Re: [multipathtcp] Clarification on the attack type on which I spoke about on-mic at the meeting
Roberto Peon <grmocg@gmail.com> Tue, 30 July 2013 13:16 UTC
Return-Path: <grmocg@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE96721F9E12 for <multipathtcp@ietfa.amsl.com>; Tue, 30 Jul 2013 06:16:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 98ILuzomDzPq for <multipathtcp@ietfa.amsl.com>; Tue, 30 Jul 2013 06:16:10 -0700 (PDT)
Received: from mail-oa0-x232.google.com (mail-oa0-x232.google.com [IPv6:2607:f8b0:4003:c02::232]) by ietfa.amsl.com (Postfix) with ESMTP id 67FC021F9DF7 for <multipathtcp@ietf.org>; Tue, 30 Jul 2013 06:16:10 -0700 (PDT)
Received: by mail-oa0-f50.google.com with SMTP id i4so3288644oah.37 for <multipathtcp@ietf.org>; Tue, 30 Jul 2013 06:16:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ehK/uFAx6JSuYToeTmCJNZaAJlFKpeidcd3U+CJBWDI=; b=CZqfMc2ZrzoC5NttLVj/6dHSvlxdzLxblCkOOiMssIOUKgLdkAXqeX3n6shjUU0ZRk hH9McW6Z1LPLbjVInynHyj2Uziw7rjEOeDj2jiIpB5k/MtTdZOztNhw89p+Ix4zmJgQi uqze3Ea9MVK2TDavBS1Q9Zg2yILyeZKtBjWIQyJesxPy42vrFXEwuXO3ZYrislOIHtxH Fz5ounmuz8+qrOy9D4/2+rL8lQwOx/LvPPoFJOYevnqNgGoXs1WDw1BNcJayi8VhnibM 4YelUce6z9zlGbOpk20Cvud4rLnxk5elCRgtOXfaVa9NmGea33Y3g6mLv8VT5fNohaAG RoBg==
MIME-Version: 1.0
X-Received: by 10.182.129.17 with SMTP id ns17mr56010669obb.13.1375190168925; Tue, 30 Jul 2013 06:16:08 -0700 (PDT)
Received: by 10.76.91.229 with HTTP; Tue, 30 Jul 2013 06:16:08 -0700 (PDT)
Received: by 10.76.91.229 with HTTP; Tue, 30 Jul 2013 06:16:08 -0700 (PDT)
In-Reply-To: <CAP+FsNf+G4=tQ9iHpGUhzryAR+m8w1UyrvXKPvKLas8zox_9mw@mail.gmail.com>
References: <CAP+FsNf+G4=tQ9iHpGUhzryAR+m8w1UyrvXKPvKLas8zox_9mw@mail.gmail.com>
Date: Tue, 30 Jul 2013 15:16:08 +0200
Message-ID: <CAP+FsNe5r=17D6gb+JTcR1=q2n6kydxGOK-DLnFsVL7TU8GK-Q@mail.gmail.com>
From: Roberto Peon <grmocg@gmail.com>
To: multipathtcp@ietf.org
Content-Type: multipart/alternative; boundary="e89a8fb1fbb0847f8904e2ba69ee"
Subject: Re: [multipathtcp] Clarification on the attack type on which I spoke about on-mic at the meeting
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 13:16:11 -0000
On Jul 30, 2013 2:55 PM, "Roberto Peon" <grmocg@gmail.com> wrote: > > The premise of this attack is that some 3rd party wishes to snoop upon communications and perform detailed analysis on the content of a conversation. > > To "attack" a TCP stream, the in-path device must either store, forward, or analyze the data itself. > These are all relatively costly options. > > With MPTCP as it exists today, this cost is vastly reduced for such an in-path attacker as an in-path attacker could instead (via ADD_ADDR or other methods) cause the connection to be re-routed to an entity running on centralized resources. > > As I'm sure we'll hear from the security folks, the only way to deal with this, assuming it is serious enough that we must (and I believe it probably is, given similar attacks against application-layers that we've seen published), is to have reasonable (cryptographic) proof that either party is actually generating the changes in the control-plane. > > -=R
- Re: [multipathtcp] Clarification on the attack ty… Roberto Peon