Feeds

Multipath TCP speeds up the internet so much that security breaks

Black Hat research says proposed protocol will bork network probes, flummox firewalls

Top 5 reasons to deploy VMware with Tegile

The burgeoning Multipath TCP (MPTCP) standard promises to speed up the internet but will also break security solutions including intrusion detection and data leak prevention, says security researcher Catherine Pearce.

MPTCP technology is an update to the core communications backbone of the internet that will allow the Transmission Control Protocol to use multiple paths and network providers to improve speed, redundancy and resource utilisation.

As El Reg hack Richard Chirgwin detailed last October, MPTCP was already used by Apple's Siri for iOS but would not be more widely deployed in mobiles anytime soon because it broke current network designs, could lead to expensive data bills and may be torpedoed by carriers worried that firing more user data over wifi could starve bottom lines.

Now together with fellow Neohapsis security pro Patrick Thomas (@coffeetocode), Pearce (@secvalve) has found the technology would break current security systems.

"I can use MPTCP to break your intrusion detection system, data loss prevention, and many application-layer security devices today," Pearce wrote in a preview of the duo's Black Hat talk to be given this weekend.

MPTCP

The pair had not found any traffic inspection systems that could correlate and reassemble data in the way needed to analyse MPTCP, and said the technology broke trust models organisations placed in single network providers.

"With MPTCP it becomes much harder for a single network provider to undetectably (sic) alter or sniff your traffic unless they collaborate with the other [providers] you are using for that connection," she said.

It also created ambiguity concerning incoming and outgoing connections meaning MPTCP-confused firewalls may think incoming connections were outbound.

In September last year, Cisco noted MPTCP could create disruptions of service to protocol inspection products including firewalls and intrusion prevention systems.

And a month earlier, Michigan State University and IBM researchers found inherent side-channel design flaws in MPTCP could allow internet services providers to infer sensitive data on competitors including traffic congestion, end-to-end TCP throughput, packet loss, and network delay.

"Specifically, an attacker can infer the throughput of unmonitored paths with up to 90 percent accuracy and within measurements interval of less than two minutes by exploiting coupling among MPTCP subflows," four researchers wrote in the paper Cross-Path Inference Attacks on Multipath TCP [PDF].

" ... these attacks are fundamental to MPTCP and may constitute a barrier to its wide-scale adoption." ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.