An Alternative Approach to Authenticate Subflows of Multipath Transmission Control Protocol using an Application Level Key

Abstract

Abstract: Multipath Transmission Control Protocol (MPTCP) is an extension to Transmission Control Protocol (TCP) proposed by the Internet Engineering Task Force (IETF). The intention of MPTCP was to use multiple network interfaces in a single network connection simultaneously. Researches have identified that there are a considerable amount of security threats related to the connections initiated by MPTCP. In this research, we studied on the security threats generated by sharing authentication keys in the initial handshake of the MPTCP in plain text format and investigated the applicability of external keys in authenticating sub-flows with minimum modifications to the kernel and the socket APIs. To pass external keys from user space to kernel space, we used sin_zero padding in TCP socket data structure. Through the experiments we found that MPTCP sub-flows can be authenticated and certain vulnerabilities can be avoided with our approach.