Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multipath TCP Security Issues: A Request for Assistance Alan Ford (MPTCP WG)

Published byMilton Moses Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Multipath TCP Security Issues: A Request for Assistance Alan Ford (MPTCP WG)"— Presentation transcript:

1 Multipath TCP Security Issues: A Request for Assistance Alan Ford (MPTCP WG)

2 MPTCP Background draft-ietf-mptcp-multiaddressed-02 Essentially, a way for multiple TCP connections (termed “subflows”) to be combined into a single MPTCP connection Appears as a regular TCP connection to the application Multiple subflows are created between different address pairs

3 MPTCP Features Uses TCP Options for signalling Subflow segments are mapped into connection-level sequence space: – Mapping of Subflow-level Sequence Number to Data-level Sequence Number

4 Creating new Subflows Now to the crux of the security problem Say a host is multi-addressed, and wants to open a new subflow from its second address to the same destination When a new TCP SYN comes in from this second address, how can the receiver know and verify which MPTCP connection it belongs to? A multi-addressed host can also signal its additional addresses to the peer

5 Threat Model draft-ietf-mptcp-threat-03 Most threats relate to hijacking: – On-path and off-path attackers – Live and time-shifted attacks – Leading to creating new subflows and injecting or intercepting data, potentially also closing existing subflows Essentially, we want to create a solution that is no worse than TCP today However, not all factors translate sufficiently well, so an appropriate goal is: ensure the hosts communicating in the new subflow setup are the same as the hosts in the initial connection setup

6 Simple (-01) Proposal Each end has a 32-bit token for the connection Tokens used as authenticators – Seen in every subflow SYN exchange – Once you know one, you can glean the other Initial Data Sequence Number set at MP_CAPABLE handshake DSNs used as blind attack security 6

7 Simple (-01) Proposal 7

8 But is this sufficient? We had concerns about attackers being able to join a connection with a time-shifted attack The Data Sequence Number would be required to be in-window for the path to be used, and we can prevent this information from being leaked – But we therefore cannot send data to newly initiated connection until it has verified it knows DSN through transmitting data: issues for unidirectional flows We started looking at a hash-based solution as an alternative

9 Hash-based (-02) Proposal Connection setup (MP_CAPABLE) exchanges keys: – SYNA->B: Option carries (K-A) – SYN/ACKB->A: Option carries (K-B) – ACKA->B: Options carry (K-A, K-B) Initial DSNs created from hashes of Keys New subflows (MP_JOIN) uses hash of Key as Token for Connection ID, plus Random Number (for replay protection), and HMACs this data using the Keys (keys never again seen in the clear): – SYNA->B:Option carries (Tok-B, R-A) – SYN/ACKB->A:Option carries (Tok-A, R-B) – ACKA->B:Payload carries: HMAC(Key=K-A|K-B, Message=R-A|R-B) – ACKB->A:Payload carries: HMAC(Key=K-B|K-A, Message=R-B|R-A) 9

10 Current (-02) Proposal 10

11 Our Questions Is this new security proposal adding anything? We are preventing time-shifted attacks being able to set up subflows in the first place – But we can have sequence-number protection against certain attacks, but this is not reliable in predictable traffic flows, and restricts some use cases – Still vulnerable if initial handshake is seen, but this is probably acceptable Or do we want something stronger? – But it needs to fit in TCP options, and not degrade user experience

12 Thank you for your time

Download ppt "Multipath TCP Security Issues: A Request for Assistance Alan Ford (MPTCP WG)"

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
MPTCP Application Considerations draft-scharf-mptcp-api-01 Michael Scharf Alan Ford IETF 77, March 2010.

MPTCP Application Considerations draft-scharf-mptcp-api-01 Michael Scharf Alan Ford IETF 77, March 2010.
Draft-ietf-mptcp-api-01 Michael Scharf, Alan Ford March 31, 2011.

Draft-ietf-mptcp-api-01 Michael Scharf, Alan Ford March 31, 2011.
TCP--Revisited. Background How to effectively share the network? – Goal: Fairness and vague notion of equality Ideal: If N connections, each should get.

TCP--Revisited. Background How to effectively share the network? – Goal: Fairness and vague notion of equality Ideal: If N connections, each should get.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Multipath.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Multipath.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
TDTS21 Advanced Networking

TDTS21 Advanced Networking
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
MPTCP – MULTIPATH TCP WG meeting #3 July 27 th & 29 th 2010 Maastricht, ietf-78 Philip Eardley Yoshifumi Nishida.

MPTCP – MULTIPATH TCP WG meeting #3 July 27 th & 29 th 2010 Maastricht, ietf-78 Philip Eardley Yoshifumi Nishida.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Stream Control Transmission Protocol 網路前瞻技術實驗室 陳旻槿.

Stream Control Transmission Protocol 網路前瞻技術實驗室 陳旻槿.
Georgy Melamed Eran Stiller

Georgy Melamed Eran Stiller

Similar presentations

Ads by Google