BEST OF THE WEB

New networking protocol endangers security, Black Hat conference told

The annual Black Hat security conferences are usually fountains of black news — another exploit discovered! criminals are partnering!

Here’s another one from this week’s Las Vegas edition: a supposed improved version of the Internet protocol called Multipath TCP being used by Apple, Cisco Systems and Juniper Networks poses tremendous problems for existing security software.

That was the presentation by a staffer with Neohapsis at the conference and outlined on the company’s blog.

The problem is that splitting data steams over different connection paths poses thorny issues for security technologies such as firewalls and deep packet inspection software, which are designed for regular TCP, Catherine Pearce, a security consultant with Neohapsis, told Computerworld U.S.

MPTCP “can be used to break pretty much every security control you throw in front of it in some way,” Pearce told the publication. “As this rolls out, this is going to be huge. It doesn’t change routing. It changes how networking works in some really fundamental ways.”

Multipath TCP is a backwards-compatible modification that allows a core networking protocol, TCP to talk over multiple paths at the same time. It decouples TCP from a specific IP address, and it also allows an application to add and remove network addresses on the fly.

The Internet Engineering Task Force is still examining a possible standard, but because it’s backward compatible with TCP it’s now in use by Apple’s Siri personal assistant, says Computerworld, as well as Cisco and Juniper in some products.

The problem with TCP, says Neohapsis, is that network traffic has to be correlated and reassembled for inspection. There is no way to do that yet for MTCP traffic.  The protocol also allows a client to tell a server that it has another address which the server may connect back to. To a firewall that doesn’t understand MPTCP it looks like an outgoing connection.

Multipath TCP allows traffic to be spread around, removing the inherent trust users place in any single network provider, adds Neohapsis. With MPTCP it becomes much harder for a single network provider to undetectably alter or sniff your traffic unless they collaborate with the other ones you are using for that connection.

“Like IPv6, this is a technology that will slowly appear in network devices and can cause serious security side effects if not understood and properly managed,” says Neohapsis.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web