Secure multipath transport for legacy Internet applications

Electronics

A huge amount of generated data is regularly exploding into the network by the users through smartphones, laptops, tablets, self-configured Internet-of-things (IoT) devices, and machine-to-machine (M2M) communication. In such a situation, satisfying critical quality-of-service (QoS) requirements (e.g., throughput, latency, bandwidth, and reliability) is a large challenge as a vast amount of data travels into the network. Nowadays, strict QoS requirements must be satisfied efficiently in many networked multimedia applications when intelligent multi-homed devices are used. Such devices support the concept of multi-homing. To be precise, they have multiple network interfaces that aim to connect and communicate concurrently with different networking technologies. Therefore, many multipath transport protocols are provided to multi-homed devices, which aim (1) to take advantage of several network paths at the transport layer (Layer-4) and (2) to meet the strict QoS requirements for provid...

International Journal of Internet Protocol Technology, 2011

Multipath TCP (MPTCP) is a new protocol being developed in the IETF's MPTCP working group in order to provide higher communication availability and to improve the throughput between two multi-addressed endpoints by using multiple paths. Due to the multipath nature and specifically its path management, some new security threats arise apart from those that are already present in standard single-path TCP. These new attacks include flooding and hijacking attacks performed by an off-path attacker. In this paper, we explore different solutions in order to cover the identified security flaws. The main proposal is based on hash chains, which significantly reduces the initial set of threats resulting in a residual group of vulnerabilities, which are also identified.

2014

SCTP (stream control transmission protocol) is a reliable message oriented transport layer protocol. It is an IETF standard developed by the Transport Area Working Group (TSVWG). SCTP has been standardized by the IETF(Internet Engineering Task Force) in series of RFCs ,as a reliable transport protocol to transport SS7(Signaling System 7) signaling messages for internet applications such as ISDN over IP, telephony sinagaling , media gateway control, IP telephony[5]. SCTP is similar to TCP in many services. They are both unicast connection-oriented reliable protocols, provide in-sequence packet delivery and congestion control. SCTP preserves message boundaries and at the same time detects lost data, and out of order data. It uses 32 bit checksum as opposed to a 16 bit checksum of TCP. Although TCP has traditionally been used, we argue that SCTP provides better services than TCP in terms of reliability and performance. Due to its attractive features such as multi-streaming and multi-homing. SCTP has received much popularity, in terms of both research and development [6, 7]. SCTP provides multi-homing in that endpoints can use multiple IP addresses for the connection. SCTP may be more resistant to Man in the Middle (MITM) and Denial of Service (DoS). Multi-stream does not refer to multiple streams in the TCP sense but rather each stream represents a sequence of messages within a single association. These may be long or short messages which include flags for control of segmentation and reassembly.

Networks have become multipath: mobile devices have multiple radio interfaces, datacenters have redundant paths andmultihoming is the normfor big server farms. Meanwhile, TCP is still only single-path. Is it possible to extend TCP to enable it to support multiple paths for current applications on today's Internet? The answer is positive. We carefully review the constraints--partly due to various types of middleboxes-- that influenced the design of Multipath TCP and show how we handled them to achieve its deployability goals. We report our experience in implementing Multipath TCP in the Linux kernel and we evaluate its performance. Our measurements focus on the algorithms needed to efficiently use paths with different characteristics, notably send and receive buffer tuning and segment reordering. We also compare the performance of our implementation with regular TCP on web servers. Finally, we discuss the lessons learned from designing MPTCP.

2016 IEEE 15th International Symposium on Network Computing and Applications (NCA), 2016

Communication through the Internet raises privacy and confidentiality concerns. Protocols such as HTTPS may be used to protect the communication, but occasionally vulnerabilities that may allow snooping on packet content are discovered. To address this issue, we present MACHETE, an application-layer multi-path communication mechanism that provides additional confidentiality by splitting data streams in different physical paths. MACHETE has to handle two challenges: sending packets over different paths when Internet's routing imposes a single path between pairs of network interfaces; splitting streams of data sent over TCP connections. MACHETE is the first to exploit MultiPath TCP (MPTCP) for security purposes. It leverages overlay networks and multihoming to handle the first challenge and MPTCP to handle the second. MACHETE establishes an overlay network and scatters the data over the available paths, thus reducing the effectiveness of snooping attacks. Mechanisms are provided to select paths based on path diversity.

