1. bookVolume 2020 (2020): Issue 2 (April 2020)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Enhanced Performance and Privacy for TLS over TCP Fast Open

Published Online: 08 May 2020
Page range: 271 - 287
Received: 31 Aug 2019
Accepted: 16 Dec 2019
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English

Small TCP flows make up the majority of web flows. For them, the TCP three-way handshake induces significant delay overhead. The TCP Fast Open (TFO) protocol can significantly decrease this delay via zero round-trip time (0-RTT) handshakes for all TCP handshakes that follow a full initial handshake to the same host. However, this comes at the cost of privacy limitations and also has some performance limitations. In this paper, we investigate the TFP deployment on popular websites and browsers. We found that a client revisiting a web site for the first time fails to use an abbreviated TFO handshake in 40% of all cases due to web server load-balancing using multiple IP addresses. Our analysis further reveals significant privacy problems of the protocol design and implementation. Network-based attackers and online trackers can exploit TFO to track the online activities of users. As a countermeasure, we introduce a novel protocol called TCP Fast Open Privacy (FOP). TCP FOP prevents tracking by network attackers and impedes third-party tracking, while still allowing 0-RTT handshakes as in TFO. As a proof-of-concept, we have implemented the proposed protocol for the Linux kernel and a TLS library. Our measurements indicate that TCP FOP outperforms TLS over TFO when websites are served from multiple IP addresses.

Keywords

[1] Alexa Internet Inc. Alexa Top 1,000,000 Sites, 2018. URL http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.Search in Google Scholar

[2] J. Anastasov. IP-TCP_METRICS, 2018. URL man7.org/linux/man-pages/man8/ip-tcp_metrics.8.html.Search in Google Scholar

[3] P. Balasubramanian. Privacy problems of TCP Fast Open, 2019. URL mailarchive.ietf.org/arch/msg/tcpm/7QtnB9FCF-pKeUpNt64woJ-kCy8.Search in Google Scholar

[4] A. Bittau, M. Hamburg, M. Handley, D. Mazieres, and D. Boneh. The case for ubiquitous transport-level encryption. 2010.Search in Google Scholar

[5] Y. Cheng, J. Chu, S. Radhakrishnan, and A. Jain. TCP Fast Open. RFC 7413, Dec. 2014.Search in Google Scholar

[6] P. Eckersley. How unique is your web browser? In PET Symposium. Springer, 2010.Search in Google Scholar

[7] S. Englehardt and A. Narayanan. Online tracking: A 1-million-site measurement and analysis. In CCS, 2016.Search in Google Scholar

[8] Google LLC. Google IPv6 Statistics, 2019. URL https://www.google.com/intl/en/ipv6/statistics.html.Search in Google Scholar

[9] M. Honda, Y. Nishida, C. Raiciu, A. Greenhalgh, M. Hand-ley, and H. Tokuda. Is it still possible to extend TCP? In IMC, 2011.Search in Google Scholar

[10] HTTP Archive. Report: State of the Web, 2018. URL https://www.httparchive.org/reports/state-of-the-web.Search in Google Scholar

[11] Kernel development community. Kernel TLS, 2019. URL www.kernel.org/doc/html/latest/networking/tls.html.Search in Google Scholar

[12] A. Langley, A. Riddoch, A. Wilk, A. Vicente, C. Krasic, D. Zhang, F. Yang, F. Kouranov, I. Swett, J. Iyengar, et al. The QUIC transport protocol: Design and Internet-scale deployment. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication, 2017.Search in Google Scholar

[13] Linux man-pages project. tcp - TCP protocol, 2018. URL man7.org/linux/man-pages/man7/tcp.7.htmll.Search in Google Scholar

[14] K. McCarthy. OK, this time it’s for real: The last available IPv4 address block has gone, 2019. URL https://www.theregister.co.uk/2018/04/18/last_ipv4_address/.Search in Google Scholar

[15] Mozilla Corporation. User tracking via TCP Fast Open, 2018. URL bugzilla.mozilla.org/show_bug.cgi?id=1500224.Search in Google Scholar

[16] Mozilla Foundation. Private Browsing - Use Firefox without saving history, 2018. URL https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history.Search in Google Scholar

[17] S. J. Murdoch. Hot or not: Revealing hidden services by their clock skew. In CCS, 2006.Search in Google Scholar

[18] D. T. Narten, R. P. Draves, and S. Krishnan. Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 4941, Sept. 2007.Search in Google Scholar

[19] OpenSignal. LTE Latency: How does it compare to other technologies?, 2014. URL opensignal.com/blog/2014/03/10/lte-latency-how-does-it-compare-to-other-technologies/.Search in Google Scholar

[20] OpenSignal. State of Mobile Networks: USA (July 2018), 2018. URL opensignal.com/reports/2018/07/usa/state-ofthe-mobile-network.Search in Google Scholar

[21] C. Paasch. Network support for TCP Fast Open, 2016. URL nanog.org/sites/default/files/Paasch_Network_Support.pdf.Search in Google Scholar

[22] L. Polcák, J. Jirásek, and P. Matousek. Comment on” Remote Physical Device Fingerprinting”. IEEE Trans. Dependable Sec. Comput., 11, 2014.Search in Google Scholar

[23] J. Postel. Transmission Control Protocol. RFC 793, Sept. 1981.Search in Google Scholar

[24] J. Postel and J. K. Reynolds. Assigned Numbers. RFC 1700, Oct. 1994.Search in Google Scholar

[25] C. Raiciu, C. Paasch, S. Barre, A. Ford, M. Honda, F. Duchene, O. Bonaventure, and M. Handley. How hard can it be? designing and implementing a deployable multi-path TCP. In NSDI, 2012.Search in Google Scholar

[26] E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, Aug. 2018.Search in Google Scholar

[27] StatCounter. Desktop Browser Market Share Worldwide, 2018. URL http://gs.statcounter.com/browser-market-share.Search in Google Scholar

[28] E. Sy. Enhanced Performance and Privacy via Resolver-Less DNS. arXiv preprint arXiv:1908.04574, 2019.Search in Google Scholar

[29] E. Sy, C. Burkert, H. Federrath, and M. Fischer. Tracking Users Across the Web via TLS Session Resumption. ACSAC ’18, 2018.Search in Google Scholar

[30] E. Sy, C. Burkert, H. Federrath, and M. Fischer. A QUIC Look at Web Tracking. PET Symposium, 3, 2019.Search in Google Scholar

[31] E. Sy, M. Moennich, T. Mueller, H. Federrath, and M. Fischer. Enhanced Performance for the encrypted Web through TLS Resumption across Hostnames. arXiv preprint arXiv:1902.02531, 2019.Search in Google Scholar

[32] Y. Xie, F. Yu, K. Achan, E. Gillum, M. Goldszmidt, and T. Wobber. How Dynamic Are IP Addresses? SIGCOMM Comput. Commun. Rev., 37(4), Aug. 2007.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo