[multipathtcp] Securing Multipath TCP : design and implementation
Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Thu, 09 March 2017 16:03 UTC
Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADB7212949E for <multipathtcp@ietfa.amsl.com>; Thu, 9 Mar 2017 08:03:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.32
X-Spam-Level:
X-Spam-Status: No, score=-4.32 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uclouvain.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWyuPg3T1Pk1 for <multipathtcp@ietfa.amsl.com>; Thu, 9 Mar 2017 08:03:02 -0800 (PST)
Received: from smtp3.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B0E129496 for <multipathtcp@ietf.org>; Thu, 9 Mar 2017 08:03:01 -0800 (PST)
Received: from mbpobo.dhcp.info.ucl.ac.be (mbpobo.dhcp.info.ucl.ac.be [130.104.228.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: obonaventure@smtp3.sgsi.ucl.ac.be) by smtp3.sgsi.ucl.ac.be (Postfix) with ESMTPSA id 4682C67DA72; Thu, 9 Mar 2017 17:02:49 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.9.2 smtp3.sgsi.ucl.ac.be 4682C67DA72
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1489075369; bh=S2XNYp4B7Z0razmHXX/Ig0azacEEEdd3ibArH7ZpblU=; h=Reply-To:To:Cc:From:Subject:Date; b=y2n0BO/RtT/kI3LlnH9F9lDYTnaELM0txNgFsNpHpLmiuVPlWVclFAGRA5syNszMK 8UoJlfxwZ4zuwNpbKdylbujs4SCvXWpauKepS1WSGd2DBTgRxG2ePHBqSz12EDuFXt QpGo9nZIJP1C1l9PNgR6GL2zA4gCMShs0orYiN+w=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at smtp-3
To: multipathtcp <multipathtcp@ietf.org>
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
Message-ID: <ee07883a-4140-e509-a378-3dff9802cb38@uclouvain.be>
Date: Thu, 09 Mar 2017 17:02:49 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-Information:
X-SGSI-MailScanner-ID: 4682C67DA72.A3309
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: olivier.bonaventure@uclouvain.be
X-SGSI-Spam-Status: No
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/YXpWGEy8b8Lk6zWME9BuaznE73g>
Cc: Mathieu Jadin <mathieu.jadin@uclouvain.be>, Olivier Pereira <olivier.pereira@uclouvain.be>
Subject: [multipathtcp] Securing Multipath TCP : design and implementation
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Olivier.Bonaventure@uclouvain.be
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 16:03:04 -0000
Hello, You might be interested by the following paper that will be presented at INFOCOM'17 : Securing MultiPath TCP: Design & Implementation Mathieu Jadin, Gautier Tihon, Olivier Pereira and Olivier Bonaventure Proc. INFOCOM'17, 2017. Abstract MultiPath TCP (MPTCP) is a recent TCP extension that enables hosts to send data over multiple paths for a single connection. It is already deployed for various use cases, notably on smartphones. In parallel with this, there is a growing deployment of encryption and authentication techniques to counter various forms of security attacks. Tcpcrypt and TLS are some of these security solutions. In this paper, we propose MPTCPsec, a MultiPath TCP extension that closely integrates authentication and encryption inside the protocol itself. Our design relies on an adaptation for the multipath environment of the ENO option that is being discussed within the IETF tcpinc working group. We then detail how MultiPath TCP needs to be modified to authenticate and encrypt all data and authenticate the different TCP options that it uses. Finally, we implement our proposed extension in the reference implementation of MultiPath TCP in the Linux kernel and we evaluate its performance. https://inl.info.ucl.ac.be/publications/secure-multipath-tcp-design-impementation The kernel code developed for this paper is also available from https://bitbucket.org/mptcpsecteam/mptcpsec We won't unfortunately attend the next meeting in Chicago but could participare remotely or be present in Prague if there is interest in the working group for this type of work. Mathieu and Olivier
- [multipathtcp] Securing Multipath TCP : design an… Olivier Bonaventure