Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tcpcrypt The case for ubiquitous transport level encryption

Published byChad Riley Modified over 6 years ago

Similar presentations

Presentation on theme: "Tcpcrypt The case for ubiquitous transport level encryption"— Presentation transcript:

1 Tcpcrypt The case for ubiquitous transport level encryption
Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.

2 What would it take to encrypt the vast majority of TCP traffic?
Performance Fast enough to enable by default on almost all servers. Authentication Leverage certificates, cookies, passwords, etc., to give best possible security for any given setting. Compatibility Works in existing networks Works with unmodified legacy applications

3 Tcpcrypt uses TCP options to provide deployable transport-level encryption.
High server performance - push complexity to clients Allow applications to authenticate endpoints. Backwards compatibility: all TCP apps, all networks, all authentication settings.

4 Key exchange is performed in the TCP connection setup handshake.

5 Crypto state can be cached
Crypto state can be cached. Subsequent connections between the same endpoints get similar latency to regular TCP.

6 After initial handshake, tcpcrypt’s Session ID provides the hook to link application authentication to the session. New getsockopt() returns non-secret Session ID value. Unique for every connection. If same on both ends, guaranteed there’s no man-in-the-middle. session ID tcpcrypt Authenticating the session ID authenticates the endpoint password-based auth of user and session ID

7 Tcpcrypt implementations
Linux kernel implementation: 4,500 lines of code Portable divert-socket implementation: 7000 LoC Tested on Windows, MacOS, Linux, FreeBSD Binary compatible OpenSSL library that attempts tcpcrypt with batch-signing or falls back to SSL. tcpcryptd application Network kernel

8 Authentication over Tcpcrypt is fast.

9 Summary: the case for ubiquitous transport level encryption
High server performance makes encryption a realistic default. Applications can leverage Tcpcrypt to maximize communication security in every setting. Incrementally deployable, compatible with legacy apps, TCP and NATs. draft-bittau-tcp-crypt-00.txt

Download ppt "Tcpcrypt The case for ubiquitous transport level encryption"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC

Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
Triple-Layered Security. INHERITED SECURITY User/Group Management Single Sign On Object Level Security Row Level Security File Management ROAMBI SECURITY.

Triple-Layered Security. INHERITED SECURITY User/Group Management Single Sign On Object Level Security Row Level Security File Management ROAMBI SECURITY.
Tcpcrypt: real transport-level encryption UCL and Stanford. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh.

Tcpcrypt: real transport-level encryption UCL and Stanford. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall 2011 Department of Electrical and Computer Engineering University.

Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall Department of Electrical and Computer Engineering University.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.

Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Similar presentations

Ads by Google