SlideShare a Scribd company logo

TCPLS presentation @ietf 109

Download as PPTX, PDF
Olivier Bonaventure
Olivier Bonaventure

Short summary of hotnets'20 paper see https://www.pluginized-protocols.org

Internet
1 of 15
TCPLS : Closely Integrating TCP and TLS Florentin Rochet, Emery Assogba, Olivier Bonaventure UCLouvain This work was partially supported by the Walloon government within the MQUIC project 1
Our current stack • TLS 1.3 • provides security • More and more used on WANs and by a variety of applications • TCP • provides connection abstraction, realibility, congestion control • Most popular transport protocol • In the future, TCP could always be used with TLS TCP Socket IP Application TLS 2
Control and data separation in TCP Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Payload TCP Options • Very simple Control Data restricts the length of 3
TLS 1.3 in one slide • Secure Handshake • The encrypted TLS records ClientHello( ... Extension) ServerHello(.. EncryptedExt) Finished Application Data Finished 0-rtt mode in parallel with the TCP handshake is possible Type Version Length Always 23 App Data TLS 1.3 TrueType Encrypted and authenticated Encrypted and thus invisible to middleboxes 4
An integrated stack • Key idea • Use new TLS record types to carry TCP control plane information • TLS record to carry TCP option • TCP option inside ClientHello Extension • TCP option inside ServerHello EncrytedExt • TCPLS has 2 different channels for TCP control • regular TCP options • Encrypted TLS recordsIP Application TCPLS TLS TCP Socket 5
The TCPLS control channels 6 Application TCPLS TLS TCP Socket Enc. TLS rec #2 (data) Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window TCP Options Enc. TLS rec #1(control) Application TCPLS TLS TCP Socket TCP header TLS records
Use case : Securing Multipath TCP • Security concerns • token is exchanged inside SYN/SYN+ACK • ADD_ADDR authentication • ADD_ADDR not reliable • With TCPLS • Derive token from TLS secrets • TCPLS record for ADD_ADDR • reliable and authenticated • REMOVE_ADDR could still be sent as TCP option 7
Use case : Stronger TFO • Concern • The security of TFO is limited by the length of the TCP options in the SYN to encode the cookie • TCPLS approach • Use TLS’s 0-RTT and • send ClientHello inside SYN payload with TCPLS cookie • send ServerHello inside SYN+ACK payload with TCPLS cookie • Cookies can be longer and more secure by leveraging the existing TLS mechanisms • Middlebox interference • Apple’s measurements do not seem to indicate that the length of the payload in the SYN is a strong factor in middlebox interference 8
Use case : More space for TCP options • TCPLS approach • More options during the handshake • Leverage the 0-RTT handshake • ServerHello inside SYN+ACK and TCP Options as ServerHello EncryptedExt • Define TLS record type to carry TCP options • Late negotiation of TCP extensions • Since TLS records are reliably exchanged, we could also negotiate a TCP extension after the establishment of a connection 9
Use case : True keepalives • Concern • Keepalives really part of TCP • TCPLS approach • New ping/pong TCPLS record type • Hosts can send ping/pong records including data without interfering with payload • TCPLS can negotiate keepalive intervals and other informations RFC1122 10
Use case : Secure session release • Concern • Middleboxes or attackers can force the termination of TCP connections using RST or FIN • TCPLS approach • New authenticated record type indicating end of TCPLS connection • If RST or FIN are received before the exchange of this record, then the underlying TCP connection can be automatically reestablished 11
Use case : Happy eyeballs • Server supports IPv4 and IPv6 • Client learns addresses from DNS and initiates IPv6 and later IPv4 connection • With TCPLS • Server uses EncryptedExt in ServerHello to advertise its alternate address • Similar to what QUIC connection migration or MPTCP’s ADD_ADDR • Client learns alternate server address during handshake • Client can create connection to alternate address, test it and migrate the connection 12
Use case : Connection migration • Concern • Smartphone wants to move to cellular while preserving established TCPLS session • Implemented TCPLS approach • Server provides connection identifier and cookie in ServerHello • Client creates second TCPLS subflow to server using this information • Server and client move data transfer to new TCPLS subflow 13
Conclusion • Don’t consider TCP and TLS as separate and independent protocols • TLS 1.3 can be efficiently combined with TCP to improve it • More details are available in our Hotnets’20 paper • There is running code based on picotls at https://pluginized-protocols.org 14
Conclusion • Don’t consider TCP and TLS as separate and independent protocols • TLS 1.3 can be efficiently combined with TCP to improve it • More details are available in our Hotnets’20 paper • There is running code based on picotls at https://pluginized-protocols.org 15

