Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of TCP Supporting Optional Encryption Functionalities

선택적인 암호화 기능을 지원하는 TCP의 설계 및 구현

  • Seong, Jeong-Gi (Department of Information and Communication Engineering, Hanbat National University) ;
  • Kim, Eun-Gi (Department of Information and Communication Engineering, Hanbat National University)
  • Received : 2017.11.08
  • Accepted : 2017.11.29
  • Published : 2018.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, Due to the ongoing increase in cyber attacks and the improved awareness of privacy protection, most Internet services encrypt the traffic by using security protocols. Existing security protocols usually have additional layer between transport layer and application layer, and they incur additional costs because of encrypting all the traffic transmitted. This results in unnecessary performance degradation because it also encrypts data that does not require confidentiality. In this paper, we propose TCP OENC(Optional Encryption) which enables users of the application layer to optionally encrypt only confidential data. TCP OENC operates by TCP option to allow the application layer to encrypt the TCP stream transmitted only on demand. And it ensures transparency between the TCP layer and the application layer. To verify this, we verified that TCP OENC optionally encrypts the stream of TCP session on the embedded board. And then analyzed the performance of the encrypted stream by measuring the elapsed time.

최근 지속되는 사이버 공격의 증가와 개인정보 보호에 대한 인식 강화로 많은 인터넷 서비스는 보안 프로토콜을 사용하여 트래픽을 암호화한다. 기존의 보안 프로토콜은 보통 전송 계층과 응용 계층 사이에서 추가적인 계층을 가지며 전송하는 모든 트래픽을 암호화하므로 추가적인 비용이 발생한다. 이로 인해 기밀성이 요구되지 않는 데이터도 암호화하므로 불필요한 성능저하가 발생한다. 따라서 본 논문에서는 응용 계층의 사용자가 기밀성이 요구되는 데이터만을 선택적으로 암호화할 수 있게 지원하는 TCP OENC(Optional Encryption)를 제안한다. TCP OENC는 TCP 옵션으로 동작하여 응용 계층이 요구 할 때만 전송되는 TCP 스트림을 암호화하도록 지원하고, TCP 계층과 응용 계층간의 투명성을 보장한다. 이를 확인하기 위해 구현된 TCP OENC를 개발 보드에서 TCP 세션의 스트림을 선택적으로 암호화하는 것을 검증하였고, 암호화된 스트림의 전송 수행 시간을 측정하여 성능을 분석하였다.

Keywords

References

  1. Betanews. Increase network traffic encryption ... 'SSL/TLS decryption.inspection' requires strategic approach [Internet]. Available: http://www.betanews.net/article/626452.
  2. Boannews. SSL-encrypted traffic utilization is expected to increase 10% in 2017 [Internet]. Available: http://www.boannews.com/media/view.asp?idx=57871&mkind=1&kind=1.
  3. Computer world. Encryption, not necessarily good [Internet]. Available: http://www.comworld.co.kr/news/articleView.html?idxno=5413.
  4. Digicert. How Does the SSL Certificate Create a Secure Connection? [Internet]. Available: https://www.digicert.com/ssl/.
  5. J. G. Seong and E. G. Kim, "A Study on the TCP Supporting Optional Encryption,," in Proceeding of the 42th Conference of Korea Institute of Information and Communication Engineering, Cheonan, pp. 565-568, 2017.
  6. The Linux Kernel Archives. Linux Kernel Crypto API [Internet]. Available: https://www.kernel.org/doc/html/v4.12/crypto/intro.html.
  7. Charles M. Kozierok, "TCP Message formatting and Data Transfer," in The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference, San Francisco, CA: No Starch Press., ch. 48, pp. 773, 2005.
  8. K. H. Kim, "Comparison and analysis on efficiency of scalar multiplication for Elliptic Curve Cryptosystem," M.S. dissertation, Korea Maritime and Ocean University, Busan, 2003.
  9. S. H. Sun and E. G. Kim, "The automatic generation of MPTCP session keys using ECDH," Journal of the Korea Institute of Information and Communication Engineering, vol. 20, no10, pp. 1912-1918, Oct. 2016. https://doi.org/10.6109/jkiice.2016.20.10.1912
  10. S. M. Kim, T. M. Chang, H. S. Kim, and M. S. Kang, "Design of High-Speed AES Cipher Processor Using Pipeline Technique," Journal of Security Engineering, vol. 11, no.2, pp. 145-154, Apr. 2014. https://doi.org/10.14257/jse.2014.04.01
  11. RFC 1122, Requirements for Internet Hosts -- Communication Layers, IETF, Fremont, CA., 1989.
  12. FALiNUX Forum. EZ-S3C6410 [Internet]. Available: http://forum.falinux.com/zbxe/index.php?mid=EZS3C6410.
  13. EFM-ipTime. Product | EFM - ipTime Q604 [Internet]. Available: http://iptime.com/iptime/?page_id=11&pf=15&page=&pt=114&pd=3.