Efficient Key Exchange Using Identity-Based Encryption in Multipath TCP Environment

Abstract

Across the globe, wireless devices with Internet facilities such as smartphones and tablets have become essential assets for communication and entertainment alike for everyday life for millions of people, which increases the network traffic and the demand for low-latency communication networks. The fourth-generation (4G)/long-term evolution (LTE)/ fifth-generation (5G) communication technology offers higher bandwidth and low latency services, but resource utilization and resiliency cannot be achieved, as transmission control protocol (TCP) is the most common choice for most of the state-of-art applications for the transport layer. An extension of TCP—multipath TCP (MPTCP)—offers higher bandwidth, resiliency, and stable connectivity by offering bandwidth aggregation and smooth handover among multiple paths. However, MPTCP uses multiple disjointed paths for communication to offer multiple benefits. A breach in the security of one of the paths may have a negative effect on the overall performance, fault-tolerance, robustness, and quality of service (QoS). In this paper, the research focuses on how MPTCP options such as MP_CAPABLE, ADD_ADDR, etc., can be used to exploit the vulnerabilities to launch various attacks such as session hijacking, traffic diversion, etc., to compromise the availability, confidentiality, and integrity of the data and network. The probable security solutions for securing MPTCP connections are analyzed, and the secure key exchange model for MPTCP (SKEXMTCP) based on identity-based encryption (IBE) is proposed and implemented. The parameters exchanged during the initial handshake are encrypted using IBE to prevent off-path attacks by removing the requirement for key exchange before communication establishment by allowing the use of arbitrary strings as a public key for encryption. The experiments were performed with IBE and an elliptic curve cryptosystem (ECC), which show that IBE performs better, as it does not need to generate keys while applying encryption. The experimental evaluation of SKEXMTCP in terms of security and performance is carried out and compared with existing solutions.