Bittau, A; Hamburg, M; Handley, MJ; Mazieres, D; Boneh, D; (2014) Simple Opportunistic Encryption. In: (Proceedings) W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT), 28 February - 1 March 2014, London, UK. World Wide Web Consortium (W3C) / Internet Architecture Board (IAB)

Preview

Text Bintau_simple_opportunistic_encryption.pdf Download (74kB) | Preview

Abstract

Network traffic encryption is becoming a requirement, not an option. Enabling encryption will be a communal effort so a solution that gives partial benefits until fully deployed is needed. A solution that requires little changes to existing infrastructure will also help as it can be quickly deployed to give immediate shortterm benefits. We argue that tcpcrypt, a TCP option for opportunistic encryption is the path of least-resistance for a solution against large-scale traffic encryption. Tcpcrypt requires no changes to applications, is compatible with existing networks (works with NATs), and just works by default. It is high performance, so it can be deployed on servers without much concern. tcpcrypt attempts to maximize security for any given setting. By default, it will protect against passive eavesdropping, and also allows detecting large scale interception. With authentication, tcpcrypt can provide full security against active attackers and so it is a complete solution both for the short-term and long-term.

Download activity - last month

Export as XMLJSONCSV

Download activity - last 12 months

Export as XMLCSVJSON

Downloads by country - last 12 months

Export as XMLCSVJSON

Archive Staff Only

View Item