Opportunistic encryption
Encyclopedia
Opportunistic Encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.
Opportunistic encryption can be used to combat passive wiretapping. (An active wiretapper, on the other hand, can disrupt encryption negotiation to force an unencrypted channel.) It does not provide a strong level of security as authentication may be difficult to establish and secure communications are not mandatory. Yet, it does make the encryption of most internet traffic easy to implement, which removes a significant impediment to the mass adoption of Internet traffic security.
project was one of the early proponents of OE. Openswan
has also been ported to the OpenWrt
project. Openswan
uses DNS
records to facilitate the key exchange between the systems.http://wiki.openswan.org/index.php/Openswan/OpportunisticEncryption
It is possible to use OpenVPN
and networking protocols to set up dynamic VPN links which act similar to OE for specific domains.
and forks such as Openswan
and strongSwan
offer VPNs which can also operate in OE mode using IPsec
based technology. Obfuscated TCP
is another method of implementing OE.
to secure the traffic and is a simple procedure to turn on.
It is accessed via the MMC
and "Ip Security Policies on Local Computer" and then edit the properties to assign the "(Request Security)" policy. This will turn on optional IPsec in a Kerberos
environment.
In a non-Kerberos
environment, a certificate from a Certificate Authority
(CA) which is common to any system with which you communicate securely is required.
Many systems also have problems when either side is behind a NAT
. This problem is addressed by NAT Traversal (NAT-T
) and is accomplished by adding a DWORD of 2 to the registry: HKLM\SYSTEM\CurrentControlSet\Services\IPsec\AssumeUDPEncapsulationContextOnSendRule
Using the filtering options provided in MMC, it is possible to tailor the networking to require, request or permit traffic to various domains and protocols to use encryption.
E-mail
Opportunistic encryption can also be used for specific traffic like e-mail
using the SMTP STARTTLS
extension for relaying messages across the Internet, or the Internet Message Access Protocol
(IMAP) STARTTLS extension for reading e-mail. With this implementation, it is not necessary to obtain a certificate from a certificate authority
, as a self-signed certificate can be used.
Many systems employ a variant with third-party add-ons to traditional email packages by first attempting to obtain an encryption key and if unsuccessful, then sending the email in the clear. PGP
, Hushmail
, and Ciphire, among others can all be set up to work in this mode.
(VoIP) solutions provide for painless encryption of voice traffic when possible. Some versions of the Sipura and Linksys
lines of analog telephony adapter
s (ATA) include a hardware implementation of SRTP
with the installation of a certificate from Voxilla, a VoIP information site. When the call is placed an attempt is made to use SRTP, if successful a series of tones are played into the handset, if not the call proceeds without using encryption. Skype
and Amicima
use only secure connections and the Gizmo5
attempts a secure connection between their clients. Phil Zimmermann
, Alan Johnston, and Jon Callas
have proposed a new VoIP encryption protocol called ZRTP
. They have an implementation of it called Zfone
whose source and compiled binaries are available.
is used. This can also be used for opportunistic website encryption. Most browsers verify the webserver's identity to make sure that an SSL certificate is signed by a trusted Certificate Authority
. The easiest way to enable opportunistic website encryption is by using self-signed certificates, but this causes browsers to display a warning each time the website is visited unless the user imports the website's certificate into their browser.
There are add-ons to Firefox called HTTPS Everywhere by EFF and HTTPSfinder. These addons find and automatically switch the connection to HTTPS when possible.
Opportunistic encryption can be used to combat passive wiretapping. (An active wiretapper, on the other hand, can disrupt encryption negotiation to force an unencrypted channel.) It does not provide a strong level of security as authentication may be difficult to establish and secure communications are not mandatory. Yet, it does make the encryption of most internet traffic easy to implement, which removes a significant impediment to the mass adoption of Internet traffic security.
