The annual Black Hat security conferences are usually fountains of black news — another exploit discovered! criminals are partnering!
Here’s another one from this week’s Las Vegas edition: a supposed improved version of the Internet protocol called Multipath TCP being used by Apple, Cisco Systems and Juniper Networks poses tremendous problems for existing security software.
That was the presentation by a staffer with Neohapsis at the conference and outlined on the company’s blog.
The problem is that splitting data steams over different connection paths poses thorny issues for security technologies such as firewalls and deep packet inspection software, which are designed for regular TCP, Catherine Pearce, a security consultant with Neohapsis, told Computerworld U.S.
MPTCP “can be used to break pretty much every security control you throw in front of it in some way,” Pearce told the publication. “As this rolls out, this is going to be huge. It doesn’t change routing. It changes how networking works in some really fundamental ways.”
Multipath TCP is a backwards-compatible modification that allows a core networking protocol, TCP to talk over multiple paths at the same time. It decouples TCP from a specific IP address, and it also allows an application to add and remove network addresses on the fly.
The Internet Engineering Task Force is still examining a possible standard, but because it’s backward compatible with TCP it’s now in use by Apple’s Siri personal assistant, says Computerworld, as well as Cisco and Juniper in some products.
The problem with TCP, says Neohapsis, is that network traffic has to be correlated and reassembled for inspection. There is no way to do that yet for MTCP traffic. The protocol also allows a client to tell a server that it has another address which the server may connect back to. To a firewall that doesn’t understand MPTCP it looks like an outgoing connection.
Multipath TCP allows traffic to be spread around, removing the inherent trust users place in any single network provider, adds Neohapsis. With MPTCP it becomes much harder for a single network provider to undetectably alter or sniff your traffic unless they collaborate with the other ones you are using for that connection.
“Like IPv6, this is a technology that will slowly appear in network devices and can cause serious security side effects if not understood and properly managed,” says Neohapsis.