the trusted cloud transfer protocol (tctp)

Service-centric Networking, Telekom Innovation Laboratories Public private partnership of Technische Universität Berlin and Deutsche Telekom

Mathias Slawik, Technische Universität Berlin

The Trusted Cloud Transfer Protocol

Topics

• Motivation • TCTP and the State-of-the-Art • Evaluation

The Trusted Cloud Transfer Protocol 2

TCTP in a nutshell

• End-to-end HTTP security • Secure communication

through cloud proxies • Encapsulation of TLS in HTTP • Related work challenges


TCTP Motivation

To proxy or not to proxy...


HTTP proxy challenge

a) Relay TLS? b) Act as TLS Server?


a) Relay TLS?

Plaintext confidentiality

HTTP management


b) Act as TLS server?

HTTP management

Plaintext confidentiality


Loss of plaintext confidentiality

• Privacy risks • More security effort • Violation of legal obligations • Risk of unauthorized access


c) ?


HTTP Messages


POST /patients HTTP/1.1↩ Content-Type: text/json↩ Content-Length: 81↩ ↩ {↩ "name" : "John Doe",↩ "status" : "therapy",↩ "reason" : "broken leg"↩ }

Less confidential Needed for HTTP mgmt.

Often confidential Not needed for HTTP mgmt.

c) Entity body encryption

Entity body confidentiality

HTTP management


F*****g TCTP, how does it work?


TCTP: Process

1. End-to-end key exchange 2. HTTP entity body encryption 3. ? 4. Profit


TCTP

• Encapsulation of TLS

• Key exchange: TLS Handshake protocol

• Body encryption: TLS Records


Key exchange


HALEC

• HTTP Application Layer Encryption Channel

• Persists TLS session state • Required for multiple connections • Identified by URL


Body encryption


POST /patients HTTP/1.1↩ Content-Type: text/json↩ Content-Length: 81↩ Content-Encoding: encrypted↩ ↩ /halecs/1Mfjk941xkFe↩

¤«ÙÖ�n�iz®Ë¤|w��,ñ ¯_)SÊ(@oüÊÊÈÚ» næG�_ÔÊQ %"�ÂN¬�¹Îïú&i

Unencrypted header fields allow HTTP management

Encrypted TLS Records contain HTTP body

HALEC URL

TCTP Novelties


Why another protocol?

State-of-the-Art

• S/MIME • XML Encryption / Signature • HTTPSec • (S-HTTP) • (Any tinkered solution)


Analysis

Message-flow protection


Streaming capabilities


Discovery mechanism


Easily implemented (Basis: TLS)


TCTP does not ...

... fix the broken CA system.

... prevent information disclosure through URLs


Evaluation


TCTP Prototype

29

TCTP Middleware

Webserver (Thin)

Lorem Ipsum App

TCTP Library

TCTP Client script

Secure webserver

access.

Reusable TCTP library.

TCTP for any Ruby web application.

Test data generation for benchmark.

TCTP Overhead

Conceptual Overhead • Discovery & handshake round trip

Technical Overhead

• Handshake, Encryption, Processing


Impacts on performance

• Network latency • Hardware performance • TLS library efficiency • Framework overhead • TCTP software efficiency


Benchmarks


Processing Overhead


Hardware: Intel Core i7-3520M, Windows 8.1, Ruby 2.0

4,63 % 4,94 %

1,50 %

11,38 %

2,08 %

0

5

10

15

20

1 kB 2.5 kB 5 kB 7.5 kB 10 kB

Combined overhead


1 req 10 req 100 req 1k req50 ms 133,77% 40,66% 9,21% 5,30%100 ms 103,36% 30,87% 7,97% 5,18%250 ms 82,94% 24,83% 7,22% 5,10%

0%

50%

100%

150%

What‘s next?

• Implementation of TCTP enabled proxy (ongoing) • Watch our Github!

• Application of TCTP in TRESOR


Summary


To sum up...

TCTP: end-to-end HTTP security TCTP: addresses challenges Preliminary results: Promising


Thank you. Fork me.


https://github.com/TU-Berlin-SNET/tctp-rack

Backup


Efficient presentation

• Minimize transmitted data • XML: XML, S/MIME: Base64 • TCTP: Binary, compressed TLS

records


Efficient presentation


Capability discovery

• Discover • What resources need protection? • Where to perform the handshake?

