MinimaLT: Minimal-latency networking through better security

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2013, Pages 425-437

  Petullo, W Michael ^a   Zhang, Xu ^b   Solworth, Jon A ^b   Bernstein, Daniel J ^b,c   Lange, Tanja ^c  

^a UNITED STATES MILITARY ACADEMY   (United States)

^b UNIVERSITY OF ILLINOIS AT CHICAGO   (United States)

^c EINDHOVEN UNIVERSITY OF TECHNOLOGY   (Netherlands)

Author keywords

authentication; encryption; network security; protocol

Indexed keywords

DENIAL OF SERVICE; DOS ATTACKS; IP MOBILITY; PACKET HEADER; PRIVACY PRESERVING; THREE-WAY HANDSHAKE; USER AUTHENTICATION;

CRYPTOGRAPHY; INTERNET PROTOCOLS; NETWORK PROTOCOLS; NETWORK SECURITY;

AUTHENTICATION;

EID: 84889056294     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2508859.2516737     Document Type: Conference Paper

References (61)

1. W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. D. Keromytis, and O. Reingold. Just Fast Keying: Key agreement in a hostile Internet. ACM Trans. Inf. Syst. Secur., 7(2):242-273, May 2004.
2. N. AlFardan and K. Paterson. Lucky thirteen: Breaking the TLS and DTLS record protocols. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, pages 526-540, Washington, DC, USA, May 2013. IEEE Computer Society Press.
3. K. J. Argyraki, P. Maniatis, O. Irzak, S. Ashish, and S. Shenker. Loss and delay accountability for the internet. In Proceedings of the 2007 International Conference on Network Protocols, pages 194-205, Washington, DC, USA, 2007. IEEE Computer Society Press.
4. E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid. Recommendation for key management - Part 1: General (revised). US National Institute of Standards and Technology, Mar. 2007. http://csrc.nist.gov/publications/nistpubs/800-57/ sp800-57-Part1-revised2-Mar08-2007.pdf (accessed Aug 26, 2013).
5. D. J. Bernstein and T. Lange. eBACS: ECRYPT Benchmarking of Cryptographic Systems. http://bench.cr.yp.to/ (accessed Aug 26, 2013).
6. D. J. Bernstein, T. Lange, and P. Schwabe. NaCl: Networking and cryptography library. http://nacl.cr.yp.to/ (accessed Aug 26, 2013).
7. D. J. Bernstein, T. Lange, and P. Schwabe. The security impact of a new cryptographic library. In International Conference on Cryptology and Information Security in Latin America, volume 7533, pages 159-176. Springer, 2012.
8. D. J. Bernstein and P. Schwabe. NEON crypto. In Workshop on Cryptographic Hardware and Embedded Systems, volume 7428, pages 320-339. Springer, 2012.
9. A. Birrell and B. J. Nelson. Implementing remote procedure calls. ACM Transactions on Computer Systems, 2(1):39-59, Feb. 1984.
10. A. Bittau, M. Hamburg, M. Handley, D. Mazières, and D. Boneh. The case for ubiquitous transport-level encryption. In Proceedings of the the 19th USENIX Security Symposium, Berkeley, CA, USA, Aug. 2010. USENIX Association.
11. J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 553-567, Washington, DC, USA, May 2012. IEEE Computer Society Press.
12. S. K. Card, G. G. Robertson, and J. D. Mackinlay. The information visualizer, an information workspace. In Proceedings of the 1991 Conference on Human Factors in Computing Systems, pages 181-188, New York, NY, USA, Apr. 1991. ACM.
13. L. Constantin. Facebook to roll out HTTPS by default to all users, Nov. 2012. http://www.computerworld.com/s/article/9233897/Facebook-to-roll-out-HTTPS- by-default-to-all-users (accessed Aug 26, 2013).
14. M. de Vivo, G. O. de Vivo, R. Koeneke, and G. Isern. Internet vulnerabilities related to TCP/IP and T/TCP. SIGCOMM Comput. Commun. Rev., 29(1):81-85, Jan. 1999.
15. T. Dierks and C. Allen. RFC 2246: The TLS protocol version 1, Jan. 1999. Status: PROPOSED STANDARD.
