Affordable Access

Access to the full text

Enhanced Performance and Privacy for TLS over TCP Fast Open

Authors
  • Sy, Erik
  • Mueller, Tobias
  • Burkert, Christian
  • Federrath, Hannes
  • Fischer, Mathias
Type
Published Article
Journal
Proceedings on Privacy Enhancing Technologies
Publisher
Sciendo
Publication Date
Apr 01, 2020
Volume
2020
Issue
2
Pages
271–287
Identifiers
DOI: 10.2478/popets-2020-0027
Source
De Gruyter
Keywords
License
Green

Abstract

Small TCP flows make up the majority of web flows. For them, the TCP three-way handshake induces significant delay overhead. The TCP Fast Open (TFO) protocol can significantly decrease this delay via zero round-trip time (0-RTT) handshakes for all TCP handshakes that follow a full initial handshake to the same host. However, this comes at the cost of privacy limitations and also has some performance limitations. In this paper, we investigate the TFP deployment on popular websites and browsers. We found that a client revisiting a web site for the first time fails to use an abbreviated TFO handshake in 40% of all cases due to web server load-balancing using multiple IP addresses. Our analysis further reveals significant privacy problems of the protocol design and implementation. Network-based attackers and online trackers can exploit TFO to track the online activities of users. As a countermeasure, we introduce a novel protocol called TCP Fast Open Privacy (FOP). TCP FOP prevents tracking by network attackers and impedes third-party tracking, while still allowing 0-RTT handshakes as in TFO. As a proof-of-concept, we have implemented the proposed protocol for the Linux kernel and a TLS library. Our measurements indicate that TCP FOP outperforms TLS over TFO when websites are served from multiple IP addresses.

Report this publication

Statistics

Seen <100 times