Paper 2018/1124

Secure Opportunistic Multipath Key Exchange

Sergiu Costea, Marios O. Choudary, Doru Gucea, Björn Tackmann, and Costin Raiciu


The security of today's widely used communication security protocols is based on trust in Certificate Authorities (CAs). However, the real security of this approach is debatable, since certificate handling is tedious and many recent attacks have undermined the trust in CAs. On the other hand, opportunistic encryption protocols such as Tcpcrypt, which are currently gaining momentum as an alternative to no encryption, have similar security to using untrusted CAs or self-signed certificates: they only protect against passive attackers. In this paper, we present a key exchange protocol, Secure Multipath Key Exchange (SMKEX), that enables all the benefits of opportunistic encryption (no need for trusted third parties or pre-established secrets), as well as proven protection against some classes of active attackers. Furthermore, SMKEX can be easily extended to a trust-on-first-use setting and can be easily integrated with TLS, providing the highest security for opportunistic encryption to date while also increasing the security of standard TLS. We show that SMKEX is made practical by the current availability of path diversity between different AS-es. We also show a method to create path diversity with encrypted tunnels without relying on the network topology. These allow SMKEX to provide protection against most adversaries for a majority of Alexa top 100 web sites. We have implemented SMKEX using a modified Multipath TCP kernel implementation and a user library that overwrites part of the socket API, allowing unmodified applications to take advantage of the security provided by SMKEX.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. ACM CCS 2018
opportunistic encryptionkey exchangeTLS
Contact author(s)
marios choudary @ cs pub ro
2018-11-20: received
Short URL
Creative Commons Attribution


      author = {Sergiu Costea and Marios O.  Choudary and Doru Gucea and Björn Tackmann and Costin Raiciu},
      title = {Secure Opportunistic Multipath Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1124},
      year = {2018},
      doi = {10.1145/3243734.3243791},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.