A survey of the interaction between security protocols and transport services

This document provides a survey of commonly used or notable network security protocols, with a focus on how they interact and integrate with applications and transport protocols. Its goal is to supplement efforts to define and catalog Transport Services by describing the interfaces required to add security protocols. This survey is not limited to protocols developed within the scope or context of the IETF, and those included represent a superset of features a Transport Services system may need to support

De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD

Reducing Internet Latency : A Survey of Techniques and their Merit

Bob Briscoe, Anna Brunstrom, Andreas Petlund, David Hayes, David Ros, Ing-Jyh Tsang, Stein Gjessing, Gorry Fairhurst, Carsten Griwodz, Michael WelzlPeer reviewedPreprin

Towards usable and fine-grained security for HTTPS with middleboxes

Over the past few years, technology firms have inlined end-to-end encryption for their services and implored for increased in-network functionality. Most firms deploy TLS and middleboxes by performing man-in-the-middle (MITM) of network sessions. In practice, there are no official guidelines for performing MITM and often several tweaks are used resulting in less secure systems. TLS was designed for exactly two parties and introducing a third party by doing MITM breaks TLS and the security benefits it offers. With increasing debate in finding a clean way to deploy middleboxes with TLS, our work surveys the literature and introduces a benchmark based on the Usability-Deployability-Security (UDS) framework for evaluating existing TLS middlebox interception proposals. Our benchmark encompasses and helps understand the current benefits, solutions and challenges in the existing solutions for incorporating TLS with middleboxes. We perform a comparative and qualitative evaluation for the schemes and summarize the results in a single table. We propose: Triraksha, an alternative to the currently deployed middlebox interception models. Triraksha provides a packet inspection service for end-to-end encrypted connections while maintaining fine-grained confidentiality for end points. We evaluate a prototype implementation of our scheme on local and remote servers and show that the overhead in terms of latency and throughput is minimal. Our scheme is easily deployable as only a few software additions are made at the middlebox and client end

An experimental study of web transport protocols in cellular networks

HTTP and TCP have been the backbone of web transport for decades. There have been numerous enhancements and modifications to both of these protocols. HTTP and TCP were developed for traditional packet networks existing since 1990's. Today, however, wired network parameters such as bandwidth and delay have significantly improved all over the world. However, cellular data networks (GPRS, HSPA) still experience bandwidth and delay issues, which affect the performance of these protocols. HTTP and TCP protocols can be optimized for today's network conditions and end-user requirements, such as accelerated page loading, low latency and better network utilization. Through the course of this work, we measure the improvements in using the SPDY protocol in comparison to HTTP. We measure the impact of header compression, number of parallel TCP connection per domain, and multiplexing of streams. From the TCP perspective, we analyze the impact of higher initial congestion windows. Some of the interesting findings are discussed, comparing various initial congestion window values. All of these experiments are conducted over live GPRS, HSPA and LTE networks. We study the challenges of moving from HTTP to alternative protocols. We also discuss the ways to improve the mobile web browsing by introducing and refining the existing schemes such as DNS pre-fetching, radio transition delays, smart use of IP versions, reduction of TLS negotiation delays, and intelligent allocation of TCP connections in HTTP. Our studies reveal that low bandwidth networks such as GPRS benefits from header compression, whereas the HSPA and LTE networks benefit from multiplexing as it saves the time for establishing new TCP connections. The advantage of higher TCP initial congestion window is seen only in networks with high band width and high latency

Considerations around transport header confidentiality, network operations, and the evolution of Internet transport protocols

To protect user data and privacy, Internet transport protocols have supported payload encryption and authentication for some time. Such encryption and authentication are now also starting to be applied to the transport protocol headers. This helps avoid transport protocol ossification by middleboxes, mitigate attacks against the transport protocol, and protect metadata about the communication. Current operational practice in some networks inspect transport header information within the network, but this is no longer possible when those transport headers are encrypted. This document discusses the possible impact when network traffic uses a protocol with an encrypted transport header. It suggests issues to consider when designing new transport protocols or features