Secure and Lightweight Subflow Establishment of Multipath-TCP
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Noh, Gunhee | - |
dc.contributor.author | Park, Hoorin | - |
dc.contributor.author | Roh, Heejun | - |
dc.contributor.author | Lee, Wonjun | - |
dc.date.accessioned | 2021-09-01T22:42:02Z | - |
dc.date.available | 2021-09-01T22:42:02Z | - |
dc.date.created | 2021-06-19 | - |
dc.date.issued | 2019 | - |
dc.identifier.issn | 2169-3536 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/68896 | - |
dc.description.abstract | Multipath Transmission Control Protocol (MPTCP) is an approach towards high-throughput and efficient load balancing over multiple paths. Each of paths forms a TCP connection with an IP address, and those can be implemented as multiple network interfaces or multiple ports within a network interface. In this paper, we focus on the multiple network interfaces environment. Each network interface with an IP address is called as a subflow. A subflow is a TCP connection which can have a different internet path identified by IP addresses of source and destination network interfaces. To control these multiple subflows, MPTCP supports many options. Specifically, to establish a new subflow, MPTCP uses an ADD_ADDR option. A host sends ADD_ADDR option to inform another host of its IP address, and then, the host receiving ADD_ADDR option tries to establish a subflow at the address of ADD_ADDR option. However, by forging the ADD_ADDR option, an attacker can create a fake subflow that passes through itself and eventually hijack the connection between both end hosts. In a previous study, Hash-based Message Authentication (HMAC) was added to the ADD_ADDR option, preventing it from being forged. Nevertheless, since the keys for generating HMAC can be leaked during three-way handshake, a variant of the ADD_ADDR attack called the persistent ADD_ADDR attack can be possible. To this end, we propose a protocol that can prevent the ADD_ADDR attacks by backward confirmation of the ADD_ADDR option without encryption. The main idea of our proposal is to apply a digital signature scheme for the backward confirmation. We show security analysis for the proposed protocol and compare with the previous studies in terms of time/space overheads. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC | - |
dc.title | Secure and Lightweight Subflow Establishment of Multipath-TCP | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Roh, Heejun | - |
dc.contributor.affiliatedAuthor | Lee, Wonjun | - |
dc.identifier.doi | 10.1109/ACCESS.2019.2957434 | - |
dc.identifier.scopusid | 2-s2.0-85077205246 | - |
dc.identifier.wosid | 000509483800007 | - |
dc.identifier.bibliographicCitation | IEEE ACCESS, v.7, pp.177438 - 177448 | - |
dc.relation.isPartOf | IEEE ACCESS | - |
dc.citation.title | IEEE ACCESS | - |
dc.citation.volume | 7 | - |
dc.citation.startPage | 177438 | - |
dc.citation.endPage | 177448 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordAuthor | MPTCP | - |
dc.subject.keywordAuthor | network security | - |
dc.subject.keywordAuthor | ADD_ADDR attack | - |
dc.subject.keywordAuthor | connection hijacking | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
145 Anam-ro, Seongbuk-gu, Seoul, 02841, Korea+82-2-3290-2963
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.