Ancillary Impacts of Multipath TCP on Current and Future Network Security

Multipath TCP (MPTCP) is an experimental TCP extension designed to add functionality to TCP while remaining backwards-compatible with most networks and devices. MPTCP changes TCP´s behavior from how it´s commonly understood in ways that go beyond the security of MPTCP itself, with ancillary implications challenging how network security is practiced and implemented. Here, the authors investigate the implications for network security -- both in the transitional state, where MPTCP is partially supported, and in a future where every device supports MPTCP. They find that while MPTCP isn´t widely supported, increasing support will stimulate changes to common network security rationales and paradigms. In particular, when a connection´s identifiers become abstracted from network addresses, or when traffic is fragmented across paths, many current security approaches aren´t prepared to recognize this kind of traffic, let alone act appropriately.