TWC: Small: Collaborative: Multipath TCP Side Channel Vulnerabilities and Defenses

TWC：小：协作：多路径 TCP 侧信道漏洞和防御

• 批准号: 1524698
• 负责人: Alex Liu
• 金额: $ 16.6万
• 依托单位: Michigan State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1524698&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Multipath; TCP

The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security. The study will further increase the acceptance of MPTCP as an efficient, trustworthy, and next-generation transport layer protocol, especially considering that the deployment of new protocols can always be hindered by security concerns. The results will lead to development of guidelines and specifications for MPTCP through standards organizations such as IETF.This project aims to gain an in-depth understanding of the implicit interaction among sub-connections within an MPTCP connection, the information that can be leaked or inferred through side channels by eavesdropping such interaction, and the potential attacks on MPTCP by exploiting such leaked or inferred information. The key insight is that the current MPTCP design inherently allows an attacker eavesdropping on one path to learn information (e.g., throughput) about the sub-connections along other paths. Such seemingly benign information leakage allows an attacker to hijack the entire MPTCP connection. This project considers three general threat models: on-path only attacker, host-assisted off-path attacker, and host-assisted on-path attacker. Based on these threat models, the PIs propose to study traffic offloading/onloading and sequence number inference attacks. The PIs also plan to design and validate countermeasures and defense mechanisms for MPTCP against such threats.

本项目的目标是了解和加强多路径TCP(MPTCP)的安全性--这是一套IETF标准化的TCP扩展，允许一个MPTCP连接(由两台主机之间的多个子连接组成)同时使用多条路径。尽管MPTCP已经获得了广泛部署的势头，但其安全性还没有得到很好的理解。该项目预计将提高人们对MPTCP安全的认识，并最终为MPTCP安全奠定基础。这项研究将进一步提高人们对MPTCP作为高效、值得信赖的下一代传输层协议的接受度，特别是考虑到新协议的部署总是会受到安全考虑的阻碍。该项目旨在深入了解MPTCP连接内子连接之间的隐含交互作用，通过窃听这种交互作用可以通过旁路泄露或推断的信息，以及通过利用此类泄露或推断的信息对MPTCP进行的潜在攻击。关键的见解是，当前的MPTCP设计本质上允许攻击者在一条路径上窃听，以了解关于沿其他路径的子连接的信息(例如，吞吐量)。这种看似无害的信息泄露使攻击者能够劫持整个MPTCP连接。本项目考虑了三种常见的威胁模型：仅路径上攻击者、主机辅助路径外攻击者和主机辅助路径上攻击者。基于这些威胁模型，PI建议研究流量卸载和序列号推断攻击。PIS还计划设计和验证MPTCP针对此类威胁的对策和防御机制。