Data Sequence Map Flooding in MPTCP Framework: Potential Challenges and Efficient Countermeasures

摘要

Multipath Transmission Control Protocol (MPTCP) is a new protocol currently under design and standardization by the Internet Engineering Task Force (IETF). Its primary objective is to enable TCP to operate over multiple paths simultaneously. The protocol consists of a set of new signaling options that needs to be exchanged regularly between MPTCP capable endpoints through the TCP option field. Data Sequence Map (DSM) is one of the most crucial information that needs to be exchanged between the MPTCP endpoints. In this paper, we analyze the DSM exchange mechanism in MPTCP, from a security perspective, and identify potential misbehaviors by MPTCP endpoints. In particular, considering the fact that MPTCP is a stateful transport layer protocol, we explore the possibility of a new adverse scenario called Data Sequence Map flooding (DSM flooding). To the best of our knowledge, this paper for the first time describes three representative scenarios of DSM flooding: 1) DSM flooding through pure acknowledgements (ACKs), 2) DSM Flooding through map splitting and 3) Noncontiguous map splitting and flooding. DSM flooding can be performed by either of the MPTCP endpoints after establishing a MPTCP connection. We highlight the impact of DSM flooding on the other endpoint. We also propose novel countermeasures, including a map aggregation technique for the map receiving endpoint, to reduce the impact of DSM flooding in MPTCP framework.