Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multipath TCP improvements

Published byAgus Halim Modified over 6 years ago

Similar presentations

Presentation on theme: "Multipath TCP improvements"— Presentation transcript:

1 Multipath TCP improvements
Q. De Coninck, M. Jadin, O. Bonaventure UCLouvain

2 Agenda Improving Multipath TCP on smartphones Multipath TCP Secure

3 Multipath TCP on smartphones
What are the benefits of using Multipath TCP on smartphones ? Higher bandwidth by bonding WiFi and LTE Very few applications require this feature See Q. De Coninck et al., A First Analysis of Multipath TCP on Smartphones, PAM2016, Faster handovers between WiFi and LTE This is the main reason why Siri uses Multipath TCP

4 Multipath TCP on smartphones
Both LTE and WiFi active SYN+MP_CAPABLE SYN+ACK+MP_CAPABLE Data SYN+MP_JOIN(backup) SYN+ACK+MP_JOIN MP_JOIN ACK ACK Data (reinjection)

5 Multipath TCP on smartphones
To minimise energy consumption, WiFi only SYN+MP_CAPABLE SYN+ACK+MP_CAPABLE Enable LTE Data SYN+MP_JOIN SYN+ACK+MP_JOIN MP_JOIN ACK ACK Data (reinjection)

6 Improving handovers on smartphones
Ideally, smartphones would like to do SYN+MP_CAPABLE SYN+ACK+MP_CAPABLE Enable LTE Data SYN+MP_JOIN(backup)+Data (reinjection) SYN+ACK+MP_JOIN MP_JOIN ACK ACK

7 Faster handovers In RFC6824, we opted for a four-way handshake to establish the additional subflow This is fine for bandwidth aggregation, but far too long for fast handovers on smartphones RFC6824bis should revisit this assumption by Analysing the security threats caused by the transmission of data inside SYN+MP_JOIN Devise a solution that allows to transmit/reinject data inside SYN+MP_JOIN

8 Agenda Improving Multipath TCP on smartphones Multipath TCP Secure

9 Multipath TCP Secure TLS over Multipath TCP
Works out of the box, but attackers could cause denial of service by Changing TCP headers or MPTCP options Injecting/modifying data Multipath TCP Secure's design objective Preserve connectivity when attacker is not active on all paths

10 Attack scenario TLS over Multipath TCP
Attacker on one path, e.g. WiFi Change payload Data Invalid TLS record Terminate entire TLS session

11 Attack scenario Multipath TCP Secure
Attacker on one path, e.g. WiFi Change payload Data RST Invalid AEAD Terminate subflow, Connection continues Reinjected Data

12 Building blocks A secure handshake allows to negotiate keys
TLS 1.3 for example AEAD : Authenticated Encryption with Additional Data Used to securely encrypt and authenticate both data and key Multipath TCP options

13 Authentication information
Where should we place the authentication information ? As an extension of Multipath TCP options Not enough space inside TCP extended header Inside the payload Authentication information is added at the end of each mapped data

14 Authenticating data and options
TCP Segment In clear TCP Segment Encrypted Application Data TCP header TCP header TCP options TCP options MPTCP options MPTCP options Ciphertext Data AEAD Plaintext Associated Data Authentication tag of the options AEAD Associated Data / Secret key (+ unique nonce based on Data Sequence Number)

15 Implementation status
Linux Kernel v.4.1, inside the MPTCP code Use of the Linux/GNU CryptoAPI Regular MPTCP still negotiable ~5000 lines of diff

16 Benchmarks Client Server Router Client eth0 Server eth0 Server eth1
Speed (Mb/s) 100 MTU (bytes) 1500 Offloading off Client Server RAM 4 GB 2 GB CPUs Intel i5 Intel Core 2

17 Benchmarks : goodput

18 Benchmarks : request/response

19 Conclusion Multipath TCP on smartphones Multipath TCP secure
RFC6824bis should include solutions to reduce handover times Multipath TCP secure First step towards a version of Multipath TCP that can cope with on-path attackers More details in M. Jadin et al. "Securing Multipath TCP : Design and implementation", to appear, INFOCOM'17

Download ppt "Multipath TCP improvements"

Similar presentations

WELCOME! Multipath TCP Implementors Workshop Saturday 24 th July Maastricht Philip Eardley MPTCP WG Co-chair.

WELCOME! Multipath TCP Implementors Workshop Saturday 24 th July Maastricht Philip Eardley MPTCP WG Co-chair.
TCP--Revisited. Background How to effectively share the network? – Goal: Fairness and vague notion of equality Ideal: If N connections, each should get.

TCP--Revisited. Background How to effectively share the network? – Goal: Fairness and vague notion of equality Ideal: If N connections, each should get.
Laboratório de Teleprocessamento e Redes1 Unix Network Programming Prof. Nelson Fonseca

Laboratório de Teleprocessamento e Redes1 Unix Network Programming Prof. Nelson Fonseca
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Multipath.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Multipath.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
TDTS21 Advanced Networking

TDTS21 Advanced Networking
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Options or payload? Costin Raiciu UCL IETF 78, Maastricht.

Options or payload? Costin Raiciu UCL IETF 78, Maastricht.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Slide 1 DESIGN, IMPLEMENTATION, AND PERFORMANCE ANALYSIS OF THE ISCSI PROTOCOL FOR SCSI OVER TCP/IP By Anshul Chadda (Trebia Networks)-Speaker Ashish Palekar.

Slide 1 DESIGN, IMPLEMENTATION, AND PERFORMANCE ANALYSIS OF THE ISCSI PROTOCOL FOR SCSI OVER TCP/IP By Anshul Chadda (Trebia Networks)-Speaker Ashish Palekar.
Multipath TCP Signaling Options or Payload? Costin Raiciu

Multipath TCP Signaling Options or Payload? Costin Raiciu
TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.

TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.
Transport Layer: TCP and UDP. Overview of TCP/IP protocols Comparing TCP and UDP TCP connection: establishment, data transfer, and termination Allocation.

Transport Layer: TCP and UDP. Overview of TCP/IP protocols Comparing TCP and UDP TCP connection: establishment, data transfer, and termination Allocation.
Hariharan Venkataraman

Hariharan Venkataraman
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Multipath TCP Update Philip Eardley, MPTCP WG Co-Chair tsvarea 1 st August, IETF-87, Berlin 1.

Multipath TCP Update Philip Eardley, MPTCP WG Co-Chair tsvarea 1 st August, IETF-87, Berlin 1.
MultiPath TCP Proxy Presented by: Yongzhi Zhuang, Wei Zeng, Jianlei Zhang.

MultiPath TCP Proxy Presented by: Yongzhi Zhuang, Wei Zeng, Jianlei Zhang.
Multipath TCP Security Issues: A Request for Assistance Alan Ford (MPTCP WG)

Multipath TCP Security Issues: A Request for Assistance Alan Ford (MPTCP WG)

Similar presentations

Ads by Google