SCTP (stream control transmission protocol) is a reliable message oriented transport layer protocol. It is an IETF standard developed by the Transport Area Working Group (TSVWG). SCTP has been standardized by the IETF(Internet Engineering Task Force) in series of RFCs ,as a reliable transport protocol to transport SS7(Signaling System 7) signaling messages for internet applications such as ISDN over IP, telephony sinagaling , media gateway control, IP telephony[5]. SCTP is similar to TCP in many services. They are both unicast connection-oriented reliable protocols, provide in-sequence packet delivery and congestion control. SCTP preserves message boundaries and at the same time detects lost data, and out of order data. It uses 32 bit checksum as opposed to a 16 bit checksum of TCP. Although TCP has traditionally been used, we argue that SCTP provides better services than TCP in terms of reliability and performance. Due to its attractive features such as multi-streaming and multi-homing. SCTP has received much popularity, in terms of both research and development [6, 7]. SCTP provides multi-homing in that endpoints can use multiple IP addresses for the connection. SCTP may be more resistant to Man in the Middle (MITM) and Denial of Service (DoS). Multi-stream does not refer to multiple streams in the TCP sense but rather each stream represents a sequence of messages within a single association. These may be long or short messages which include flags for control of segmentation and reassembly.

IEEE Access, 2019

Multipath Transmission Control Protocol (MPTCP) is an approach towards high-throughput and efficient load balancing over multiple paths. Each of paths forms a TCP connection with an IP address, and those can be implemented as multiple network interfaces or multiple ports within a network interface. In this paper, we focus on the multiple network interfaces environment. Each network interface with an IP address is called as a subflow. A subflow is a TCP connection which can have a different internet path identified by IP addresses of source and destination network interfaces. To control these multiple subflows, MPTCP supports many options. Specifically, to establish a new subflow, MPTCP uses an ADD_ADDR option. A host sends ADD_ADDR option to inform another host of its IP address, and then, the host receiving ADD_ADDR option tries to establish a subflow at the address of ADD_ADDR option. However, by forging the ADD_ADDR option, an attacker can create a fake subflow that passes through itself and eventually hijack the connection between both end hosts. In a previous study, Hash-based Message Authentication (HMAC) was added to the ADD_ADDR option, preventing it from being forged. Nevertheless, since the keys for generating HMAC can be leaked during three-way handshake, a variant of the ADD_ADDR attack called the persistent ADD_ADDR attack can be possible. To this end, we propose a protocol that can prevent the ADD_ADDR attacks by backward confirmation of the ADD_ADDR option without encryption. The main idea of our proposal is to apply a digital signature scheme for the backward confirmation. We show security analysis for the proposed protocol and compare with the previous studies in terms of time/space overheads. INDEX TERMS MPTCP, network security, ADD_ADDR attack, connection hijacking. HOORIN PARK (S'12) received the B.S. degree in computer science and engineering from Korea University, Seoul, South Korea, in 2011, where he is currently pursuing the Ph.D. degree with the School of Cybersecurity. His current research interests include RF-powered computing and networking, network security, and trusted execution environment design on an untrusted cloud. HEEJUN ROH (S'08-M'17) received the B.S. degree in computer science and engineering and the M.S. and Ph.D. degrees in mathematics from

IEEE Computer, 2003

M ost Internet protocol-based networks employ either the transmission control protocol (TCP) or the user datagram protocol (UDP) for data transfer. However, these two general-purpose protocols provide disjointed services and do not ideally satisfy all application needs.

IEEE/ACM Transactions on Networking, 2000

Previously, we identified the failure-induced receive buffer (rbuf) blocking problem in Concurrent Multipath Transfer using SCTP multihoming (CMT), and proposed CMT with a Potentially-failed destination state (CMT-PF) to alleviate rbuf blocking. In this paper, we complete our evaluation of CMT vs. CMT-PF. Using ns-2 simulations we show that CMT-PF performs on par or better than CMT during more aggressive failure detection thresholds than recommended by RFC4960. We also examine whether the modified sender behavior in CMT-PF degrades performance during non-failure scenarios. Our evaluations consider: (i) realistic loss model with symmetric and asymmetric path loss, (ii) varying path RTTs. We find that CMT-PF performs as well as CMT during non-failure scenarios, and interestingly, outperforms CMT when the paths experience asymmetric rbuf blocking conditions. We recommend that CMT be replaced by CMT-PF in future CMT implementations and RFCs 1 .

International Journal of Information Communication Technologies and Human Development

Multipath Transmission Control Protocol (MPTCP) is a transport layer protocol, which transmits TCP segments on more than one path, in multihomed devices. It was designed with the aim of Bandwidth aggregation and redundant connections. Currently, multihomed devices have wireless interfaces of heterogeneous nature. MPTCP is not able to give its optimal performance in heterogeneous networks. This paper presents an experimental performance study of four different schedulers, namely Roundrobin, Default, Blest, and Redundant. Our testbed comprises Ethernet, LTE, and Wifi networks to connect multihomed devices. We have compared the scheduler performance in terms of Throughput , Download time and path utilization rate in homogenous and heterogenous scenarios . Results showed that Round robin provides optimal throughput in homogenous networks and also performs bandwidth aggregation by utilizing both the paths but fails to perform in heterogenous networks. Blest, provides best throughput amon...