DOI QR코드

DOI QR Code

MPTCP에서 ECDH를 이용한 세션 키 자동생성에 관한 연구

The automatic generation of MPTCP session keys using ECDH

  • Sun, Seol-hee (Department of Information and Communication Engineering, Hanbat National University) ;
  • Kim, Eun-gi (Department of Information and Communication Engineering, Hanbat National University)
  • 투고 : 2016.08.31
  • 심사 : 2016.09.19
  • 발행 : 2016.10.31

초록

MPTCP(Multipath Transmission Control Protocol)는 두 호스트의 연결설정 시, 다수의 TCP 경로를 구성하여 동시에 데이터를 송수신할 수 있다. 따라서 MPTCP는 경로를 추가하려는 호스트의 유효성을 확인하기 위한 인증과정이 필요하기 때문에 초기 연결 설정 시, 키를 교환하여 인증용 토큰을 만든다. 하지만 기존 MPTCP의 토큰은 공개적으로 전송된 키를 그대로 사용하여 생성되기 때문에 MITM(Man In The Middle) 공격에 취약하다. 본 연구에서는 기존 MPTCP 키 교환방식에 ECDH(Elliptic Curve Diffie-Hellman) 키 교환 알고리즘을 적용시켜 기존의 키를 ECDH 공개키로 대체하고, 두 호스트만이 알 수 있는 비밀키를 생성하여 토큰을 만들기 위한 키로 사용하도록 하였다. 또한, 비밀키를 사용하여 데이터의 암호 및 복호화까지 지원하는 방법을 설계하고 구현함으로써 기존 MPTCP에 기밀성을 추가하였다.

MPTCP(Multipath Transmission Control Protocol) is able to compose many TCP paths when two hosts connect and the data is able to be transported through these paths simultaneously. When a new path is added, the authentication between both hosts is necessary to check the validity of host. So, MPTCP exchanges a key when initiating an connection and makes a token by using this key for authentication. However the original MPTCP is vulnerable to MITM(Man In The Middle) attacks because the key is transported in clear text. Therefore, we applied a ECDH(Elliptic Curve Diffie-Hellman) key exchange algorithm to original MPTCP and replaced the original key to the ECDH public key. And, by generating the secret key after the public key exchanges, only two hosts is able to make the token using the secret key to add new subflow. Also, we designed and implemented a method supporting encryption and decryption of data using a shared secret key to apply confidentiality to original MPTCP.

키워드

참고문헌

  1. G. Huston, "IP Multi-Addressing and Multipath TCP," The Internet Protocol Journal, vol. 18, no. 2, pp. 2-12, June 2015.
  2. WIKIPEDIA. Multipath TCP [Internet]. Available: http://en.wikipedia.org/wiki/Multipath_TCP.
  3. H. E, Go, J. U. Lee, S. H. Back, and J. H. Hwang "Multipath TCP (MPTCP) standardization and technology development trends," Journal of The Korean Institute of Communication Sciences, vol. 31, no. 9, pp. 9-16, September 2014.
  4. L. T. Tuan, K. S. Kim, J. K. Choe, and S. H. Ro, "A Study on Multi-Path TCP Mobility Management Protocol," Journal of KIIT, vol. 12, no. 6, pp. 109-117, June 2014.
  5. A. Ford, C. Raiciu, M. Handley, TCP Extensions for Multipath Operation with Multipath Addresses, RFC 6824, IETF, 2013.
  6. M. Bagnulo, Threat Analysis for TCP Extensions for Multipath Operation with Multiple Addresses, RFC 6181, IETF, 2011.
  7. S. H. Sun, E. G. Kim, "A study on the Key Exchange Using ECDH in MPTCP," in Proceeding of the 4th Annual Conference on Engineering and Information Technology, Kyoto, Japan, pp. 84-89, March 2016.
  8. K. J. Ha, C. H. Seo, D. Y. Kim, "Design of Validation System for a Crypto-Algorithm Implementation," Journal of the Korea Information and Communication Society, vol. 39, no. 4, pp. 242-250, April 2014.
  9. BlueKrypt. (2012). NIST Report on Cryptographic Key Length and Cryptoperiod [Internet]. Available: http://www.keylength.com/en/4/.
  10. D. K. Too, S. J. Han, "A Study of Key Distribution for Security on VANET," Journal of the Korea Institute of Information and Communication Engineering, vol. 16, no. 10, pp. 2192-2198, October 2012. https://doi.org/10.6109/jkiice.2012.16.10.2192
  11. OpenSSLWiki. Elliptic curve Diffie Hellman [Internet]. Available: http://wiki.openssl.org/index.php/Ellipttic_Curve_Diffie_Hellman.