Recommended

10 routing-bgp
10 routing-bgp10 routing-bgp
10 routing-bgpOlivier Bonaventure
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applicationsOlivier Bonaventure
 
Part 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPPart 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPOlivier Bonaventure
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Olivier Bonaventure
 
Making our networking stack truly extensible
Making our networking stack truly extensible Making our networking stack truly extensible
Making our networking stack truly extensible Olivier Bonaventure
 
IPv6 Segment Routing : an end-to-end solution ?
IPv6 Segment Routing : an end-to-end solution ?IPv6 Segment Routing : an end-to-end solution ?
IPv6 Segment Routing : an end-to-end solution ?Olivier Bonaventure
 
12 ethernet-wifi
12 ethernet-wifi12 ethernet-wifi
12 ethernet-wifiOlivier Bonaventure
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layersOlivier Bonaventure
 

Recommended

10 routing-bgp
10 routing-bgp10 routing-bgp
10 routing-bgpOlivier Bonaventure
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applicationsOlivier Bonaventure
 
Part 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPPart 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPOlivier Bonaventure
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Olivier Bonaventure
 
Making our networking stack truly extensible
Making our networking stack truly extensible Making our networking stack truly extensible
Making our networking stack truly extensible Olivier Bonaventure
 
IPv6 Segment Routing : an end-to-end solution ?
IPv6 Segment Routing : an end-to-end solution ?IPv6 Segment Routing : an end-to-end solution ?
IPv6 Segment Routing : an end-to-end solution ?Olivier Bonaventure
 
12 ethernet-wifi
12 ethernet-wifi12 ethernet-wifi
12 ethernet-wifiOlivier Bonaventure
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layersOlivier Bonaventure
 
Network interview questions
Network interview questionsNetwork interview questions
Network interview questionsrajasekar1712
 
Part 4 : reliable transport and sharing resources
Part 4 : reliable transport and sharing resourcesPart 4 : reliable transport and sharing resources
Part 4 : reliable transport and sharing resourcesOlivier Bonaventure
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsDuane Bodle
 
6 app-tcp
6 app-tcp6 app-tcp
6 app-tcpOlivier Bonaventure
 
9 ipv6-routing
9 ipv6-routing9 ipv6-routing
9 ipv6-routingOlivier Bonaventure
 
Future Internet protocols
Future Internet protocolsFuture Internet protocols
Future Internet protocolsOlivier Bonaventure
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCPOlivier Bonaventure
 
Part 5 : Sharing resources, security principles and protocols
Part 5 : Sharing resources, security principles and protocolsPart 5 : Sharing resources, security principles and protocols
Part 5 : Sharing resources, security principles and protocolsOlivier Bonaventure
 
16 coms 525 tcpip - routing protocols -all
16 coms 525 tcpip - routing protocols -all16 coms 525 tcpip - routing protocols -all
16 coms 525 tcpip - routing protocols -allPalanivel Kuppusamy
 
8 congestion-ipv6
8 congestion-ipv68 congestion-ipv6
8 congestion-ipv6Olivier Bonaventure
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
5 sharing-app
5 sharing-app5 sharing-app
5 sharing-appOlivier Bonaventure
 
Transport layer
Transport layerTransport layer
Transport layerarvind pandey
 
Tcp
TcpTcp
TcpVarsha Kumar
 
TCP Theory
TCP TheoryTCP Theory
TCP Theorysoohyunc
 
Lec 12(Transport Layer)
Lec 12(Transport Layer)Lec 12(Transport Layer)
Lec 12(Transport Layer)maamir farooq
 
TCP/IP and UDP protocols
TCP/IP and UDP protocolsTCP/IP and UDP protocols
TCP/IP and UDP protocolsDawood Faheem Abbasi
 
