MPTCP robustness against large-scale man-in-the-middle attacks

Abstract Multipath communications at the Internet scale have been a myth for a long time, with no actual protocol being deployed at large scale. Recently, the Multipath Transmission Control Protocol (MPTCP) extension was standardized and is undergoing rapid adoption in many different use-cases, from mobile to fixed access networks, from data-centers to core networks. Among its major benefits – i.e., reliability thanks to backup path rerouting, throughput increase thanks to link aggregation, and confidentiality being more difficult to intercept a full connection – the latter has attracted lower attention. How effective would be to use MPTCP, or an equivalent multipath transport layer protocol, to exploit multiple Internet-scale paths and decrease the probability of Man-in-the-Middle (MITM) attacks is a question which we try to answer. By analyzing the Autonomous System (AS) level graph, we identify which countries and regions show a higher level of robustness against MITM AS-level attacks, for example due to core cable tapping or route hijacking practices.

[1]  Olivier Bonaventure,et al.  Use Cases and Operational Experience with Multipath TCP , 2017, RFC.

[2]  Stefano Secci,et al.  Boosting Cloud Communications through a Crosslayer Multipath Protocol Architecture , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[3]  Jean-Louis Rougier,et al.  Internet routing diversity for stub networks with a Map-and-Encap scheme , 2012, 2012 IEEE International Conference on Communications (ICC).

[4]  Lixia Zhang,et al.  Stream Control Transmission Protocol , 2000, RFC.

[5]  Stefano Secci,et al.  Enhancing buffer dimensioning for Multipath TCP , 2016, 2016 7th International Conference on the Network of the Future (NOF).

[6]  Stacy Marsella,et al.  Computationally modeling human emotion , 2014, CACM.

[7]  Abdul Kabbani,et al.  FlowBender: Flow-level Adaptive Routing for Improved Latency and Throughput in Datacenter Networks , 2014, CoNEXT.

[8]  K. Shaneman,et al.  Optical network security: technical analysis of fiber tapping mechanisms and methods for detection & prevention , 2004, IEEE MILCOM 2004. Military Communications Conference, 2004..

[9]  Prabaharan Poornachandran,et al.  B-Secure: A Dynamic Reputation System for Identifying Anomalous BGP Paths , 2016, FICTA.

[10]  Mark Handley,et al.  Improving datacenter performance and robustness with multipath TCP , 2011, SIGCOMM 2011.

[11]  Antti Ylä-Jääski,et al.  Multipath Transmission for the Internet: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[12]  Milton L. Mueller,et al.  Internet routing registries, data governance, and security , 2017 .

[13]  Giuseppe Di Battista,et al.  Computing the types of the relationships between autonomous systems , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[14]  Marcelo Bagnulo,et al.  Threat Analysis for TCP Extensions for Multipath Operation with Multiple Addresses , 2011, RFC.

[15]  Mark Handley,et al.  TCP Extensions for Multipath Operation with Multiple Addresses , 2011 .

[16]  Marija Furdek,et al.  Physical-Layer Attacks in Transparent Optical Networks , 2012 .

[17]  Bernhard Ager,et al.  Policy-compliant path diversity and bisection bandwidth , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[18]  Steven H. Low,et al.  Multipath TCP algorithms: theory and design , 2013, SIGMETRICS '13.

[19]  Walter Willinger,et al.  The (In)Completeness of the Observed Internet AS-level Structure , 2010, IEEE/ACM Transactions on Networking.

[20]  Olivier Bonaventure,et al.  Network-Assisted MPTCP: Use Cases, Deployment Scenarios and Operational Considerations , 2016 .

[21]  Marcelo Bagnulo,et al.  Analysis of Residual Threats and Possible Fixes for Multipath TCP (MPTCP) , 2015, RFC.

[22]  Hyoung-Kee Choi,et al.  Efficient design for secure multipath TCP against eavesdropper in initial handshake , 2016, 2016 International Conference on Information and Communication Technology Convergence (ICTC).

[23]  Stefano Secci,et al.  Cross-layer cooperation to boost multipath TCP performance in cloud networks , 2013, 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet).

[24]  Dino Farinacci,et al.  Locator/ID Separation Protocol (LISP) Map-Server Interface , 2013, RFC.

[25]  Joshua S. White,et al.  An analysis of coupling attacks in high-speed fiber optic networks , 2011, Defense + Commercial Sensing.

[26]  Albert-László Barabási,et al.  Statistical mechanics of complex networks , 2001, ArXiv.

[27]  Frits C. R. Spieksma,et al.  Connectivity Measures for Internet Topologies on the Level of Autonomous Systems , 2009, Oper. Res..

[28]  Nicole Starosielski,et al.  Critical Nodes, Cultural Networks: Re-mapping Guam's Cable Infrastructure , 2011 .

[29]  Stefano Secci,et al.  Characterisation of AS-level path deviations and multipath in Internet routing , 2010, 6th EURO-NGI Conference on Next Generation Internet.

[30]  Mauro Conti,et al.  A Survey of Man In The Middle Attacks , 2016, IEEE Communications Surveys & Tutorials.

[31]  Lixia Zhang,et al.  The (In)Completeness of the Observed Internet AS-level Structure , 2010, IEEE/ACM Transactions on Networking.

[32]  Mark Handley,et al.  How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP , 2012, NSDI.

[33]  Olivier Bonaventure,et al.  Securing multipath TCP: Design & implementation , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[34]  Olivier Bonaventure,et al.  Multipath QUIC: Design and Evaluation , 2017, CoNEXT.

[35]  Stefano Secci,et al.  Extensions for Network-Assisted MPTCP Deployment Models , 2017 .

[36]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[37]  Mark Handley,et al.  TCP Extensions for Multipath Operation with Multiple Addresses , 2020, RFC.

[38]  Stefano Secci,et al.  Transparent cloud access performance augmentation via an MPTCP-LISP connection proxy , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[39]  Stefano Secci,et al.  Can MPTCP secure Internet communications from man-in-the-middle attacks? , 2017, 2017 13th International Conference on Network and Service Management (CNSM).

[40]  Ralf Steinmetz,et al.  A programming model for application-defined multipath TCP scheduling , 2017, Middleware.

[41]  Gwendal Simon,et al.  Cross-layer scheduler for video streaming over MPTCP , 2016, MMSys.

[42]  Thomas Erlebach,et al.  Computing the types of the relationships between autonomous systems , 2007, IEEE/ACM Trans. Netw..