Title: Security for multipath TCP: a constructive approach

Authors: Javier Díez; Marcelo Bagnulo; Francisco Valera; Iván Vidal

Addresses: Telematics Engineering Department, University Carlos III of Madrid Avda. Universidad, 30, 28911 Leganés, Madrid, Spain. ' Telematics Engineering Department, University Carlos III of Madrid Avda. Universidad, 30, 28911 Leganés, Madrid, Spain. ' Telematics Engineering Department, University Carlos III of Madrid Avda. Universidad, 30, 28911 Leganés, Madrid, Spain. ' Telematics Engineering Department, University Carlos III of Madrid Avda. Universidad, 30, 28911 Leganés, Madrid, Spain

Abstract: Multipath TCP (MPTCP) is a new protocol being developed in the IETF|s MPTCP working group in order to provide higher communication availability and to improve the throughput between two multi-addressed endpoints by using multiple paths. Due to the multipath nature and specifically its path management, some new security threats arise apart from those that are already present in standard single-path TCP. These new attacks include flooding and hijacking attacks performed by an off-path attacker. In this paper, we explore different solutions in order to cover the identified security flaws. The main proposal is based on hash chains, which significantly reduces the initial set of threats resulting in a residual group of vulnerabilities, which are also identified.

Keywords: multipath TCP; MPTCP; security threats; flooding attacks; hijacking attacks; hash chains; transmission control protocol; vulnerabilities.

DOI: 10.1504/IJIPT.2011.043675

International Journal of Internet Protocol Technology, 2011 Vol.6 No.3, pp.146 - 155

Published online: 21 Mar 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article