Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Towards Secure Multipath TCP Communication
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (PriSec)ORCID-id: 0000-0001-9886-6651
2017 (engelsk)Licentiatavhandling, med artikler (Annet vitenskapelig)
Abstract [en]

The evolution in networking coupled with an increasing demand to improve user experience has led to different proposals to extend the standard TCP. Multipath TCP (MPTCP) is one such extension that has the potential to overcome few inherent limitations in the standard TCP. While MPTCP's design and deployment progresses, most of the focus has been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as the standard TCP.

The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in the traditional networking environment. The Internet of today has security middle-boxes that perform traffic analysis to detect intrusions and attacks. Such middle-boxes make use of different assumptions about the traffic, e.g., traffic from a single connection always arrives along the same path. This along with many other assumptions may not be true anymore with the advent of MPTCP as traffic can be fragmented and sent over multiple paths simultaneously.

We investigate how practical it is to evade a security middle-box by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic is used to evaluate such attacks against Snort IDS to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend the MPTCP performance advantages to servers that only support standard TCP, while ensuring that intrusions can be detected as before. Finally, we investigate the potential MPTCP scenario where security middle-boxes only have access to some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a nearly 90% detection accuracy. Another contribution of this work is a tool, that converts IDS rules into equivalent attack traffic to automate the evaluation of a middle-box.

Abstract [en]

Multipath TCP (MPTCP) is an extension to standard TCP that is close to being standardized. The design of the protocol is progressing, but most of the focus has so far been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as standard TCP. The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in a traditional networking environment. Today, the security middleboxes make use of different assumptions that may not be true anymore with the advent of MPTCP.We investigate how practical it is to evade a security middlebox by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic generated from a tool that is also presented in this thesis is used to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend secure MPTCP performance advantages. We also investigate the MPTCP scenario where security middleboxes can only observe some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a high detection accuracy.

sted, utgiver, år, opplag, sider
Karlstad: Karlstads universitet, 2017. , s. 91
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2017:12
Emneord [en]
network security, MPTCP, TCP, IDS, snort, edit-distance
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-48172ISBN: 978-91-7063-763-6 (tryckt)ISBN: 978-91-7063-764-3 (digital)OAI: oai:DiVA.org:kau-48172DiVA, id: diva2:1082824
Presentation
2017-04-28, 1B364, Karlstad, 13:00 (engelsk)
Opponent
Veileder
Prosjekter
HITSTilgjengelig fra: 2017-04-10 Laget: 2017-03-17 Sist oppdatert: 2019-12-02bibliografisk kontrollert
Delarbeid
1. Multipath TCP IDS Evasion and Mitigation
Åpne denne publikasjonen i ny fane eller vindu >>Multipath TCP IDS Evasion and Mitigation
2015 (engelsk)Inngår i: Information Security: 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings / [ed] Javier Lopez & Chris J. Mitchell, Springer, 2015, Vol. 9290, s. 265-282Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

The existing network security infrastructure is not ready for future protocols such as Multipath TCP (MPTCP). The outcome is that middleboxes are configured to block such protocols. This paper studies the security risk that arises if future protocols are used over unaware infrastructures. In particular, the practicality and severity of cross-path fragmentation attacks utilizing MPTCP against the signature-matching capability of the Snort intrusion detection system (IDS) is investigated. Results reveal that the attack is realistic and opens the possibility to evade any signature-based IDS. To mitigate the attack, a solution is also proposed in the form of the MPTCP Linker tool. The work outlines the importance of MPTCP support in future network security middleboxes.

