An Evaluation of TCP Crypt
Project Background and Aims
The goal of this project is to evaluate the cost of encrypting all TCP communications using TCPcrypt. In the post Snowden world it is now well known that many private and state actors will log and record all possible network communications. To ensure user's transactions remain private, it is necessary to encrypt all data end-to-end. SSL/TLS has typically been used to ensure that Internet sessions stay private however, for many, it is too cumbersome to obtain and maintain certificates. VPNs are another way for network communications to remain private, however for end users the configuration can be problematic. There is a new IETF proposal which enables data to be encrypted end-to-end.
This project will:
- Perform a literature review and document the currently known benefits and issues with SSL/TLS, VPNs and TCPCrypt
- Evaluate the performance of TCPcrypt againstVPN, SSL/TLS and standard TCP. Important criteria: CPU cycles, Memory usage, Latency, Latency under load, Maximum supported TCPflows
- Based on the results, desribe where TCPcrypt should be used in the internet. For which applications is the argument for TCPcrypt most compelling.
Project Skills
The project team will require:- Project management skills
- Unix network administration and security knowledge
- Literature reviews, controlled experiments, result analysis
Initial References
- A. Bittau, M. Hamburg, M. Handley, D. Mazieres, D. Boneh, “The case for ubiquitous transport-level encryption”, USENIX Security'10 Proceedings of the 19th USENIX conference on Security, 2010, tcpcrypt.org/tcpcrypt.pdf
- A. Bittau, D. Boneh, M. Handley, D. Mazieres, Q. Slack, Cryptographic protection of TCP Streams (tcpcrypt), IETF Internet Draft, 2014 https://tools.ietf.org/html/draft-bittau-tcp-crypt-04