Privacy threats and possible countermeasures for Multipath-TCP (MPTCP)
draft-bagnulo-mptcp-privacy-00

Document Type Active Internet-Draft (individual)
Last updated 2019-07-08
Stream (None)
Intended RFC status (None)
Formats plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         M. Bagnulo
Internet-Draft                                                      UC3M
Intended status: Experimental                            A. Andersdotter
Expires: January 9, 2020                                      Article 19
                                                               C. Paasch
                                                                   Apple
                                                            July 8, 2019

 Privacy threats and possible countermeasures for Multipath-TCP (MPTCP)
                   draft-bagnulo-mptcp-privacy-00.txt

Abstract

   This note performs a differential analysis of the threats regarding
   privacy of the Multipath TCP protocol compared to regular TCP and
   proposes a set of countermeasures for the threats identified.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 9, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Bagnulo, et al.          Expires January 9, 2020                [Page 1]
Internet-Draft                MPTCP privacy                    July 2019

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Threat Analysis . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Types of attackers  . . . . . . . . . . . . . . . . . . .   3
     2.2.  Detailed attack mechanics.  . . . . . . . . . . . . . . .   4
       2.2.1.  Attacks using MP_CAPABLE and MP_JOIN. . . . . . . . .   4
       2.2.2.  Attacks using ADD_ADDR. . . . . . . . . . . . . . . .   4
   3.  Countermeasures.  . . . . . . . . . . . . . . . . . . . . . .   4
   4.  MPTCP privacy features. . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   6
   8.  Informative References  . . . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   Multipath-TCP (MPTCP) [RFC6824] [I-D.ietf-mptcp-rfc6824bis] is a set
   of extensions to TCP that enable the use of multiple IP addresses
   throughout the lifetime of a (MP)TCP connection.  The use of multiple
   addresses in a connection allows two main uses cases, namely mobility
   and multihoming.  In the case of multihoming, if an endpoint is
   connected to the Internet through multiple interfaces simultaneously
   (each ones having a different IP address), the use of MPTCP allow
   additional fault tolerance as the connection can be preserved by
   using an alternative IP address even if the IP address originally
   used to establish the connection is rendered unavailable.  In the
   case of mobility, as an endpoint changes is attachment to the
   Internet, it acquires a new IP address associated to its new
   attachment point.  By using MPTCP, connections can be preserved
   throughout the changes of attachment points and their respective IP
   addresses by adding the new IP addresses to the ongoing MPTCP
   connections.

   Because of its very nature, the operation of MPTCP presents privacy
   implications, as other protocols that bind multiple IP addresses to a
   given endpoint [I-D.nordmark-id-loc-privacy].  Because MPTCP
   explicitly associated multiple IP addresses to a given connection and
   hence to a given endpoint, it discloses information about the node
   whereabouts to third parties.  In this note, we perform an analysis
   of the privacy implications of the operation of the MPTCP compared to
   regular TCP and we provide a set of countermeasures to address the
Show full document text