Authors: Zubair Shafiq (Michigan State University), Franck Le, Mudhakar Srivatsa (IBM Research), Alex X. Liu (Michigan State University).
Multipath TCP (MPTCP) is an optimization that allows traffic between two endpoints to take advantage of multiple paths, thus increasing the utilization of overall bandwidth available. The three design objectives of MPTCP are threefold:
1. Increase throughput
2. ‘Do no harm’ by not degrading the performance of single-path path flows sharing the network
3. Balance congestion by moving traffic off congested paths
This paper presents an attack, not on any of these design objectives, but on another implicit design goal, which is that the routing strategy shouldn’t otherwise compromise the privacy of the user or the network operator. In short, this paper presents an attack on MPTCP that allows one ISP to probe the precise performance characteristics of other competing ISPs on the network. This information may be considered proprietary. Although a similar attack is already possible with ordinary single-path TCP, the attack can only be launched from nodes lying on the routed path, whereas with MPTCP the attack can be launched by nodes off the path.
The attack presented in this paper was demonstrated on a small four-node network of hosts running a Linux kernel patched with an existing MPTCP implementation. The attack allows one node on the network to directly infer the throughput of a single-path TCP flow spanning the other three nodes, with approximately 90% accuracy.