IETF Logo Mail Archive

Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message

Christoph Paasch <cpaasch@apple.com> Thu, 20 July 2017 16:25 UTC

Return-Path: <cpaasch@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E1E131A93 for <multipathtcp@ietfa.amsl.com>; Thu, 20 Jul 2017 09:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.322
X-Spam-Level:
X-Spam-Status: No, score=-4.322 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HxzPoSYz6tFD for <multipathtcp@ietfa.amsl.com>; Thu, 20 Jul 2017 09:25:33 -0700 (PDT)
Received: from mail-in2.euro.apple.com (mail-in2.euro.apple.com [17.72.148.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C0C6131945 for <multipathtcp@ietf.org>; Thu, 20 Jul 2017 09:25:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1500567931; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=xw1/Tm95yneg2yb3zLMIWaKsrkJe0gxpDi+nYWIXHCE=; b=EJjmpD1nNZf0kcO881LZ5RsHrleJ30myC3samiv1jnzK4L+a6X2KTOd/pjIPRrJw aczBJP1ZNkR8JjjR6YTxBamqzJ1mBga/sM+nLvktNcG5zG/R/LsdqZ6KKAP44fG/ G8q1A4SnCB11OCArrvsRNMO9SR/T7+4U7783JPOnHwh3wqLS6+Cu7ZSo99z5KkLL sEYL/0+G14svawW6AX+yHq3pz3b+f/RNE4eVZw/riYnkWcji/Uf+LNIllKJSFUfA JCgh1ss3Td2oKa6Ko2+PrXIS6RaKSAmPxSGP8zYAQc8RY27PKUqaNPf9ZIp6lJ9U fFU7LLAGaO7rCVuwqEIClQ==;
Received: from relay2.euro.apple.com (relay2.euro.apple.com [17.66.55.12]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in2.euro.apple.com (Symantec Mail Security) with SMTP id 0A.70.06273.B79D0795; Thu, 20 Jul 2017 17:25:31 +0100 (BST)
X-AuditID: 1148940c-d5dff70000001881-29-5970d97bd773
Received: from crk-mmpp-sz03 ( [17.66.12.165]) by relay2.euro.apple.com (Symantec Mail Security) with SMTP id 35.FA.07255.B79D0795; Thu, 20 Jul 2017 17:25:31 +0100 (BST)
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-disposition: inline
Content-type: text/plain; charset="utf-8"
Received: from localhost ([17.235.220.88]) by crk-mmpp-sz03.euro.apple.com (Oracle Communications Messaging Server 8.0.1.2.20170222 64bit (built Feb 22 2017)) with ESMTPSA id <0OTE003G0DMIAKA0@crk-mmpp-sz03.euro.apple.com>; Thu, 20 Jul 2017 17:25:31 +0100 (IST)
Sender: cpaasch@apple.com
Date: Thu, 20 Jul 2017 18:25:31 +0200
From: Christoph Paasch <cpaasch@apple.com>
To: Alan Ford <alan.ford@gmail.com>
Cc: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>, Zhiyun Qian <zhiyunq@cs.ucr.edu>, multipathtcp@ietf.org, Zubair <zubair-shafiq@uiowa.edu>, Franck Le <fle@us.ibm.com>, Alex Liu <alexliu@cse.msu.edu>, Ali Munir <munirali@msu.edu>
Message-id: <20170720162531.GL3049@Chimay.local>
References: <800c331f808d608354fc00be24283cb6.squirrel@webmail.cs.ucr.edu> <742E211F-F754-4149-88E2-3BE51645F49D@gmail.com> <c0929925-1b3a-e36c-511d-bda3da312a71@uclouvain.be> <20170720152058.GJ3049@Chimay.local> <D13C88F7-2CB6-4D84-9FAD-DA10FEE7546C@gmail.com>
In-reply-to: <D13C88F7-2CB6-4D84-9FAD-DA10FEE7546C@gmail.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFIsWRmVeSWpSXmKPExsUi6GTOo1t9syDS4OMcMYuV51YwW5zZvJDF 4uLq98wWn1dfZ7NY2HWczeJGww8WiwPf3jJavLh4iNmBw6OlZy6jx9GDneweO2fdZfdYsuQn k8ezIxEer459Z/GYMJXT49y1PuYAjigum5TUnMyy1CJ9uwSujP9HVrAVNEpVzH7yi6mB8ZZI FyMHh4SAicTB+apdjFwcQgLbmSTmH9/J3MXICRa//7OJCSKxmlGi6+4OdpAEr4CgxI/J91hA mpkF5CWOXMoGCTMLSEs8+juDHSKsLjFlSi5EazeTxMLHbUwgNcICkhLdd+6AzWcRUJV48+kM WJxNQEvi7e12VpBeEQFlieWzWCFGfmWUWHI0HqLVQ+LxtM2MEBcYSLzo6mCDmN/LJPF3zU6w 0zgFbCWaXs4Es0WB5vw9DHImF9Avr9kkJqy4xjaBUWQWkhdmIbwwC8kLsxBeWMDIsopRPDcx M0c3M89IL7W0KF8vsaAgJ1UvOT93EyMoBj2m8OxgvHjQ8BCjAAejEg9vbJxvpBBrYllxZe4h RgkOZiUR3vodBZFCvCmJlVWpRfnxRaU5qcWHGKU5WJTEeU1K5SOFBNITS1KzU1MLUotgskwc nFINjP5rtvncObPXVu1D/4Qn0j+EZA7Lf/uVING09Vr/C06j9ReMpFKlG9+dufeW3//gLy5Z p/i3Mu2OTNfv8x+KWVPuPOfTHf9NkltdHhydH1q2Odyy9v0G1lM1sSFFDCfqDJy2Nx9dbHXH WvVfPvuKg3ZcDdovLO/26DWZHTqzZt0s1ZbDSSlqykosxRmJhlrMRcWJAOkgZ6+9AgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmkeLIzCtJLcpLzFFi42IRdOJZqlt9syDSYMk7IYuV51YwW5zZvJDF 4uLq98wWn1dfZ7NY2HWczeJGww8WiwPf3jJavLh4iNmBw6OlZy6jx9GDneweO2fdZfdYsuQn k8ezIxEer459Z/GYMJXT49y1PuYAjigum5TUnMyy1CJ9uwSujP9HVrAVNEpVzH7yi6mB8ZZI FyMnh4SAicT9n01MXYxcHEICqxkluu7uYAdJ8AoISvyYfI+li5GDg1lAXuLIpWyQMLOAtMSj vzPYIcLqElOm5EK0djNJLHzcxgRSIywgKdF95w4ziM0ioCrx5tMZsDibgJbE29vtrCC9IgLK EstnsUKM/MooseRoPESrh8TjaZsZIS4wkHjR1cEGMb+XSeLvmp1gp3EK2Eo0vZwJZosCzfl7 +B7LBEbBWUiunoVw9SwkV89CuHoBI8sqRtGi1JzESiO91NKifL3EgoKcVL3k/NxNjOCoMefZ wfjqoOEhRgEORiUe3oXbCiKFWBPLiitzDzFKcDArifDW7wAK8aYkVlalFuXHF5XmpBYfYpTm YFES563VBEoJpCeWpGanphakFsFkmTg4pRoY2/kOL41407VX84Vg8KFYr5DFW+ZfEmVlOtnP Y6fO/Ix/1vOD3t5NMw6lBqW0KwixVP2JNNl+YUZqy+1mV+kc0ZC5/Itn/qyZ4340y2d3Tsy/ R8+n55yxUpbyeC510Gqnr7xb/uR0DZOMpDtOLxZZxb6OOx/ZtPudYelL9T/Xvp3kn8Sy395C iaU4I9FQi7moOBEA51mE4ZYCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/sx1oqwKsjqoxYDtNlIVB5BTc8z0>
Subject: Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 16:25:35 -0000