TCP- Transmission Control Protocol
TCP- Transmission Control Protocol TCP- Transmission Control Protocol
TCP- Transmission Control Protocol Akhil .B
 
TCP - Transmission Control Protocol
TCP - Transmission Control ProtocolTCP - Transmission Control Protocol
TCP - Transmission Control ProtocolPeter R. Egli
 
Chapter 3 : User Datagram Protocol (UDP)
Chapter 3 : User Datagram Protocol (UDP)Chapter 3 : User Datagram Protocol (UDP)
Chapter 3 : User Datagram Protocol (UDP)Ministry of Higher Education
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 

More Related Content

What's hot

Network interview questions
Network interview questionsNetwork interview questions
Network interview questionsrajasekar1712
 
Part 4 : reliable transport and sharing resources
Part 4 : reliable transport and sharing resourcesPart 4 : reliable transport and sharing resources
Part 4 : reliable transport and sharing resourcesOlivier Bonaventure
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsDuane Bodle
 
Part 5 : Sharing resources, security principles and protocols
Part 5 : Sharing resources, security principles and protocolsPart 5 : Sharing resources, security principles and protocols
Part 5 : Sharing resources, security principles and protocolsOlivier Bonaventure
 
16 coms 525 tcpip - routing protocols -all
16 coms 525 tcpip - routing protocols -all16 coms 525 tcpip - routing protocols -all
16 coms 525 tcpip - routing protocols -allPalanivel Kuppusamy
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
TCP Theory
TCP TheoryTCP Theory
TCP Theorysoohyunc
 
Lec 12(Transport Layer)
Lec 12(Transport Layer)Lec 12(Transport Layer)
Lec 12(Transport Layer)maamir farooq
 
TCP- Transmission Control Protocol
TCP- Transmission Control Protocol TCP- Transmission Control Protocol
TCP- Transmission Control Protocol Akhil .B
 
TCP - Transmission Control Protocol
TCP - Transmission Control ProtocolTCP - Transmission Control Protocol
TCP - Transmission Control ProtocolPeter R. Egli
 

What's hot (20)

Network interview questions
Network interview questionsNetwork interview questions
Network interview questions
 
Part 4 : reliable transport and sharing resources
Part 4 : reliable transport and sharing resourcesPart 4 : reliable transport and sharing resources
Part 4 : reliable transport and sharing resources
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview Questions
 
6 app-tcp
6 app-tcp6 app-tcp
6 app-tcp
 
9 ipv6-routing
9 ipv6-routing9 ipv6-routing
9 ipv6-routing
 
Future Internet protocols
Future Internet protocolsFuture Internet protocols
Future Internet protocols
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
 
Part 5 : Sharing resources, security principles and protocols
Part 5 : Sharing resources, security principles and protocolsPart 5 : Sharing resources, security principles and protocols
Part 5 : Sharing resources, security principles and protocols
 
16 coms 525 tcpip - routing protocols -all
16 coms 525 tcpip - routing protocols -all16 coms 525 tcpip - routing protocols -all
16 coms 525 tcpip - routing protocols -all
 
8 congestion-ipv6
8 congestion-ipv68 congestion-ipv6
8 congestion-ipv6
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocols
 
5 sharing-app
5 sharing-app5 sharing-app
5 sharing-app
 
Transport layer
Transport layerTransport layer
Transport layer
 
Tcp
TcpTcp
Tcp
 
TCP Theory
TCP TheoryTCP Theory
TCP Theory
 
Lec 12(Transport Layer)
Lec 12(Transport Layer)Lec 12(Transport Layer)
Lec 12(Transport Layer)
 
TCP/IP and UDP protocols
TCP/IP and UDP protocolsTCP/IP and UDP protocols
TCP/IP and UDP protocols
 
TCP- Transmission Control Protocol
TCP- Transmission Control Protocol TCP- Transmission Control Protocol
TCP- Transmission Control Protocol
 
TCP - Transmission Control Protocol
TCP - Transmission Control ProtocolTCP - Transmission Control Protocol
TCP - Transmission Control Protocol
 
Chapter 3 : User Datagram Protocol (UDP)
Chapter 3 : User Datagram Protocol (UDP)Chapter 3 : User Datagram Protocol (UDP)
Chapter 3 : User Datagram Protocol (UDP)
 

