The Case for Ubiquitous Transport-Level Encryption

The Case for Ubiquitous Transport-Level Encryption
Andrea Bittau

Citation
Andrea Bittau. "The Case for Ubiquitous Transport-Level Encryption". Talk or presentation, 10, November, 2010.

Abstract
Today, Internet traffic is encrypted only when deemed necessary. Yet modern CPUs could feasibly encrypt most traffic and the cost of doing so will only drop over time. Tcpcrypt is a TCP extension designed to make end-to-end encryption of TCP traffic the default, not the exception. Tcpcrypt has a number of features to facilitate adoption. It provides backwards compatibility with legacy TCP stacks and middleboxes. Because it is implemented in the transport layer, it protects legacy applications. However, it also provides a hook for integration with application-layer authentication, largely obviating the need for applications to encrypt their own network traffic and minimizing the need for duplication of functionality. Finally, tcpcrypt lessens the impact of public key cryptography by minimizing the cost of key negotiation to servers. As a result, a server can accept 36 times more connections per second with tcpcrypt than with SSL.

Electronic downloads

11%20-%20Bittau%20%28Stanford%29.pdf · application/nappdf · 887 kbytes

Citation formats

HTML

Andrea Bittau. <a
href="http://www.truststc.org/pubs/765.html"
><i>The Case for Ubiquitous Transport-Level
Encryption</i></a>, Talk or presentation,  10,
November, 2010.

Plain text

Andrea Bittau. "The Case for Ubiquitous Transport-Level
Encryption". Talk or presentation,  10, November, 2010.

BibTeX

@presentation{Bittau10_CaseForUbiquitousTransportLevelEncryption,
    author = {Andrea Bittau},
    title = {The Case for Ubiquitous Transport-Level Encryption},
    day = {10},
    month = {November},
    year = {2010},
    abstract = {Today, Internet traffic is encrypted only when
              deemed necessary. Yet modern CPUs could feasibly
              encrypt most traffic and the cost of doing so will
              only drop over time. Tcpcrypt is a TCP extension
              designed to make end-to-end encryption of TCP
              traffic the default, not the exception. Tcpcrypt
              has a number of features to facilitate adoption.
              It provides backwards compatibility with legacy
              TCP stacks and middleboxes. Because it is
              implemented in the transport layer, it protects
              legacy applications. However, it also provides a
              hook for integration with application-layer
              authentication, largely obviating the need for
              applications to encrypt their own network traffic
              and minimizing the need for duplication of
              functionality. Finally, tcpcrypt lessens the
              impact of public key cryptography by minimizing
              the cost of key negotiation to servers. As a
              result, a server can accept 36 times more
              connections per second with tcpcrypt than with SSL.},
    URL = {http://www.truststc.org/pubs/765.html}
}

Posted by Larry Rohrbough on 7 Dec 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.