16. R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, pages 303-320, Berkeley, CA, USA, Aug. 2004. USENIX Association.
17. T. Duong and J. Rizzo. Here come the ⊕ ninjas. In Ekoparty Security Conference, 2011.
18. P. Eckersley, F. von Lohmann, and S. Schoen. Packet forgery by ISPs: A report on the Comcast affair. Electronic Frontier Foundation, Nov. 2007. https://www.eff.org/files/eff-comcast-report.pdf (accessed Aug 26, 2013).
19. K. Egevang and P. Francis. RFC 1631: The IP network address translator (NAT), May 1994. Status: INFORMATIONAL.
20. Electronic Frontier Foundation. HTTPS everywhere. https://www.eff.org/ https-everywhere (accessed Aug 26, 2013).
21. S. Fahl, M. Harbach, T. Muders, M. Smith, L. Baumgärtner, and B. Freisleben. Why Eve and Mallory love Android: an analysis of Android SSL (in)security. In Proceedings of the 19th ACM Conference on Computer and Communications Security, pages 50-61, New York, NY, USA, 2012. ACM.
22. S. Floyd. RFC 2914: Congestion control principles, Sept. 2000. Status: INFORMATIONAL.
23. B. Ford. Directions in Internet transport evolution. IETF Journal, 3(3):29-32, Dec. 2007.
24. B. Ford. Structured streams: a new transport abstraction. In Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, pages 361-372, New York, NY, USA, 2007. ACM.
25. E. S. Freire, D. Hofheinz, E. Kiltz, and K. G. Paterson. Non-interactive key exchange. In PKC 2013, volume 7778, pages 254-271. Springer, 2013.
26. M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The most dangerous code in the world: validating SSL certificates in non-browser software. In Proceedings of the 19th ACM Conference on Computer and Communications Security, pages 38-49, New York, NY, USA, 2012. ACM.
27. J. Gettys and K. Nichols. Bufferbloat: dark buffers in the internet. Commun. ACM, 55(1):57-65, Jan. 2012.
28. P. K. Gummadi, S. Saroiu, and S. D. Gribble. King: estimating latency between arbitrary Internet end hosts. In Proceedings of the 2nd Workshop on Internet Measurement, pages 5-18, New York, NY, USA, 2002. ACM.
29. A. Hiltgen, T. Kramp, and T. Weigold. Secure Internet banking authentication. IEEE Security Privacy, 4(2):21-29, March-April 2006.
30. J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Proceedings of the 9th Network and Distributed System Security Symposium, Reston, VA, USA, Feb. 2002. The Internet Society.
31. T. Jaeger, K. Butler, D. H. King, S. Hallyn, J. Latten, and X. Zhang. Leveraging IPsec for mandatory access control across systems. In Proceedings of the 2nd ACM conference on Computer and Communications Security, New York, NY, USA, Aug. 2006. ACM.
32. T. Jager, F. Kohlar, S. Schäge, and J. Schwenk. On the security of TLS-DHE in the standard model. In Crypto 2012, volume 7417, pages 273-293. Springer, 2012.
33. A. Juels and J. G. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the 6th Network and Distributed System Security Symposium, Reston, VA, USA, Feb. 1999. The Internet Society.
34. C. Kaufman. RFC 4306: Internet key exchange (IKEv2) protocol, Dec. 2005. Status: PROPOSED STANDARD.
35. A. D. Keromytis, S. Ioannidis, M. B. Greenwald, and J. M. Smith. The STRONGMAN architecture. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, volume 1, pages 178-188, 2003.
36. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computing Systems, 10(4):265-310, Nov. 1992.
37. A. Langley. Transport Layer Security (TLS) Snap Start. Internet Engineering Task Force, June 2010. http://tools.ietf.org/html/draft-agl-tls- snapstart-00 (accessed Aug 26, 2013).
38. A. Langley. Forward secrecy for Google HTTPS, Nov. 2011. https://www.imperialviolet.org/2011/11/22/forwardsecret.html (accessed Aug 26, 2013).
39. A. Langley. How to botch TLS forward secrecy, June 2013. https://www.imperialviolet.org/2013/06/27/botchingpfs.html (accessed Aug 26, 2013).
