TWC: Small: Collaborative: Multipath TCP Side Channel Vulnerabilities and Defenses

TWC：小：协作：多路径 TCP 侧信道漏洞和防御

• 批准号: 1524329
• 负责人: Zubair Shafiq
• 金额: $ 16.7万
• 依托单位: University of Iowa
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1524329&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Multipath; TCP

The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security. The study will further increase the acceptance of MPTCP as an efficient, trustworthy, and next-generation transport layer protocol, especially considering that the deployment of new protocols can always be hindered by security concerns. The results will lead to development of guidelines and specifications for MPTCP through standards organizations such as IETF.This project aims to gain an in-depth understanding of the implicit interaction among sub-connections within an MPTCP connection, the information that can be leaked or inferred through side channels by eavesdropping such interaction, and the potential attacks on MPTCP by exploiting such leaked or inferred information. The key insight is that the current MPTCP design inherently allows an attacker eavesdropping on one path to learn information (e.g., throughput) about the sub-connections along other paths. Such seemingly benign information leakage allows an attacker to hijack the entire MPTCP connection. This project considers three general threat models: on-path only attacker, host-assisted off-path attacker, and host-assisted on-path attacker. Based on these threat models, the PIs propose to study traffic offloading/onloading and sequence number inference attacks. The PIs also plan to design and validate countermeasures and defense mechanisms for MPTCP against such threats.

该项目的目的是了解和加强多路径TCP（MPTCP）的安全性-一个IETF标准化的TCP扩展套件，允许一个MPTCP连接，由两个主机之间的多个子连接组成，同时使用多个路径。尽管MPTCP在被广泛部署方面已经获得了势头，但其安全性尚未得到很好的理解。该项目预计将提高人们对MPTCP安全性的认识，并最终为MPTCP安全性奠定基础。这项研究将进一步提高MPTCP作为一种高效、值得信赖的下一代传输层协议的接受度，特别是考虑到新协议的部署总是会受到安全问题的阻碍。本项目旨在深入了解MPTCP连接中的子连接之间的隐式交互、通过窃听这种交互可以通过侧信道泄露或推断的信息以及利用这种泄露或推断的信息对MPTCP进行潜在攻击的可能性。关键的见解是，当前的MPTCP设计固有地允许攻击者窃听一条路径来学习信息（例如，吞吐量）关于沿着其它路径的子连接。这种看似良性的信息泄漏允许攻击者劫持整个MPTCP连接。该项目考虑了三种常见的威胁模型：仅在路径上的攻击者，主机辅助的路径外攻击者和主机辅助的路径上的攻击者。基于这些威胁模型，PI建议研究流量卸载/加载和序列号推断攻击。PI还计划为MPTCP设计和验证针对此类威胁的对策和防御机制。