Title :
On implementing security at the transport layer
Author :
Pichumani, Swaminathan ; Kasera, Sneha Kumar
Author_Institution :
Juniper Networks, Tokyo
Abstract :
We design a framework that implements security at the TCP layer to meet the necessity for a practical and truly end-to-end security solution. We call our framework TCPsec. TCPsec is a security extension to TCP and implemented in the kernel. Applications may use TCPsec through regular TCP sockets by setting special socket options. TCPsec uses a Secure Socket Layer (SSL)-like handshake to set up a secure session. It is interoperable with Network Address Translators. We implement TCPsec in the FreeBSD 4.7 kernel and evaluate its performance. Our implementation and evaluation show that TCPsec incurs only a modest overhead as compared to TCP and performs competitively with SSL. We also provide a formal verification of our protocol state machine.
Keywords :
formal verification; telecommunication security; transport protocols; FreeBSD 4.7 kernel; SSL; TCP layer; formal verification; network address translator; performance evaluation; protocol state machine; secure socket layer; security framework; transmission control protocol; Computer networks; Data security; Kernel; Payloads; Performance evaluation; Sockets; TCPIP; Transport protocols; Web server; Wireless LAN;
Conference_Titel :
Communication Systems Software and Middleware and Workshops, 2008. COMSWARE 2008. 3rd International Conference on
Conference_Location :
Bangalore
Print_ISBN :
978-1-4244-1796-4
Electronic_ISBN :
978-1-4244-1797-1
DOI :
10.1109/COMSWA.2008.4554433
