6.5 C
New York
Thursday, January 21, 2021

TCPCRYPT: IETF releases two RFCs for TCP encryption

Must Read

Jack Ma appears in public for the first time in three months

He was last seen in October when he criticized China's financial system, after which the media reported on his...

Watch Live: Joe Biden and Kamala Harris’s Inauguration ceremony

Everything you need to know about Joe Biden's inauguration ceremony and live streaming On January 20, 2021, Joseph Robinette Biden...

China launches mobile satellite into orbit

The new Tiantong-1 mobile communications satellite will operate in China and neighboring regions, African countries and most of the...
Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

The Internet Engineering Task Force (IETF) has released two experimentally marked RFC specifications that outline how TCP traffic can be encrypted. The idea of encrypting TCP is not new. The first draft at the IETF dates back to 2011, and the first was the TCPcrypt project at Usenix 2010. After the project slept for a while, after the revelations of Edward Snowden in 2013 and 2014, it took off again.

Flipboard suffered a security breach that exposed encrypted names and passwords

One of the reasons for not encrypting TCP, according to RFC 8547, is that a signaling mechanism is missing in many legacy protocols. They can not tell if they support encryption or not. At the same time, many legacy applications can not be updated later. Encryption should therefore be retrofitted and transparently incorporated into the transport layer.

How to prevent iOS iPhone apps from sending your personal info to 3rd parties

Two RFCs for TCP encryption

The TCP Encryption Negotiation Option (TCP ENO) solves both problems according to the RFC. The new type of TCP option makes it possible to complement a negotiation mechanism for encryption out of the series and fully backwards compatible. This can be done incrementally.

A framework allows two endpoints to negotiate the TCP Encryption Protocol to encrypt the connection between the two endpoints. Multiple TEPs are possible, allowing customization as encryption requirements change in the future. If a page is unable to encrypt, encryption will not occur. Details about TCP-ENO are provided by RFC 8547.

Pretty Easy Privacy (PEP): Simple email encryption can be so complicated

As mentioned, TCPcrypt also includes TCPcrypt, the TCP Encryption Protocol that defines RFC 8548. The authors of the RFC point out that TCPcrypt can peacefully coexist with so-called middleboxes because it tolerates “resegmentation, NATs, and other modifications to the TCP header .”

The protocol is quite self-sufficient, so need no external dependencies such as a PKI, which is important, inter alia, for use in kernel. Key exchange, however, requires an additional hop on hosts that do not yet know each other.

Forensics: How the blockchain convicts criminals

Modern Crypto for TCP Central for TCPcrypt is first an Extract function that receives a salt value and so-called Initial Keying Material (IKM) to generate a pseudo-random key. The extract function will then issue the key. From this, a collision-resistant pseudorandom function (CPRF) then generates several cryptographic keys as well as an arbitrary amount of output keying material (OKM).

These two functions use the Extract and Expand functions of the Key Derivation Function (HKDF) based on HMAC (RFC 2104). Finally, when the keys are negotiated and paired, an Authenticated Encryption with Associated Data (AEAD) algorithm takes care of ensuring the confidentiality and integrity of the submitted application data.

Google does not support the new YouTube from Microsoft Edge based on Chromium

Since the two RFC specifications are explicitly marked as experimental by the IETF , they only show the current state of research and are therefore not intended for productive use. Whether this ever happens is currently not foreseeable. In addition, the IETF uses QUIC on a novel protocol that can serve as a replacement for TCP in the transport layer and is encrypted by default.

Fake news has more engagement than real information, study reveals

- Advertisement -


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Jack Ma appears in public for the first time in three months

He was last seen in October when he criticized China's financial system, after which the media reported on his...
- Advertisement -

More Articles Like This

- Advertisement -