Similar to TCPLS presentation @ietf 109

BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
FILE TRANSFER PROTOCOL BY LAXMI $ Group
FILE TRANSFER PROTOCOL BY LAXMI $ GroupFILE TRANSFER PROTOCOL BY LAXMI $ Group
FILE TRANSFER PROTOCOL BY LAXMI $ Grouprajeev bhatt
 
The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)Mathias Slawik
 
tcp-ippresentation-150614172243-lva1-app6892.pptx
tcp-ippresentation-150614172243-lva1-app6892.pptxtcp-ippresentation-150614172243-lva1-app6892.pptx
tcp-ippresentation-150614172243-lva1-app6892.pptxAlphaKoiSylvester
 
TRANSPORT LAYER ppt.pptx
TRANSPORT LAYER ppt.pptxTRANSPORT LAYER ppt.pptx
TRANSPORT LAYER ppt.pptxutkarshlodhi4
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfNiharikaDubey17
 
Transport protocols
Transport protocolsTransport protocols
Transport protocolsOnline
 
TCP - IP Presentation
TCP - IP PresentationTCP - IP Presentation
TCP - IP PresentationHarish Chand
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptx1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptxVINAYTANWAR18
 
Features of tcp (part 2) .68
Features of tcp (part 2) .68Features of tcp (part 2) .68
Features of tcp (part 2) .68myrajendra
 
Unit-4 (1).pptx
Unit-4 (1).pptxUnit-4 (1).pptx
Unit-4 (1).pptxpoonamsngr
 
Transmission Control Protocol_ Computer Networks
Transmission Control Protocol_ Computer NetworksTransmission Control Protocol_ Computer Networks
Transmission Control Protocol_ Computer NetworksManimaran A
 

Similar to TCPLS presentation @ietf 109 (20)

BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLS
 
FILE TRANSFER PROTOCOL BY LAXMI $ Group
FILE TRANSFER PROTOCOL BY LAXMI $ GroupFILE TRANSFER PROTOCOL BY LAXMI $ Group
FILE TRANSFER PROTOCOL BY LAXMI $ Group
 
The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)
 
TCP/IP(networking)
TCP/IP(networking)TCP/IP(networking)
TCP/IP(networking)
 
tcp-ippresentation-150614172243-lva1-app6892.pptx
tcp-ippresentation-150614172243-lva1-app6892.pptxtcp-ippresentation-150614172243-lva1-app6892.pptx
tcp-ippresentation-150614172243-lva1-app6892.pptx
 
TRANSPORT LAYER ppt.pptx
TRANSPORT LAYER ppt.pptxTRANSPORT LAYER ppt.pptx
TRANSPORT LAYER ppt.pptx
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
 
Transport protocols
Transport protocolsTransport protocols
Transport protocols
 
TCP - IP Presentation
TCP - IP PresentationTCP - IP Presentation
TCP - IP Presentation
 
Tcp ip presentation
Tcp ip presentationTcp ip presentation
Tcp ip presentation
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptx1.1.2 - Concept of Network and TCP_IP Model (2).pptx
1.1.2 - Concept of Network and TCP_IP Model (2).pptx
 
Features of tcp (part 2) .68
Features of tcp (part 2) .68Features of tcp (part 2) .68
Features of tcp (part 2) .68
 
0-RTT TCP converters
0-RTT TCP converters0-RTT TCP converters
0-RTT TCP converters
 
Unit-4 (1).pptx
Unit-4 (1).pptxUnit-4 (1).pptx
Unit-4 (1).pptx
 
Transmission Control Protocol_ Computer Networks
Transmission Control Protocol_ Computer NetworksTransmission Control Protocol_ Computer Networks
Transmission Control Protocol_ Computer Networks
 
ip security
ip securityip security
ip security
 

More from Olivier Bonaventure

A personal journey towards more reproducible networking research
A personal journey towards more reproducible networking researchA personal journey towards more reproducible networking research
A personal journey towards more reproducible networking researchOlivier Bonaventure
 
