The case for ubiquitous transport-level encryption

Authors: A. Bittau, M. Hamburg, M. Handley, D. Mazières, and D. Boneh

Today, Internet traffic is encrypted only when deemed necessary. Yet modern CPUs could feasibly encrypt most traffic and the cost of doing so will only drop over time. Tcpcrypt is a TCP extension designed to make end-to-end encryption of TCP traffic the default, not the exception. Tcpcrypt has a number of features to facilitate adoption. It provides backwards compatibility with legacy TCP stacks and middleboxes. Because it is implemented in the transport layer, it protects legacy applications. However, it also provides a hook for integration with application-layer authentication, largely obviating the need for applications to encrypt their own network traffic and minimizing the need for duplication of functionality. Finally, tcpcrypt lessens the impact of public key cryptography by minimizing the cost of key negotiation to servers. As a result, a server can accept 36 times more connections per second with tcpcrypt than with SSL.

In proceedings of Usenix Security 2010.

Full paper: pdf

Related papers: Please visit the tcpcrypt web site.