Page 312 - 5G Basics - Core Network Aspects
P. 312
1 Core network aspects
RST packets, it terminates the data transmission to the victim, or at least it can reduce the number of data
transmissions. Therefore, to a certain degree, this method can prevent the flooding attacks.
In addition, to deal with this type of attack, reachability should be checked before the MPT sender sends data
through a new path of an existing multi-path transmission connection. In this solution, before transmitting
packets, the source S sends a request message to ask if the victim is willing to accept packets from the path
identified by source S’s own IP address and the victim's IP address. Since there is no such path belonging to
the victim, the victim would reject the request from source S. Source S then would not to send packets to the
victim. These and other methods can prevent the flooding attacks described in this clause.
10.2.2 Hijacking attacks
Hijacking attacks occur when an attacker takes over a path belonging to the multi-path transmission
connection between a victim and its peer node, and then intercepts the packets from the victim.
Before a hijack attack begins, a multi-path transmission connection is established between the victim and
the peer. After the attacker learns the 4-tuple that identifies the transport layer connection between the
victim and its peer, the attacker poses as the peer but uses its own IP address to establish another path with
the victim. After completing this step, the attacker is naturally participating in the communication between
the victim and the peer. When the victim transmits data packets through the two paths, perhaps not all, but
at least part of the packets from the victim are sent to the attacker.
In the communication process, the victim of the hijacked path believes that it is sending data packets to its
peer; it is in fact communicating with the attacker and the peer simultaneously. At the same time, the peer
does not receive all of the packets sent by the victim, which may lead to some negative effects. For example,
this may result in a denial of service (DoS) attack since the partial data sent to the peer will stop waiting for
the missing data sent to the attacker. The following are some available approaches for preventing hijacking
attacks to a degree.
1) Cookie-based solution
During the establishment of the first path between the victim and its peer, a cookie can be agreed
on by each party. This cookie is added in every control packet used to establish other paths in the
future. In order to initiate hijacking attacks, the attackers must obtain the cookie. Thus the cookie-
based approach prevents off-path attackers from launching hijacking attacks; it cannot prohibit on-
path attackers.
2) Shared secret exchanged in plain text
This protection process is similar to that of the cookie-based approach, but is more secure. The
difference is the exchange of a key in plaintext during the establishment of the first path.
Subsequent establishment requests of other paths again validate the new path by using a keyed
hashed message authentication code (HMAC) signature using the shared key. Since the shared key
only transmits during the establishment of the first path, attackers that sniff (record) packets after
the first path has already been established would not successfully launch an attack. However, for
attackers sniffing or modifying the messages exchanged during the establishment of the first path,
this solution can hardly provide effective protection.
3) Strong crypto anchor exchange
To achieve more effective protection, in this approach, the communication endpoints would
exchange some strong crypto anchor, other than a key in plaintext, while establishing the first path.
A public key or a hash-chain anchor can be the strong crypto anchor. After the communication
endpoints agree on the anchor, they can exchange packets which are encrypted by the shared crypto
anchor through the first path. Actually, if the attacker wants to launch a hijacking attack, it would
be necessary to change the crypto anchor exchanged in the path establishment phase. But, if the
endpoints communicate directly, the modify operations can be detectable.
302