sted, utgiver, år, opplag, sider
Springer, 2015
Serie
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9290
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-39058 (URN)10.1007/978-3-319-23318-5_15 (DOI)000363678700015 ()978-3-319-23317-8 (ISBN)
Konferanse
The 18th Information Security Conference (ISC), Trondheim, Norway, September 9-11, 2015.
Prosjekter
HITS, 4707
Forskningsfinansiär
Knowledge Foundation
Tilgjengelig fra: 2016-01-18 Laget: 2016-01-18 Sist oppdatert: 2019-11-11bibliografisk kontrollert
2. Towards Multipath TCP Aware Security Technologies
Åpne denne publikasjonen i ny fane eller vindu >>Towards Multipath TCP Aware Security Technologies
2016 (engelsk)Inngår i: 2016 8th IFIP International Conference onNew Technologies, Mobility and Security (NTMS), New York: IEEE, 2016, s. 1-8Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Multipath TCP (MPTCP) is a proposed extension to TCP that enables a number of performance advantages that have not been offered before. While the protocol specification is close to being finalized, there still remain some unaddressed challenges regarding the deployment and security implications of the protocol. This work attempts to tackle some of these concerns by proposing and implementing MPTCP aware security services and deploying them inside a proof of concept MPTCP proxy. The aim is to enable hosts, even those without native MPTCP support, to securely benefit from the MPTCP performance advantages. Our evaluations show that the security services that are implemented enable proper intrusion detection and prevention to thwart potential attacks as well as threshold rules to prevent denial of service (DoS) attacks.

sted, utgiver, år, opplag, sider
New York: IEEE, 2016
HSV kategori
Identifikatorer
urn:nbn:se:kau:diva-47594 (URN)10.1109/NTMS.2016.7792485 (DOI)000391578700063 ()978-1-5090-2914-3 (ISBN)
Konferanse
8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Larnaca, Cyprus 21-23 November 2016
Prosjekter
HITS, 4707
Forskningsfinansiär
Knowledge Foundation
Tilgjengelig fra: 2017-01-06 Laget: 2017-01-06 Sist oppdatert: 2019-12-02bibliografisk kontrollert
3. Partial Signature Matching in an MPTCP World using Insert-only Levenshtein Distance
Åpne denne publikasjonen i ny fane eller vindu >>Partial Signature Matching in an MPTCP World using Insert-only Levenshtein Distance
(engelsk)Manuskript (preprint) (Annet vitenskapelig)
HSV kategori
Identifikatorer
urn:nbn:se:kau:diva-48173 (URN)
Tilgjengelig fra: 2017-03-17 Laget: 2017-03-17 Sist oppdatert: 2018-08-14bibliografisk kontrollert
4. IDS rule management made easy
Åpne denne publikasjonen i ny fane eller vindu >>IDS rule management made easy
2016 (engelsk)Inngår i: Electronics, Computers and Artificial Intelligence (ECAI), 2016 8th International Conference on, IEEE, 2016Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Signature-based intrusion detection systems (IDSs) are commonly utilized in enterprise networks to detect and possibly block a wide variety of attacks. Their application in industrial control systems (ICSs) is also growing rapidly as modem ICSs increasingly use open standard protocols instead of proprietary. Due to an ever changing threat landscape, the rulesets used by these IDSs have grown large and there is no way to verify their precision or accuracy. Such broad and non-optimized rulesets lead to false positives and an unnecessary burden on the IDS, resulting in possible degradation of the security. This work proposes a methodology consisting of a set of tools to help optimize the IDS rulesets and make rule management easier. The work also provides attack traffic data that is expected to benefit the task of IDS assessment.

sted, utgiver, år, opplag, sider
IEEE, 2016
Serie
International Conference on Electronics Computers and Artificial Intelligence, ISSN 2378-7147
HSV kategori
Identifikatorer
urn:nbn:se:kau:diva-48016 (URN)10.1109/ECAI.2016.7861119 (DOI)000402541200055 ()978-1-5090-2048-5 (ISBN)978-1-5090-2047-8 (ISBN)
Konferanse
8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 30 June-2 July 2016, Ploiesti, Romania
Prosjekter
HITS, 4707
Forskningsfinansiär
Knowledge Foundation
Tilgjengelig fra: 2017-02-24 Laget: 2017-02-24 Sist oppdatert: 2019-11-11bibliografisk kontrollert

Open Access i DiVA

fulltext(372 kB)207 nedlastinger
Filinformasjon
Fil FULLTEXT02.pdfFilstørrelse 372 kBChecksum SHA-512
6aa4d4b76d7dbac5b3b93bb8d2e65464c050d0bb266fa29871ca6b3a4d4a06eb84fafaa15e8128537de9c7c5dadc84d049c3115acd39e5619907f89319991c10
Type fulltextMimetype application/pdf

Personposter BETA

Afzal, Zeeshan

Søk i DiVA

Av forfatter/redaktør
Afzal, Zeeshan
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 207 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

isbn
urn-nbn

Altmetric

isbn
urn-nbn
Totalt: 1344 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf