TCP Fast Open

Last updated

In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a TFO cookie (a TCP option), which is a cryptographic cookie stored on the client and set upon the initial connection with the server. [1] When the client later reconnects, it sends the initial SYN packet along with the TFO cookie data to authenticate itself. If successful, the server may start sending data to the client even before the reception of the final ACK packet of the three-way handshake, thus skipping a round-trip delay and lowering the latency in the start of data transmission.

Contents

The cookie is generated by applying a block cipher keyed on a key held secret by the server to the client's, generating an authentication tag that is difficult for third parties to spoof, even if they can forge a source IP address or make two-way connections to the same server from other IP addresses. Although it uses cryptographic techniques to generate the cookie, TFO is not intended to provide more security than the three-way handshake it replaces, and does not give any form of cryptographic protection to the resulting TCP connection, or provide identity assurance about either endpoint. It also is not intended to be resistant to man-in-the-middle attacks. If such resistance is required, it may be used in combination with a cryptographic protocol such as TLS or IPsec.

TFO has been difficult to deploy due to protocol ossification; in 2020, no Web browsers used it by default. [2]

TFO presents privacy challenges; the TFO cookie can allow persistently tracking a client across sessions, even by passive observers. [3]

History

The TFO proposal was originally presented in 2011 [4] and was published as the experimental RFC 7413 in December 2014. [5] TCP Fast Open shares the goal of bypassing the three-way handshake of TCP with an earlier proposal from 1994, called T/TCP (RFC 1644). In contrast to TCP Fast Open, T/TCP paid no attention to security, [5] opening a path for vulnerabilities and failing to gain traction.

Characteristics

TFO implementations include the following:

See also

Related Research Articles

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

In computing, a handshake is a signal between two devices or programs, used to, e.g., authenticate, coordinate. An example is the handshaking between a hypervisor and an application in a guest virtual machine.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and to the Transmission Control Protocol and is defined in RFC 3168 (2001). ECN allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that may be used between two ECN-enabled endpoints when the underlying network infrastructure also supports it.

Server Message Block (SMB) is a communication protocol originally developed in 1983 by Barry A. Feigenbaum at IBM and intended to provide shared access to files and printers across nodes on a network of systems running IBM's OS/2. It also provides an authenticated inter-process communication (IPC) mechanism. In 1987, Microsoft and 3Com implemented SMB in LAN Manager for OS/2, at which time SMB used the NetBIOS service atop the NetBIOS Frames protocol as its underlying transport. Later, Microsoft implemented SMB in Windows NT 3.1 and has been updating it ever since, adapting it to work with newer underlying transports: TCP/IP and NetBT. SMB over QUIC was introduced in Windows Server 2022. SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication.

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.

Transmission Control Protocol (TCP) uses a congestion control algorithm that includes various aspects of an additive increase/multiplicative decrease (AIMD) scheme, along with other schemes including slow start and congestion window (CWND), to achieve congestion avoidance. The TCP congestion-avoidance algorithm is the primary basis for congestion control in the Internet. Per the end-to-end principle, congestion control is largely a function of internet hosts, not the network itself. There are several variations and versions of the algorithm implemented in protocol stacks of operating systems of computers that connect to the Internet.

inotify is a Linux kernel subsystem created by John McCutchan, which monitors changes to the filesystem, and reports those changes to applications. It can be used to automatically update directory views, reload configuration files, log changes, backup, synchronize, and upload. The inotifywait and inotifywatch commands allow using the inotify subsystem from the command line. One major use is in desktop search utilities like Beagle, where its functionality permits reindexing of changed files without scanning the filesystem for changes every few minutes, which would be very inefficient.

SYN cookie is a technique used to resist SYN flood attacks. The technique's primary inventor Daniel J. Bernstein defines SYN cookies as "particular choices of initial TCP sequence numbers by TCP servers." In particular, the use of SYN cookies allows a server to avoid dropping connections when the SYN queue fills up. Instead of storing additional connections, a SYN queue entry is encoded into the sequence number sent in the SYN+ACK response. If the server then receives a subsequent ACK response from the client with the incremented sequence number, the server is able to reconstruct the SYN queue entry using information encoded in the TCP sequence number and proceed as usual with the connection.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546.

A cipher suite is a set of algorithms that help secure a network connection. Suites typically use Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer (SSL). The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.

