Gunhee Noh scite author profile

Gunhee Noh

1Publication

1Citation Statement Received

28Citation Statements Given

How they've been cited

How they cite others

Affiliations

Korea University

Publications

Order By: Most citations

Secure and Lightweight Subflow Establishment of Multipath-TCP

et al. 2019

View full text Add to dashboard Cite

Multipath Transmission Control Protocol (MPTCP) is an approach towards high-throughput and efficient load balancing over multiple paths. Each of paths forms a TCP connection with an IP address, and those can be implemented as multiple network interfaces or multiple ports within a network interface. In this paper, we focus on the multiple network interfaces environment. Each network interface with an IP address is called as a subflow. A subflow is a TCP connection which can have a different internet path identified by IP addresses of source and destination network interfaces. To control these multiple subflows, MPTCP supports many options. Specifically, to establish a new subflow, MPTCP uses an ADD_ADDR option. A host sends ADD_ADDR option to inform another host of its IP address, and then, the host receiving ADD_ADDR option tries to establish a subflow at the address of ADD_ADDR option. However, by forging the ADD_ADDR option, an attacker can create a fake subflow that passes through itself and eventually hijack the connection between both end hosts. In a previous study, Hash-based Message Authentication (HMAC) was added to the ADD_ADDR option, preventing it from being forged. Nevertheless, since the keys for generating HMAC can be leaked during three-way handshake, a variant of the ADD_ADDR attack called the persistent ADD_ADDR attack can be possible. To this end, we propose a protocol that can prevent the ADD_ADDR attacks by backward confirmation of the ADD_ADDR option without encryption. The main idea of our proposal is to apply a digital signature scheme for the backward confirmation. We show security analysis for the proposed protocol and compare with the previous studies in terms of time/space overheads. INDEX TERMS MPTCP, network security, ADD_ADDR attack, connection hijacking. HOORIN PARK (S'12) received the B.S. degree in computer science and engineering from Korea University, Seoul, South Korea, in 2011, where he is currently pursuing the Ph.D. degree with the School of Cybersecurity. His current research interests include RF-powered computing and networking, network security, and trusted execution environment design on an untrusted cloud. HEEJUN ROH (S'08-M'17) received the B.S. degree in computer science and engineering and the M.S. and Ph.D. degrees in mathematics from

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Gunhee Noh

Secure and Lightweight Subflow Establishment of Multipath-TCP

Contact Info

Product

Resources

About