Cryptology ePrint Archive: Report 2018/1124

Secure Opportunistic Multipath Key Exchange

Sergiu Costea and Marios O. Choudary and Doru Gucea and Björn Tackmann and Costin Raiciu

Abstract: The security of today's widely used communication security protocols is based on trust in Certificate Authorities (CAs). However, the real security of this approach is debatable, since certificate handling is tedious and many recent attacks have undermined the trust in CAs. On the other hand, opportunistic encryption protocols such as Tcpcrypt, which are currently gaining momentum as an alternative to no encryption, have similar security to using untrusted CAs or self-signed certificates: they only protect against passive attackers.

In this paper, we present a key exchange protocol, Secure Multipath Key Exchange (SMKEX), that enables all the benefits of opportunistic encryption (no need for trusted third parties or pre-established secrets), as well as proven protection against some classes of active attackers. Furthermore, SMKEX can be easily extended to a trust-on-first-use setting and can be easily integrated with TLS, providing the highest security for opportunistic encryption to date while also increasing the security of standard TLS.

We show that SMKEX is made practical by the current availability of path diversity between different AS-es. We also show a method to create path diversity with encrypted tunnels without relying on the network topology. These allow SMKEX to provide protection against most adversaries for a majority of Alexa top 100 web sites.

We have implemented SMKEX using a modified Multipath TCP kernel implementation and a user library that overwrites part of the socket API, allowing unmodified applications to take advantage of the security provided by SMKEX.

Category / Keywords: cryptographic protocols / opportunistic encryption, key exchange, TLS

Original Publication (in the same form): ACM CCS 2018

Date: received 19 Nov 2018

Contact author: marios choudary at cs pub ro

Available format(s): PDF | BibTeX Citation

Version: 20181120:033802 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]