Hello Alan,

On 20/07/17 - 16:33:31, Alan Ford wrote:
> Comments inline...
> 
> > On 20 Jul 2017, at 16:20, Christoph Paasch <cpaasch@apple.com> wrote:
> > 
> > On 20/07/17 - 17:05:40, Olivier Bonaventure wrote:
> >> Alan,
> >>> 
> >>> Please bear in mind that the goal of MPTCP with respect to security, as discussed in the original architectural design in RFC6182, is to provide a security model no worse than TCP. So whilst this attack would be possible, it can only be done by an on-path attacker, and if succeeded would allow the on-path attacker to intercept all traffic. Which would be the same for a single-path TCP connection on the same path.
> >>> 
> >>> As a side point, the same kind of attack could be launched via REMOVE_ADDR messages, but this would not succeed since this is specified with some protection - ensuring the subflow is really unavailable through the use of TCP keepalive signals. This same protection cannot be used against the MP_PRIO since the referenced subflow is not unavailable.
> >>> 
> >>> If the WG considered this risk worth addressing, we could look at adding a nonce + signature to MP_PRIO.
> >> 
> >> Since the attacker is on path, this does not help if the attacker is on the
> >> first path.
> 
> That scenario has always been out of scope. If an attacker has observed the initial exchange, all bets are off, and we are only as secure as single-path TCP.
> 
> >>> We discuss several solutions in a forthcoming paper [ICNP2017], but a
> >>> simple approach to cope with this attack would be to reconsider the
> >>> utilisation of the address identifier in the MP_PRIO option. This
> >>> option allows a host to set/change the priority of all the subflows
> >>> associated to a given address identifier on another subflow. It could
> >>> have use cases, such as sending MP_PRIO over a WiFi subflow to put the
> >>> cellular subflow in backup mode without sending a packet over the
> >>> cellular interface, but this looks like an edge case. Looking at the
> >>> attack that we have identified, the working group should evaluate the
> >>> removal of the address identifier in rfc6824bis. If the MP_PRIO option
> >>> does not include an address identifier, then it becomes impossible for
> >>> an attacker who is on-path of a given subflow to change the priority
> >>> of the other subflows.
> >> 
> >> Remove the address identifier from the MP_PRIO seems a safe solution to me.
> >> I do not see a benefit in sending MP_PRIO on another subflow than the one
> >> that you want to affect.
> > 
> > +1
> > 
> > As far as I know, there is no implementation that relies on the address-ID
> > in the MP_PRIO to signal the priorities.
> 
> So the main reason for this was to permit the signalling of backup for a subflow which was also signalled via ADD_ADDR. ADD_ADDR does not have a ‘B’ bit in it, so the priority would be signalled separately.
> 
> We could add the prio bit to ADD_ADDR to resolve this issue. However, this limits extensibility in MP_PRIO e.g. with other signals which have been suggested in the past ("backup but do not open”, use for differing traffic types, etc).

I think it's ok to add the prio-bit to the ADD_ADDR. I'm not sure though to
what extend it would limit the extensibility of MP_PRIO.


Christoph

v2.23.0 | Report a Bug | By Email