Simple Opportunistic Encryption
نویسندگان
چکیده
Network traffic encryption is becoming a requirement, not an option. Enabling encryption will be a communal effort so a solution that gives partial benefits until fully deployed is needed. A solution that requires little changes to existing infrastructure will also help as it can be quickly deployed to give immediate shortterm benefits. We argue that tcpcrypt, a TCP option for opportunistic encryption is the path of least-resistance for a solution against large-scale traffic encryption. Tcpcrypt requires no changes to applications, is compatible with existing networks (works with NATs), and just works by default. It is high performance, so it can be deployed on servers without much concern. tcpcrypt attempts to maximize security for any given setting. By default, it will protect against passive eavesdropping, and also allows detecting large scale interception. With authentication, tcpcrypt can provide full security against active attackers and so it is a complete solution both for the short-term and long-term.
منابع مشابه
ssmail: Opportunistic Encryption in sendmail
Much electronic mail is sent unencrypted, making it vulnerable to passive eavesdropping. We propose to protect email privacy by building encryption functionality into ESMTP mailers. Our solution, ssmail, provides fast, simple encryption for sendmail that does not require user intervention or reliance on public key infrastructure. We added a small number of steps to an ESMTP session, thereby all...
متن کاملEnabling Email Confidentiality through the use of Opportunistic Encryption
Software for encrypting email messages has been widely available for more than 15 years, but the emailusing public has failed to adopt secure messaging. This failure can be explained through a combination of technical, community, and usability factors. This paper proposes a new approach to email security that employs opportunistic encryption and a security proxy to facilitate the opportunistic ...
متن کاملOpportunistic Encryption using IKE December 2005
This document describes opportunistic encryption (OE) as designed and implemented by the Linux FreeS/WAN project. OE uses the Internet Key Exchange (IKE) and IPsec protocols. The objective is to allow encryption for secure communication without any pre-arrangement specific to the pair of systems involved. DNS is used to distribute the public keys of each system involved. This is resistant to pa...
متن کاملHindering Eavesdropping via IPv6 Opportunistic Encryption
This paper presents an opportunistic encryption scheme strictly layered on top of IPv6. Assuming that a node needs to send data toward another node, our proposal enables the dynamic configuration of an encrypted tunnel between the two nodes’ IPsec gateways. The main contribution of this paper is to propose a solution that is fully distributed and does not rely on any global Trusted Third Party ...
متن کاملArtemia: a family of provably secure authenticated encryption schemes
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...
متن کامل