Part 11 : Interdomain routing with BGP
Part 11 : Interdomain routing with BGPPart 11 : Interdomain routing with BGP
Part 11 : Interdomain routing with BGPOlivier Bonaventure
 
Part 10 : Routing in IP networks and interdomain routing with BGP
Part 10 : Routing in IP networks and interdomain routing with BGPPart 10 : Routing in IP networks and interdomain routing with BGP
Part 10 : Routing in IP networks and interdomain routing with BGPOlivier Bonaventure
 
Part 8 : TCP and Congestion control
Part 8 : TCP and Congestion controlPart 8 : TCP and Congestion control
Part 8 : TCP and Congestion controlOlivier Bonaventure
 

More from Olivier Bonaventure (20)

Part3-reliable.pptx
Part3-reliable.pptxPart3-reliable.pptx
Part3-reliable.pptx
 
Part10-router.pptx
Part10-router.pptxPart10-router.pptx
Part10-router.pptx
 
Part1-Intro-Apps.pptx
Part1-Intro-Apps.pptxPart1-Intro-Apps.pptx
Part1-Intro-Apps.pptx
 
Part9-congestion.pptx
Part9-congestion.pptxPart9-congestion.pptx
Part9-congestion.pptx
 
Part2-Apps-Security.pptx
Part2-Apps-Security.pptxPart2-Apps-Security.pptx
Part2-Apps-Security.pptx
 
Part11-lan.pptx
Part11-lan.pptxPart11-lan.pptx
Part11-lan.pptx
 
Part5-tcp-improvements.pptx
Part5-tcp-improvements.pptxPart5-tcp-improvements.pptx
Part5-tcp-improvements.pptx
 
Part8-ibgp.pptx
Part8-ibgp.pptxPart8-ibgp.pptx
Part8-ibgp.pptx
 
Part4-reliable-tcp.pptx
Part4-reliable-tcp.pptxPart4-reliable-tcp.pptx
Part4-reliable-tcp.pptx
 
Part7-routing.pptx
Part7-routing.pptxPart7-routing.pptx
Part7-routing.pptx
 
Part6-network-routing.pptx
Part6-network-routing.pptxPart6-network-routing.pptx
Part6-network-routing.pptx
 
Part1-Intro-Apps.pptx
Part1-Intro-Apps.pptxPart1-Intro-Apps.pptx
Part1-Intro-Apps.pptx
 
Part2-Apps-Security.pptx
Part2-Apps-Security.pptxPart2-Apps-Security.pptx
Part2-Apps-Security.pptx
 
Part4-reliable-tcp.pptx
Part4-reliable-tcp.pptxPart4-reliable-tcp.pptx
Part4-reliable-tcp.pptx
 
Part3-reliable.pptx
Part3-reliable.pptxPart3-reliable.pptx
Part3-reliable.pptx
 
A personal journey towards more reproducible networking research
A personal journey towards more reproducible networking researchA personal journey towards more reproducible networking research
A personal journey towards more reproducible networking research
 
Part 12 : Local Area Networks
Part 12 : Local Area Networks Part 12 : Local Area Networks
Part 12 : Local Area Networks
 
Part 11 : Interdomain routing with BGP
Part 11 : Interdomain routing with BGPPart 11 : Interdomain routing with BGP
Part 11 : Interdomain routing with BGP
 
Part 10 : Routing in IP networks and interdomain routing with BGP
Part 10 : Routing in IP networks and interdomain routing with BGPPart 10 : Routing in IP networks and interdomain routing with BGP
Part 10 : Routing in IP networks and interdomain routing with BGP
 
Part 8 : TCP and Congestion control
Part 8 : TCP and Congestion controlPart 8 : TCP and Congestion control
Part 8 : TCP and Congestion control
 

Recently uploaded

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...nirzagarg
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...SUHANI PANDEY
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 

Recently uploaded (20)

