, they can only see the following:
The system of equations thus becomes:
which results in estimates to the smaller OWDs of:
In this case, the absolute errors are,, and on all three links respectively. In comparison, the average RTT would calculate the OWD on all three links as 5.5ms, 6ms, and 3ms, resulting in absolute errors of 0.5ms, 2ms, and 1ms respectively. Therefore, the MP protocol is more accurate in this example.

Analysis

Injecting artificial delays by, e.g., holding onto the message for a little while instead of promptly forwarding it, enables the untrusted node to increase the estimated OWDs. The MP protocol can thus estimate an upper bound for OWDs on all three links collectively between the trusted nodes and the untrusted one. For example, if the estimated delays were 30ms, 40ms, and 50ms, the actual cannot be 60ms, 70ms and 80ms because that means the untrusted node managed to reduce all three together, which is hard to achieve since delays are bound by the physical characteristics of the transmission media. Note however that the untrusted node may in some case be able to reduce a subset of the links, but not all, by selectively delaying some of the links.
Compared to the average, the MP protocol never returns an estimate to the smaller of the forward and reverse OWD that is larger than that returned by the average method. Additionally, the probability distribution of absolute error for the MP protocol has been derived as a function of the underlying delay distribution. This is useful as it enables the calculation of expected error knowing the nature of delays on the links between the untrusted node and the trusted ones.