IETF Logo Mail Archive

Re: [multipathtcp] Hardening MPTCP against middlebox interference

Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Wed, 27 August 2014 08:32 UTC

Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B18D61A046D for <multipathtcp@ietfa.amsl.com>; Wed, 27 Aug 2014 01:32:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkQ4HWCWa9zz for <multipathtcp@ietfa.amsl.com>; Wed, 27 Aug 2014 01:32:43 -0700 (PDT)
Received: from smtp5.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) by ietfa.amsl.com (Postfix) with ESMTP id D14CC1A0031 for <multipathtcp@ietf.org>; Wed, 27 Aug 2014 01:32:41 -0700 (PDT)
Received: from mbpobo-2.dhcp.info.ucl.ac.be (mbpobo-2.dhcp.info.ucl.ac.be [130.104.228.16]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: obonaventure@smtp5.sgsi.ucl.ac.be) by smtp5.sgsi.ucl.ac.be (Postfix) with ESMTPSA id 2201A19840D; Wed, 27 Aug 2014 10:26:21 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp5.sgsi.ucl.ac.be 2201A19840D
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1409127981; bh=Ev5dTv6SnXN/eFV4OvJnUsRmyqOGs61fBnwdl8dcjEc=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=t3rGLZi929GOrEWIFbLmVDudXTp3mLWBcxEXa1lCkY0Vk5mCFo+1qHfhGqCs9s8tT SNnsP9lYPiEpFd6LGc+mLmyM+IpIKhm1i++7/35eLHSyT8VcyBQ6oOHIsgBFYCMoB7 1rEviocrlNnf+0/hdnOMk7e7kRc51o8v+AHESglU=
Message-ID: <53FD962C.7070103@uclouvain.be>
Date: Wed, 27 Aug 2014 10:26:20 +0200
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Bob Briscoe <bob.briscoe@bt.com>
References: <201408261136.s7QBa4TB025011@bagheera.jungle.bt.co.uk> <53FC799D.9090805@uclouvain.be> <201408261356.s7QDu538025741@bagheera.jungle.bt.co.uk>
In-Reply-To: <201408261356.s7QDu538025741@bagheera.jungle.bt.co.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.7-exp at smtp-5.sipr-dc.ucl.ac.be
X-Virus-Status: Clean
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: 2201A19840D.A0888
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: olivier.bonaventure@uclouvain.be
X-SGSI-Spam-Status: No
Archived-At: http://mailarchive.ietf.org/arch/msg/multipathtcp/_alPDKBQFBdgmZlXExnODWF0taw
Cc: multipathtcp@ietf.org
Subject: Re: [multipathtcp] Hardening MPTCP against middlebox interference
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Olivier.Bonaventure@uclouvain.be
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 08:32:45 -0000

Bob,
>>>
>>> [I don't generally follow the multipathtcp list at the mo, so pls ensure
>>> you cc me if you want me to read any responses. And apologies if I'm
>>> covering old ground - I did check, but only a cursory check.]
>>>
>>> It needs to be harder for a meddlebox that has intercepted the key but
>>> is not on-path for all subflows to shut down MPTCP on all the other
>>> subflows.
>>>
>>> RFC6824 CURRENT:
>>>     o  Upon receipt of an MP_FASTCLOSE, containing the valid key, Host B
>>>        answers on the same subflow with a TCP RST and tears down all
>>>        subflows.
>>> SUGGESTED:
>>>     o  Upon receipt of an MP_FASTCLOSE, containing the valid key, Host B
>>>        waits for a RST on every other established sub-flow. Once they
>>> are
>>>        all received, it responds to the MP_FASTCLOSE on the same subflow
>>>        with a TCP RST and tears down all subflows.
>>
>> The motivation for MP_FASTCLOSE is to be able to quickly close an
>> MPTCP session at the and of a transfer to enable a server to free
>> state. If we need to wait for RST on all subflows to terminate the
>> connection, then we'll have to deal with all the cases where a RST is
>> lost on one of the subflows.
>>
>> The key problem from a security viewpoint is that the meddlebox is
>> able to see the keys. If we could adopt something similar to
>> http://tools.ietf.org/html/draft-paasch-mptcp-ssl-00
>> then we can hide the keys to the meddlebox and prevent this problem.
>
> Understood. But one of the stated goals in RFC6824 is to allow
> meddleboxes to adjust the payload.
>
> "
>     It should be emphasized that we are not attempting to prevent the use
>     of middleboxes that want to adjust the payload.  An MPTCP-aware
>     middlebox could provide such functionality by also rewriting
>     checksums.
> "

This part is related to the DSS checksum failure that would trigger a 
fallback to regular TCP.


> I think it's a good idea for a base MPTCP to exist that allows
> meddleboxes to meddle, as long as there's a separate way for the ends to
> add full e2e integrity protection (e.g. Christophe's mptcp-ssl approach)
> if they want it.
>
> Would my proposed change be more acceptable if it was optional? Ie.
> MP_FASTCLOSE doesn't require an endpoint to shut down the whole MPTCP
> connection until it gets all the RSTs as well, but the endpoint can shut
> the connection down without waiting for all the RSTs if it needs to.

An endpoint can already terminate a connection at any time if it fails 
out of resources or reboots. I would not put it as a specific option.

My concern with your solution is that there are corner cases that we 
need to consider :
- a RST sent over one of the subflow may be lost, how long should the 
host that received the fastclose wait for all RSTs ?
- the two communicating hosts may not have the same vision of the number 
of established subflows (host A might think that there are currently two 
subflows while host B considers that there are three subflows in the 
established state)

By allowing to terminate an MPTCP connection with a single packet 
containing fastclose, we also allow on-path meddleboxes to terminate 
such a connection. This is what today's TCP middleboxes are already 
capable of.

>>
>>> However, I don't quite see how a listening host that
>>> reflects back the same MPTCP options in the SYN/ACK can be mistaken for
>>> an MPTCP-capable host.

This is the default operation for most TCP stacks. If you sent the 
timestamp option in a SYN and receive it in a SYN/ACK, you expect that 
the server supports the timestamp option.

With MPTCP, we learned that this is not sufficient. If you try to open 
an MPTCP connection to www.baidu.com on port 80 today, it replies by 
echoing the MP_CAPABLE option that you've sent. If you assume that MPTCP 
can be used to interact with this host, you are wrong, it does not 
support Multipath TCP.


Olivier




INL, ICTEAM, UCLouvain, Belgium, http://inl.info.ucl.ac.be

v2.23.0 | Report a Bug | By Email