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 

TCPLS presentation @ietf 109

  • 1. TCPLS : Closely Integrating TCP and TLS Florentin Rochet, Emery Assogba, Olivier Bonaventure UCLouvain This work was partially supported by the Walloon government within the MQUIC project 1
  • 2. Our current stack • TLS 1.3 • provides security • More and more used on WANs and by a variety of applications • TCP • provides connection abstraction, realibility, congestion control • Most popular transport protocol • In the future, TCP could always be used with TLS TCP Socket IP Application TLS 2
  • 3. Control and data separation in TCP Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Payload TCP Options • Very simple Control Data restricts the length of 3
  • 4. TLS 1.3 in one slide • Secure Handshake • The encrypted TLS records ClientHello( ... Extension) ServerHello(.. EncryptedExt) Finished Application Data Finished 0-rtt mode in parallel with the TCP handshake is possible Type Version Length Always 23 App Data TLS 1.3 TrueType Encrypted and authenticated Encrypted and thus invisible to middleboxes 4
  • 5. An integrated stack • Key idea • Use new TLS record types to carry TCP control plane information • TLS record to carry TCP option • TCP option inside ClientHello Extension • TCP option inside ServerHello EncrytedExt • TCPLS has 2 different channels for TCP control • regular TCP options • Encrypted TLS recordsIP Application TCPLS TLS TCP Socket 5
  • 6. The TCPLS control channels 6 Application TCPLS TLS TCP Socket Enc. TLS rec #2 (data) Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window TCP Options Enc. TLS rec #1(control) Application TCPLS TLS TCP Socket TCP header TLS records
  • 7. Use case : Securing Multipath TCP • Security concerns • token is exchanged inside SYN/SYN+ACK • ADD_ADDR authentication • ADD_ADDR not reliable • With TCPLS • Derive token from TLS secrets • TCPLS record for ADD_ADDR • reliable and authenticated • REMOVE_ADDR could still be sent as TCP option 7
  • 8. Use case : Stronger TFO • Concern • The security of TFO is limited by the length of the TCP options in the SYN to encode the cookie • TCPLS approach • Use TLS’s 0-RTT and • send ClientHello inside SYN payload with TCPLS cookie • send ServerHello inside SYN+ACK payload with TCPLS cookie • Cookies can be longer and more secure by leveraging the existing TLS mechanisms • Middlebox interference • Apple’s measurements do not seem to indicate that the length of the payload in the SYN is a strong factor in middlebox interference 8
  • 9. Use case : More space for TCP options • TCPLS approach • More options during the handshake • Leverage the 0-RTT handshake • ServerHello inside SYN+ACK and TCP Options as ServerHello EncryptedExt • Define TLS record type to carry TCP options • Late negotiation of TCP extensions • Since TLS records are reliably exchanged, we could also negotiate a TCP extension after the establishment of a connection 9
  • 10. Use case : True keepalives • Concern • Keepalives really part of TCP • TCPLS approach • New ping/pong TCPLS record type • Hosts can send ping/pong records including data without interfering with payload • TCPLS can negotiate keepalive intervals and other informations RFC1122 10
  • 11. Use case : Secure session release • Concern • Middleboxes or attackers can force the termination of TCP connections using RST or FIN • TCPLS approach • New authenticated record type indicating end of TCPLS connection • If RST or FIN are received before the exchange of this record, then the underlying TCP connection can be automatically reestablished 11
  • 12. Use case : Happy eyeballs • Server supports IPv4 and IPv6 • Client learns addresses from DNS and initiates IPv6 and later IPv4 connection • With TCPLS • Server uses EncryptedExt in ServerHello to advertise its alternate address • Similar to what QUIC connection migration or MPTCP’s ADD_ADDR • Client learns alternate server address during handshake • Client can create connection to alternate address, test it and migrate the connection 12
  • 13. Use case : Connection migration • Concern • Smartphone wants to move to cellular while preserving established TCPLS session • Implemented TCPLS approach • Server provides connection identifier and cookie in ServerHello • Client creates second TCPLS subflow to server using this information • Server and client move data transfer to new TCPLS subflow 13
  • 14. Conclusion • Don’t consider TCP and TLS as separate and independent protocols • TLS 1.3 can be efficiently combined with TCP to improve it • More details are available in our Hotnets’20 paper • There is running code based on picotls at https://pluginized-protocols.org 14
  • 15. Conclusion • Don’t consider TCP and TLS as separate and independent protocols • TLS 1.3 can be efficiently combined with TCP to improve it • More details are available in our Hotnets’20 paper • There is running code based on picotls at https://pluginized-protocols.org 15