Secure and Lightweight Subflow Establishment of Multipath-TCP

Gunhee Noh, Hoorin Park, Heejun Roh, Wonjun Lee

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)

Abstract

Multipath Transmission Control Protocol (MPTCP) is an approach towards high-throughput and efficient load balancing over multiple paths. Each of paths forms a TCP connection with an IP address, and those can be implemented as multiple network interfaces or multiple ports within a network interface. In this paper, we focus on the multiple network interfaces environment. Each network interface with an IP address is called as a subflow. A subflow is a TCP connection which can have a different internet path identified by IP addresses of source and destination network interfaces. To control these multiple subflows, MPTCP supports many options. Specifically, to establish a new subflow, MPTCP uses an ADD_ADDR option. A host sends ADD_ADDR option to inform another host of its IP address, and then, the host receiving ADD_ADDR option tries to establish a subflow at the address of ADD_ADDR option. However, by forging the ADD_ADDR option, an attacker can create a fake subflow that passes through itself and eventually hijack the connection between both end hosts. In a previous study, Hash-based Message Authentication (HMAC) was added to the ADD_ADDR option, preventing it from being forged. Nevertheless, since the keys for generating HMAC can be leaked during three-way handshake, a variant of the ADD_ADDR attack called the persistent ADD_ADDR attack can be possible. To this end, we propose a protocol that can prevent the ADD_ADDR attacks by backward confirmation of the ADD_ADDR option without encryption. The main idea of our proposal is to apply a digital signature scheme for the backward confirmation. We show security analysis for the proposed protocol and compare with the previous studies in terms of time/space overheads.

Original languageEnglish
Article number8922596
Pages (from-to)177438-177448
Number of pages11
JournalIEEE Access
Volume7
DOIs
Publication statusPublished - 2019

Keywords

  • ADD_ADDR attack
  • MPTCP
  • connection hijacking
  • network security

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint

Dive into the research topics of 'Secure and Lightweight Subflow Establishment of Multipath-TCP'. Together they form a unique fingerprint.

Cite this