Obfuscated TCP
Encyclopedia
Obfuscated TCP was a proposal for a transport layer protocol which implements opportunistic encryption
over TCP
. It was designed to prevent mass wiretapping and malicious corruption of TCP traffic on the internet
, with lower implementation cost and complexity than TLS
. In August 2008, IETF rejected the proposal for a TCP option, suggesting it be done on the application layer instead. The project has been inactive since a few months later.
In 2010 June, a separate proposal called tcpcrypt
has been submitted, which shares many of the goals of ObsTCP: being transparent to applications, opportunistic and low overhead. It requires even less configuration (no DNS entries or HTTP headers). Unlike ObsTCP, tcpcrypt also provides primitives down to the application to implement authentication and prevent man-in-the-middle attack
s.
in California
.
The concept of obfuscating TCP communications using opportunistic encryption evolved through several iterations. The experimental iterations of ObsTCP used TCP options in 'SYN' packets to advertise support for ObsTCP, the server responding with a public key in the 'SYNACK'. An IETF draft protocol was first published in July 2008. Packets were encrypted with Salsa20/8, and signed packets with MD5 checksums.
The present (third) iteration uses special DNS records (or out of band methods) to advertise support and keys, without modifying the operation of the underlying TCP protocol.
s, the services of Certificate Authorities
, or a complex Public Key Infrastructure
. It is intended to suppress the use of undirected surveillance to trawl unencrypted traffic, rather than protect against man in the middle attack.
The software presently supports the Salsa20/8 stream cipher and Curve25519 Elliptic-curve Diffie Hellman function.
Internet Protocol Security (IPsec)
, the protocol for IP encryption and authentication, forms an integral part of the base protocol suite in IPv6
. IPsec support is mandatory in IPv6; this is unlike IPv4, where it is optional.
A DNS 'A record' may be used to advertise server support for ObsTCP (with a DNS 'CNAME record'
providing a 'friendly' name). HTTP header records, or cached/out of band keyset information may also be used instead.
A client connecting to an ObsTCP server parses the DNS entries, uses HTTP header records, or uses cached/out of band data to obtain the public key and port number, before connecting to the server and encrypting traffic.
Opportunistic encryption
Opportunistic Encryption refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.Opportunistic encryption can be used to...
over TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
. It was designed to prevent mass wiretapping and malicious corruption of TCP traffic on the internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
, with lower implementation cost and complexity than TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
. In August 2008, IETF rejected the proposal for a TCP option, suggesting it be done on the application layer instead. The project has been inactive since a few months later.
In 2010 June, a separate proposal called tcpcrypt
Tcpcrypt
In computer networking, tcpcrypt is a transport layer communication encryption protocol. Unlike prior protocols like TLS , tcpcrypt is implemented as a TCP extension. It was designed by a team of six security and networking experts: Andrea Bittau, Mike Hamburg, Mark Handley, David Mazières, Dan...
has been submitted, which shares many of the goals of ObsTCP: being transparent to applications, opportunistic and low overhead. It requires even less configuration (no DNS entries or HTTP headers). Unlike ObsTCP, tcpcrypt also provides primitives down to the application to implement authentication and prevent man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s.
Historical origin
ObsTCP was created by Adam Langley, a former Maths and Computing student and systems administrator at Imperial College London, currently an employee of GoogleGoogle
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
in California
California
California is a state located on the West Coast of the United States. It is by far the most populous U.S. state, and the third-largest by land area...
.
The concept of obfuscating TCP communications using opportunistic encryption evolved through several iterations. The experimental iterations of ObsTCP used TCP options in 'SYN' packets to advertise support for ObsTCP, the server responding with a public key in the 'SYNACK'. An IETF draft protocol was first published in July 2008. Packets were encrypted with Salsa20/8, and signed packets with MD5 checksums.
The present (third) iteration uses special DNS records (or out of band methods) to advertise support and keys, without modifying the operation of the underlying TCP protocol.
Encryption Features
ObsTCP is a low cost protocol intended to protect TCP traffic, without requiring public key certificatePublic key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s, the services of Certificate Authorities
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
, or a complex Public Key Infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
. It is intended to suppress the use of undirected surveillance to trawl unencrypted traffic, rather than protect against man in the middle attack.
The software presently supports the Salsa20/8 stream cipher and Curve25519 Elliptic-curve Diffie Hellman function.
Comparison with TLS/SSL/HTTPS
| Feature | ObsTCP | SSL/TLS/HTTPS |
|---|---|---|
| Public Key Infrastructure | Does not require a signed public key certificate | Requires that a signed public key certificate is purchased (or self signed certificate is used) |
| Web Browser Support | Patched versions of Firefox available | Widely supported by all popular web browsers |
| Web Server Support | Requires patches/server upgrades for lighttpd Lighttpd lighttpd is an open-source web server more optimized for speed-critical environments than common products while remaining standards-compliant, secure and flexible... and Apache |
Widely supported by popular web servers |
| Network Latency | Nil additional round trips per connection (though DNS Domain name system The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities... lookup may be required to obtain key advertisement) |
One or two additional round trips per connection |
| Encryption Speed | Very fast cryptography | Slower |
| TCP Port | Can use any TCP port | Typically uses port 443 |
| Security Characteristics | Does not resist some man in the middle attacks | Resists man in the middle attacks |
Internet Protocol Security (IPsec)
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
, the protocol for IP encryption and authentication, forms an integral part of the base protocol suite in IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
. IPsec support is mandatory in IPv6; this is unlike IPv4, where it is optional.
Connection establishment
A server using ObsTCP advertises a public key and a port number.A DNS 'A record' may be used to advertise server support for ObsTCP (with a DNS 'CNAME record'
CNAME record
A CNAME record or Canonical Name record is a type of resource record in the Domain Name System that specifies that the domain name is an alias of another, canonical domain name. This helps when running multiple services from a single IP address...
providing a 'friendly' name). HTTP header records, or cached/out of band keyset information may also be used instead.
A client connecting to an ObsTCP server parses the DNS entries, uses HTTP header records, or uses cached/out of band data to obtain the public key and port number, before connecting to the server and encrypting traffic.
Weaknesses
ObsTCP is vulnerable to a number of man in the middle attacks.See also
- Opportunistic encryptionOpportunistic encryptionOpportunistic Encryption refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.Opportunistic encryption can be used to...
- tcpcryptTcpcryptIn computer networking, tcpcrypt is a transport layer communication encryption protocol. Unlike prior protocols like TLS , tcpcrypt is implemented as a TCP extension. It was designed by a team of six security and networking experts: Andrea Bittau, Mike Hamburg, Mark Handley, David Mazières, Dan...
(a newer proposal with similar goals) - Transport Layer SecurityTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
(TLS, also known as SSL) - IPsecIPsecInternet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...