TWC: Small: Collaborative: Multipath TCP Side Channel Vulnerabilities and Defenses

TWC：小：协作：多路径 TCP 侧信道漏洞和防御

• 批准号: 1528114
• 负责人: Zhiyun Qian
• 金额: $ 16.7万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1528114&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Multipath; TCP

The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security. The study will further increase the acceptance of MPTCP as an efficient, trustworthy, and next-generation transport layer protocol, especially considering that the deployment of new protocols can always be hindered by security concerns. The results will lead to development of guidelines and specifications for MPTCP through standards organizations such as IETF.This project aims to gain an in-depth understanding of the implicit interaction among sub-connections within an MPTCP connection, the information that can be leaked or inferred through side channels by eavesdropping such interaction, and the potential attacks on MPTCP by exploiting such leaked or inferred information. The key insight is that the current MPTCP design inherently allows an attacker eavesdropping on one path to learn information (e.g., throughput) about the sub-connections along other paths. Such seemingly benign information leakage allows an attacker to hijack the entire MPTCP connection. This project considers three general threat models: on-path only attacker, host-assisted off-path attacker, and host-assisted on-path attacker. Based on these threat models, the PIs propose to study traffic offloading/onloading and sequence number inference attacks. The PIs also plan to design and validate countermeasures and defense mechanisms for MPTCP against such threats.

这个项目的目标是理解和加强多路径TCP （MPTCP）的安全性——一个IETF标准化的TCP扩展套件，它允许一个MPTCP连接，由两个主机之间的多个子连接组成，同时使用多条路径。尽管MPTCP已经获得了广泛部署的动力，但它的安全性还没有得到很好的理解。该项目有望提高人们对MPTCP安全的认识，并最终为MPTCP安全奠定基础。该研究将进一步提高MPTCP作为高效、可靠和下一代传输层协议的接受度，特别是考虑到新协议的部署总是会受到安全问题的阻碍。其结果将导致通过IETF等标准组织制定MPTCP的指导方针和规范。本项目旨在深入了解MPTCP连接中子连接之间的隐式交互，通过窃听这种交互可以通过侧通道泄露或推断出的信息，以及利用这些泄露或推断出的信息对MPTCP的潜在攻击。关键的洞察是，当前的MPTCP设计固有地允许攻击者窃听一条路径，以了解沿其他路径的子连接的信息（例如，吞吐量）。这种看似无害的信息泄漏允许攻击者劫持整个MPTCP连接。该项目考虑了三种一般的威胁模型：路径上攻击者，主机辅助的路径外攻击者和主机辅助的路径上攻击者。基于这些威胁模型，pi建议研究流量分流攻击和序列号推理攻击。PIs还计划设计和验证MPTCP应对此类威胁的对策和防御机制。