40. A. Langley, N. Modadugu, and W.-T. Chang. Overclocking SSL. In Velocity: Web Performance and Operations Conference, Santa Clara, CA, June 2010. http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html (accessed Aug 26, 2013).
41. A. Langley, N. Modadugu, and B. Moeller. Transport Layer Security (TLS) False Start. Internet Engineering Task Force, June 2010. http://tools.ietf.org/ html/draft-bmoeller-tls-falsestart-00 (accessed Aug 26, 2013).
42. E. Le Malécot, Y. Hori, and K. Sakurai. Preliminary insight into distributed SSH brute force attacks. Proceedings of the IEICE General Conference, page 2, Mar. 2008.
43. M. Liberatore and B. N. Levine. Inferring the source of encrypted HTTP connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 255-263, New York, NY, USA, Oct. 2006. ACM.
44. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pages 29-42, Berkeley, CA, June 2001. The USENIX Association.
45. D. McGrew. RFC 5116: An interface and algorithms for authenticated encryption, 2008. Status: PROPOSED STANDARD.
46. W. M. Petullo and J. A. Solworth. Authentication in Ethos. https://www.ethos-os.org/papers/, June 2013.
47. W. M. Petullo and J. A. Solworth. Simple-to-use, secure-by-design networking in Ethos. In Proceedings of the Sixth European Workshop on System Security, New York, NY, USA, Apr. 2013. ACM. https://www.ethos-os.org/papers/.
48. S. Radhakrishnan, Y. Cheng, J. Chu, A. Jain, and B. Raghavan. TCP fast open. In Proceedings of the 7th International Conference on Emerging Networking Experiments and Technologies, New York, NY, USA, 2011. ACM.
49. E. Rescorla and N. Modadugu. RFC 6347: Datagram transport layer security version 1.2, 2012. Status: PROPOSED STANDARD.
50. R. L. Rivest and B. Lampson. SDSI - a simple distributed security infrastucture. Technical report, MIT, Apr. 1996.
51. S. Schillace. Default HTTPS access for Gmail, Jan. 2010. http://gmailblog.blogspot.com/2010/01/ default-https-access-for-gmail.html (accessed Aug 26, 2013).
52. J. A. Solworth. The Ethos operating system. http://www.ethos-os.org.
53. J. A. Solworth and W. Fei. sayI: Trusted user authentication at Internet scale. https://www.ethos-os.org/papers/, Aug. 2013.
54. D. X. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and timing attacks on SSH. In Proceedings of the 10th USENIX Security Symposium, Berkeley, CA, USA, Aug. 2001. USENIX Association.
55. S. Souders. Velocity and the bottom line. O'Reilly Media, July 2009. http://programming.oreilly.com/2009/07/ velocity-making-your-site-fast.html (accessed Aug 26, 2013).
56. E. Stark, L.-S. Huang, D. Israni, C. Jackson, and D. Boneh. The case for prefetching and prevalidating TLS server certificates. In Proceedings of the 19th Network and Distributed System Security Symposium, Reston, VA, USA, 2012. The Internet Society.
57. R. Stewart. RFC 4960: Stream Control Transmission Protocol, Sept. 2007. Status: PROPOSED STANDARD.
58. N. Vratonjic, J. Freudiger, V. Bindschaedler, and J.-P. Hubaux. The inconvenient truth about web certificates. In Proceedings of the 10th Workshop on the Economics of Information Security, June 2011.
59. N. Weaver, R. Sommer, and V. Paxson. Detecting forged TCP reset packets. In Proceedings of the 16th Network and Distributed Systems Security Symposium, Reston, VA, USA, Feb. 2009. The Internet Society.
60. J. E. White. A high-level framework for network-based resource sharing. In Proceedings of the 1976 National Computer Conference and Exposition, pages 561-570, New York, NY, USA, 1976. ACM.
61. E. Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos operating system. In Proceedings of the 14th Symposium on Operating System Principles, pages 256-269, New York, NY, USA, 1993. ACM.