Threat Analysis for TCP Extensions for Multipath Operation with Multiple Addresses
RFC 6181
Document Type RFC - Informational (March 2011; Errata)
Author Marcelo Bagnulo 
Last updated 2020-03-05
Replaces draft-bagnulo-mptcp-threat
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Reviews
TSVDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 6181 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Lars Eggert
IESG note Yoshifumi Nishida (nishida@sfc.wide.ad.jp) is the document shepherd.
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Internet Engineering Task Force (IETF)                        M. Bagnulo
Request for Comments: 6181                                          UC3M
Category: Informational                                       March 2011
ISSN: 2070-1721

       Threat Analysis for TCP Extensions for Multipath Operation
                        with Multiple Addresses

Abstract

   Multipath TCP (MPTCP for short) describes the extensions proposed for
   TCP so that endpoints of a given TCP connection can use multiple
   paths to exchange data.  Such extensions enable the exchange of
   segments using different source-destination address pairs, resulting
   in the capability of using multiple paths in a significant number of
   scenarios.  Some level of multihoming and mobility support can be
   achieved through these extensions.  However, the support for multiple
   IP addresses per endpoint may have implications on the security of
   the resulting MPTCP.  This note includes a threat analysis for MPTCP.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6181.

Bagnulo                       Informational                     [Page 1]
RFC 6181                  MPTCP Threat Analysis               March 2011

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Scope  . . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Related Work . . . . . . . . . . . . . . . . . . . . . . . . .  4
   4.  Basic MPTCP  . . . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Flooding Attacks . . . . . . . . . . . . . . . . . . . . . . .  8
   6.  Hijacking Attacks  . . . . . . . . . . . . . . . . . . . . . . 10
     6.1.  Hijacking Attacks to the Basic MPTCP . . . . . . . . . . . 10
     6.2.  Time-Shifted Hijacking Attacks . . . . . . . . . . . . . . 13
     6.3.  NAT Considerations . . . . . . . . . . . . . . . . . . . . 14
   7.  Recommendation . . . . . . . . . . . . . . . . . . . . . . . . 15
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
   9.  Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 16
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 16
   11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
     11.1. Normative References . . . . . . . . . . . . . . . . . . . 16
     11.2. Informative References . . . . . . . . . . . . . . . . . . 16

Bagnulo                       Informational                     [Page 2]
RFC 6181                  MPTCP Threat Analysis               March 2011

1.  Introduction

   Multipath TCP (MPTCP for short) describes the extensions proposed for
   TCP [RFC0793] so that endpoints of a given TCP connection can use
   multiple paths to exchange data.  Such extensions enable the exchange
   of segments using different source-destination address pairs,
   resulting in the capability of using multiple paths in a significant
   number of scenarios.  Some level of multihoming and mobility support
   can be achieved through these extensions.  However, the support for
   multiple IP addresses per endpoint may have implications on the
   security of the resulting MPTCP.  This note includes a threat
   analysis for MPTCP.  There are many other ways to provide multiple
   paths for a TCP connection other than the usage of multiple
   addresses.  The threat analysis performed in this document is limited
   to the specific case of using multiple addresses per endpoint.

2.  Scope

   There are multiple ways to achieve Multipath TCP.  Essentially, what
   is needed is for different segments of the communication to be
   forwarded through different paths by enabling the sender to specify
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools