Multipath TCP traffic diversion attacks and countermeasures

Munir, Ali; Qian, Zhiyun; Shafiq, Zubair; Liu, Alex; Le, Franck

doi:10.1109/icnp.2017.8117547

Cited by 12 publications

(10 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nguyen et al [42] investigated the Autonomous System (AS)-level Man-in-the-Middle (MITM) attacks acting at the robustness of MPTCP communications, reported which countries and regions had a high-level of robustness against the MITM attacks by studying the AS level graph, and provided a countermeasure in preventing MPTCP from the AS-level MITM attacks when concurrently using multiple Internet-scale paths for multipath communications. Munir et al [43] first reported the potential security vulnerabilities in MPTCP due to crosspath interactions among MPTCP subflows, caused by two typical attacks: connection hijack attacks and directed traffic diversion attacks, and then proposed the corresponding countermeasure proposal to guarantee MPTCP to be no less secure than TCP under the two typical attacks.…”

Section: F Mptcp Security Casesmentioning

confidence: 99%

Can Multipath TCP be Robust to Cyber Attacks With Incomplete Information?

et al. 2020

View full text Add to dashboard Cite

Promoted by the advancements in the various wireless access technologies, modern mobile devices equipped with multiple network interfaces are rapidly becoming the norm, and this provides a driving force for the large-scale deployment of the Multipath Transmission Control Protocol (MPTCP) in the current and future Internet. However, the simultaneous use of multiple network paths for concurrent multipath data transmission can make MPTCP have a larger attack surface than the traditional single-path transport protocols, and this may be likely to pose a risk of MPTCP being much more susceptible to cyber attacks. In this paper, we present a measurement method to investigate the vulnerability and robustness of MPTCP under cyber attacks with incomplete network information, by considering the fact that most cyber attacks normally lack of real-time information with respect to various MPTCP attributes. We mathematically characterize cyber attacks with incomplete network information from the viewpoints of both the cyber attacker and the MPTCP communication system, and then we introduce a mixed attack strategy, by jointly considering the features of both the random attacks and the selective attacks, to evaluate the robustness of MPTCP.

show abstract

Section: F Mptcp Security Casesmentioning

confidence: 99%

Can Multipath TCP be Robust to Cyber Attacks With Incomplete Information?

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Use of mutipath routing for secure and reliable transmission of data has been extensively studied in the context of wireless sensor networks and multipath TCP (MPTCP) routing Munir et al 2017;Shafiq et al 2013). Multipath routing has been used for improving packet delivery ratios by distributing load more efficiently (Wang et al 2001;Ganjali and Keshavarzian 2004;Bhattacharya et al 2018;Pearlman et al 2000), improving energy usage efficiency (Ben-Othman and Yahya 2010; Velásquez-Villada and Donoso 2013), and dealing adaptively with congestion (Tran and Raghavendra 2005).…”

Section: Secure Multipath Routing Related Workmentioning

confidence: 99%

5G device-to-device communication security and multipath routing solutions

et al. 2019

View full text Add to dashboard Cite

Through direct communication, device-to-device (D2D) technology can increase the overall throughput, enhance the coverage, and reduce the power consumption of cellular communications. Security will be of paramount importance in 5G, because 5G devices will directly affect our safety, such as by steering self-driving vehicles and controlling health care applications. 5G will be supporting millions of existing devices without adequate built-in security, as well as new devices whose extreme computing power will make them attractive targets for hackers. This paper presents a survey of the literature on security problems relating to D2D communications in mobile 5G networks. Issues include eavesdropping, jamming, primary user emulation attack, and injecting attack. Because multipath routing emerges as a strategy that can help combat many security problems, particularly eavesdropping, the paper contains an extensive discussion of the security implications of multipath routing. Finally, the paper describes results of a simulation that tests three path selection techniques inspired by the literature. The simulation reveals that routing information through interference disjoint paths most effectively inhibits eavesdropping.

show abstract

“…Munir et al [16] presented a study to defend an attack using the two cross-path MPTCP vulnerability. It uses a method of dividing secret information to solve the vulnerability.…”

Section: B Non-encryption-based Schemesmentioning

confidence: 99%

“…This shows not much difference from exchanging keys in non-encrypted environment. The scheme of [16] exchanges additional secret information, nonce, for every subflow establishment, and generates HMAC with keys of hosts and nonces. It is only secure against attack models occupying a subflow, because the attacker located in several, or all subflows is capable of obtaining multiple exchanged nonces.…”

Section: B Non-encryption-based Schemesmentioning

confidence: 99%

“…Especially, an approach [10] try to utilize Transport Layer Security (TLS) for the key exchange, which is highly redundant for short-lived flows. On the other hand, another research effort [16] suggests to exchange keys for each subflow handshaking, but frequent handoffs may consume too much power and computation resources in highly mobile environments such as high-speed rails [5].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure and Lightweight Subflow Establishment of Multipath-TCP

et al. 2019

View full text Add to dashboard Cite

Multipath Transmission Control Protocol (MPTCP) is an approach towards high-throughput and efficient load balancing over multiple paths. Each of paths forms a TCP connection with an IP address, and those can be implemented as multiple network interfaces or multiple ports within a network interface. In this paper, we focus on the multiple network interfaces environment. Each network interface with an IP address is called as a subflow. A subflow is a TCP connection which can have a different internet path identified by IP addresses of source and destination network interfaces. To control these multiple subflows, MPTCP supports many options. Specifically, to establish a new subflow, MPTCP uses an ADD_ADDR option. A host sends ADD_ADDR option to inform another host of its IP address, and then, the host receiving ADD_ADDR option tries to establish a subflow at the address of ADD_ADDR option. However, by forging the ADD_ADDR option, an attacker can create a fake subflow that passes through itself and eventually hijack the connection between both end hosts. In a previous study, Hash-based Message Authentication (HMAC) was added to the ADD_ADDR option, preventing it from being forged. Nevertheless, since the keys for generating HMAC can be leaked during three-way handshake, a variant of the ADD_ADDR attack called the persistent ADD_ADDR attack can be possible. To this end, we propose a protocol that can prevent the ADD_ADDR attacks by backward confirmation of the ADD_ADDR option without encryption. The main idea of our proposal is to apply a digital signature scheme for the backward confirmation. We show security analysis for the proposed protocol and compare with the previous studies in terms of time/space overheads. INDEX TERMS MPTCP, network security, ADD_ADDR attack, connection hijacking. HOORIN PARK (S'12) received the B.S. degree in computer science and engineering from Korea University, Seoul, South Korea, in 2011, where he is currently pursuing the Ph.D. degree with the School of Cybersecurity. His current research interests include RF-powered computing and networking, network security, and trusted execution environment design on an untrusted cloud. HEEJUN ROH (S'08-M'17) received the B.S. degree in computer science and engineering and the M.S. and Ph.D. degrees in mathematics from

show abstract

Multipath TCP traffic diversion attacks and countermeasures

Cited by 12 publications

References 16 publications

Can Multipath TCP be Robust to Cyber Attacks With Incomplete Information?

Can Multipath TCP be Robust to Cyber Attacks With Incomplete Information?

5G device-to-device communication security and multipath routing solutions

Secure and Lightweight Subflow Establishment of Multipath-TCP

Contact Info

Product

Resources

About