• Related work: None • TCTP: Discovery mechanism


Capability discovery

43

OPTIONS * HTTP/1.1↩ Accept: text/prs.tctp-discovery↩ ↩

HTTP/1.1 200 OK↩ Content-Type: text/prs.tctp-discovery↩ Content-Length: 81↩ ↩ /:↩ /(service(.+?))?:↩ /(service(.+?)/)?static.*:↩ /(service(.+?)/)?.*:/\1/halecs

Secure key exchange

• XML Enc/Sig & S/MIME • None specified • Normally out of band

• TCTP • TLS handshaking protocol


TLS Handshake


Client Server ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data

First client request


POST /halecs HTTP/1.1↩ Content-Length: 211↩ ↩ Î ÊR��[ñ�l�Kf¢u¹§ê:çñtÃ�xÛd8ãÐ}U \ÀÀ 9 8 � �ÀÀ 5 �ÀÀ ÀÀ ÀÀ 3 2 � � E DÀÀ / � A ÀÀÀÀ ÿ D

4 2 #

POST on discovered HALEC creation URL.

TLS Record client_hello

Server response


HTTP/1.1 200 OK↩ Content-Length: 1050↩ Location: /halecs/Adaw7VXdVpu↩ ↩ 5 1R��[ym�9¥_z-Ôc�N½>É°_�õE4prÏ 9 ÿ # �� 0��0�� 000131120095643Z131120105643Z0,10Utctp-server10�&��ò,dtctp0�"0*�H�÷ � 0��·Â "!��º}�ÿ��Aî)ád±óµó�)ßn...

URL of new HALEC

TLS Records: ServerHello, Certificate, ServerKeyExchange, ServerHelloDone

Second client request


POST /halecs/Adaw7VXdVpu HTTP/1.1↩ Content-Length: 198↩ ↩ � � �äZ�«EÕ)UÿØ3Ô6á�� ,Ý4�Ê<e>�_ùßó{¹5¨AæP¬/3��yàDÔÖÃZ!q}ög�hV*ÁM³Yoÿì|.w�Í×3ø<7MJúÑ!¢.=æÜ�m3ÂgÍ)IH�Ë¡iê\±��¶Tù 06Fnq#ã§ebðÚ H�v�Ãv�Fäw´ñ¥mF�?ø?[iqi�_�Ø`ìarJQ

POST on newly created HALEC URL.

TLS Records: ClientKeyExchange, ChangeCipherSpec, Finished

Server response


HTTP/1.1 200 OK↩ Content-Length: 266↩ ↩ Ê Æ ÀÁGú�®ëA½²¸ �øí°�qAó0N&�»R¨tX"äWà�IdÚ û/C]Ð?×ÔèÆü#Åªë{ *YÊ´GòD� e.ÐÑ{+!Í`MöÄ�×�{ýÚâà� �h1�ÔWq7g¸à Lù½jÕLÌExµÇë��RdB¦ÅÉ��*§õez\`&üvæÍ¸å=°6½VØ%tY}PÞÊöF�Î"�¿~¸O÷·à�V',©�Ô±UÊ0Ú¹\ÐeÌ�ÿÓù$�å½Ì&;d¸õ¹æÖ¶ù0/×/YUE";üø�9�Áóàtõ

TLS Records: ChangeCipherSpec, Finished

Algorithm negotiation

• XML Enc/Sig, S/MIME • None

• TCTP • TLS Handshaking Protocol

functionality


Implementation support

• XML Enc/Sig, S/MIME • Many frameworks available

• TCTP • TLS / Web frameworks available • Prototype (complete) • Proxy (ongoing)


Message-flow protection

• Prevent proxies from replaying encrypted data

• Related work does only consider single messages

• TCTP: TLS HMAC prevents replay by proxies


Streaming capability

• Large downloads and media stream challenges

• Related work: adaptation needed • TCTP: TLS record protocol

fragments data into 16.384 byte (2^14) parts


the trusted cloud transfer protocol (tctp)

Technology