TCP Cookie Transactions (TCPCT) is specified in RFC 6013 as an extension of Transmission Control Protocol (TCP) intended to secure it against denial-of-service attacks, such as resource exhaustion by SYN flooding and malicious connection termination by third parties. Unlike the original SYN cookies approach, TCPCT does not conflict with other TCP extensions, but requires TCPCT support in the client (initiator) as well as the server (responder) TCP stack.

In computer networking, tcpcrypt is a transport layer communication encryption protocol. Unlike prior protocols like TLS (SSL), tcpcrypt is implemented as a TCP extension. It was designed by a team of six security and networking experts: Andrea Bittau, Mike Hamburg, Mark Handley, David Mazières, Dan Boneh and Quinn Slack. Tcpcrypt has been published as an Internet Draft. Experimental user-space implementations are available for Linux, Mac OS X, FreeBSD and Windows. There is also a Linux kernel implementation.

<span class="mw-page-title-main">Knot DNS</span>

Knot DNS is an open-source authoritative-only server for the Domain Name System. It was created from scratch and is actively developed by CZ.NIC, the .CZ domain registry. The purpose of this project is to supply an alternative open-source implementation of an authoritative DNS server suitable for TLD operators to increase overall security, stability and resiliency of the Domain Name System. It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast, notably Read-copy-update or a special kind of a radix tree.

QUIC is a general-purpose transport layer network protocol initially designed by Jim Roskind at Google, implemented, and deployed in 2012, announced publicly in 2013 as experimentation broadened, and described at an IETF meeting. QUIC is used by more than half of all connections from the Chrome web browser to Google's servers. Microsoft Edge and Firefox support it. Safari implements the protocol, however it is not enabled by default.

Multipath TCP (MPTCP) is an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize throughput and increase redundancy.

DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The well-known port number for DoT is 853.

Application Layer Transport Security (ALTS) is a Google-developed authentication and transport encryption system used for securing Remote Procedure Call (RPC) within Google machines. Google started its development in 2007, as a tailored modification of TLS.

References

  1. Kerrisk, Michael (2012-08-01). "TCP Fast Open: expediting web services". LWN.net.
  2. Rybczyńska 2020.
  3. Sy et al. 2020, p. 275-279.
  4. Radhakrishnan S, Cheng Y, Chu J, Jain A, Raghavan B (2011-12-06). "TCP Fast Open" (PDF). ACM CoNEXT.
  5. 1 2 Cheng, Yuchung; Chu, Jerry; Radhakrishnan, Sivasankar & Jain, Arvind (December 2014). TCP Fast Open. IETF. doi: 10.17487/RFC7413 . RFC 7413 . Retrieved 27 June 2022.
  6. Kerrisk, Michael (2012-08-01). "TCP Fast Open: expediting web services". LWN.net. The client-side support has been merged for Linux 3.6
  7. Vaughan-Nichols, Steven J (2012-12-11). "Linux 3.7 arrives, ARM developers rejoice". Linux and Open Source. ZDNet. Linux 3.7. TCP Fast Open will now be supported on servers
  8. "Linux Kernel 3.13, Section 1.10. TCP Fast Open enabled by default". kernelnewbies.org. 19 January 2014. Retrieved 11 February 2014.
  9. "Linux Kernel 3.16, Section 1.4. TCP Fast Open server mode on IPv6 support". kernelnewbies.org. 3 August 2014. Retrieved 14 September 2014.
  10. "Implementation of server-side TCP Fast Open (TFO) [RFC7413]: MFC into stable/10 branch". 2015-12-28.
  11. "This is an implementation of the client side of TCP Fast Open (TFO) [RFC7413]". 2018-02-26.
  12. "Enable TCP_FASTOPEN by default for FreeBSD 12". 2018-06-24.
  13. "1188435 - Support TCP Fast Open". 2017-05-05.
  14. "1398201 - Disable TCP Fast Open for 57". 2017-09-10.
  15. "1689604 - Remove TCP FastOpen". 2021-03-23.
  16. "Exim 4.88 released". 2016-12-25.
  17. "Unbound 1.5.10" . Retrieved 2017-12-05.
  18. "Release Notes for BIND Version 9.11.0". 2016-10-05.
  19. "Knot DNS 2.6.0". 2017-09-29.
  20. "Your App and Next Generation Networks". Apple Inc. 2015.
  21. "Windows 10 build 14352 - New web platform features". Microsoft. Retrieved 2016-05-27.
  22. "Changelogs for 4.1.x". PowerDNS. 2017-12-04.
  23. Kelley, Simon (2019-03-10). "Support TCP fastopen on incoming and outgoing connections".

Bibliography

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.