Tcpcrypt The case for ubiquitous transport level encryption

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
Triple-Layered Security. INHERITED SECURITY User/Group Management Single Sign On Object Level Security Row Level Security File Management ROAMBI SECURITY.
Tcpcrypt: real transport-level encryption UCL and Stanford. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall Department of Electrical and Computer Engineering University.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Securing Microsoft® Exchange Server 2010
Secure Socket Layer (SSL)
Security in WAP Sanket Naik, Ameya Varde CS590F Fall 2000.
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Network Security Essentials Chapter 5
Cryptography and Network Security (SSL)
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
SSL/TLS How to send your credit card number securely over the internet.
Adxstudio Portals Training
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
OCALA Overlay Convergence Architecture for supporting Legacy Applications on Overlays Dilip Antony Joseph 1, Jayanth Kannan 1, Ayumu Kubota 2, Karthik.
Lemon security. Previous security enhancements user lemon: lemon-db-admin-OraMon will create user lemon (Miro). - OraMon switches to user lemon at its.
Bryan Call ATS Spring Summit 2016
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Norwalk LUG May Meeting
Computer and Network Security
The Secure Sockets Layer (SSL) Protocol
TOPIC: HTTPS (Security protocol)
Web Applications Security Cryptography 1
A socket API to control Multipath TCP draft-hesmans-mptcp-socket-00
Virtual Private Network (VPN)
SBSM BOF Session-Based Security Model for SNMPv3
Cryptography and Network Security
MPTCP – Multipath TCP WG Meeting Berlin, IETF-87, 30th July 2013
Remote Access Lecture 2.
Secure Sockets Layer (SSL)
Cryptography and Network Security Chapter 16
Common Security Mistakes
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
Web Security (TRANSPORT-LEVEL SECURITY)
TLS and DLP Behind the green lock.
The Secure Sockets Layer (SSL) Protocol
X-Road as a Platform to Exchange MyData
Transport Layer Security (TLS)
Unit 8 Network Security.
Advanced Computer Networks
Information Retrieval and Web Design
Cryptography and Network Security
NFD Tunnel Authentication
Presentation transcript:

Tcpcrypt The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.

What would it take to encrypt the vast majority of TCP traffic? Performance Fast enough to enable by default on almost all servers. Authentication Leverage certificates, cookies, passwords, etc., to give best possible security for any given setting. Compatibility Works in existing networks Works with unmodified legacy applications

Tcpcrypt uses TCP options to provide deployable transport-level encryption. High server performance - push complexity to clients Allow applications to authenticate endpoints. Backwards compatibility: all TCP apps, all networks, all authentication settings.

Key exchange is performed in the TCP connection setup handshake.

Crypto state can be cached Crypto state can be cached. Subsequent connections between the same endpoints get similar latency to regular TCP.

After initial handshake, tcpcrypt’s Session ID provides the hook to link application authentication to the session. New getsockopt() returns non-secret Session ID value. Unique for every connection. If same on both ends, guaranteed there’s no man-in-the-middle. session ID tcpcrypt Authenticating the session ID authenticates the endpoint password-based auth of user and session ID

Tcpcrypt implementations Linux kernel implementation: 4,500 lines of code Portable divert-socket implementation: 7000 LoC Tested on Windows, MacOS, Linux, FreeBSD Binary compatible OpenSSL library that attempts tcpcrypt with batch-signing or falls back to SSL. tcpcryptd application Network kernel

Authentication over Tcpcrypt is fast.

Summary: the case for ubiquitous transport level encryption High server performance makes encryption a realistic default. Applications can leverage Tcpcrypt to maximize communication security in every setting. Incrementally deployable, compatible with legacy apps, TCP and NATs. http://tcpcrypt.org draft-bittau-tcp-crypt-00.txt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.