Routers
The FreeS/WANFreeS/WAN
FreeS/WAN, for Free Secure Wide-Area Networking, was a free software project, which implemented a reference version of the IPsec network security layer for Linux and other Unix-like operating systems. The project goal of ubiquitous opportunistic encryption of Internet traffic was not realized,...
project was one of the early proponents of OE. Openswan
Openswan
Openswan is a complete IPsec implementation for Linux 2.0, 2.2, 2.4 and 2.6 kernels.Openswan began as a fork of the now-defunct FreeS/WAN project, and continues to be released freely under the GNU General Public License. Unlike the FreeS/WAN project, it is not developed exclusively for the Linux...
has also been ported to the OpenWrt
OpenWrt
OpenWrt is a Linux distribution primarily targeted at routing on embedded devices. It comprises a set of about 2000 software packages, installed and uninstalled via the opkg package management system. OpenWrt can be configured using the command-line interface of BusyBox ash, or the web interface...
project. Openswan
Openswan
Openswan is a complete IPsec implementation for Linux 2.0, 2.2, 2.4 and 2.6 kernels.Openswan began as a fork of the now-defunct FreeS/WAN project, and continues to be released freely under the GNU General Public License. Unlike the FreeS/WAN project, it is not developed exclusively for the Linux...
uses DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
records to facilitate the key exchange between the systems.http://wiki.openswan.org/index.php/Openswan/OpportunisticEncryption
It is possible to use OpenVPN
OpenVPN
OpenVPN is a free and open source software application that implements virtual private network techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for...
and networking protocols to set up dynamic VPN links which act similar to OE for specific domains.
Unix and unix-like systems
The FreeS/WANFreeS/WAN
FreeS/WAN, for Free Secure Wide-Area Networking, was a free software project, which implemented a reference version of the IPsec network security layer for Linux and other Unix-like operating systems. The project goal of ubiquitous opportunistic encryption of Internet traffic was not realized,...
and forks such as Openswan
Openswan
Openswan is a complete IPsec implementation for Linux 2.0, 2.2, 2.4 and 2.6 kernels.Openswan began as a fork of the now-defunct FreeS/WAN project, and continues to be released freely under the GNU General Public License. Unlike the FreeS/WAN project, it is not developed exclusively for the Linux...
and strongSwan
StrongSwan
strongSwan is a complete IPsec implementation for Linux 2.6 and 3.x kernels.As a descendant of the FreeS/WAN project, it continues to be released under the GPL license. The project is actively maintained by Andreas Steffen who is a professor for Security in Communications at the University of...
offer VPNs which can also operate in OE mode using IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
based technology. Obfuscated TCP
Obfuscated TCP
Obfuscated TCP was a proposal for a transport layer protocol which implements opportunistic encryption over TCP. It was designed to prevent mass wiretapping and malicious corruption of TCP traffic on the internet, with lower implementation cost and complexity than TLS...
is another method of implementing OE.
Windows OS
Windows platforms have an implementation of OE installed by default. This method uses IPsecIPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
to secure the traffic and is a simple procedure to turn on.
It is accessed via the MMC
Microsoft Management Console
Microsoft Management Console is a component of Windows 2000 and its successors that provides system administrators and advanced users an interface for configuring and monitoring the system.- Snap-ins and consoles :...
and "Ip Security Policies on Local Computer" and then edit the properties to assign the "(Request Security)" policy. This will turn on optional IPsec in a Kerberos
Kerberos protocol
Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual...
environment.
In a non-Kerberos
Kerberos
Kerberos may refer to:* Cerberus, the hound of Hades * Kerberos saga, a science fiction series by Mamoru Oshii* Kerberos , a computer network authentication protocol* Kerberos Dante, a character from Saint Seiya...
environment, a certificate from a Certificate Authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
(CA) which is common to any system with which you communicate securely is required.
Many systems also have problems when either side is behind a NAT
Network address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
. This problem is addressed by NAT Traversal (NAT-T
NAT-T
NAT-T is a method of enabling IPsec-protected IP datagrams to pass through network address translation . RFC 3947 defines the negotiation during the Internet key exchange phase and RFC 3948 defines the UDP encapsulation.An IP packet is modified while passing through a network address translator...
) and is accomplished by adding a DWORD of 2 to the registry: HKLM\SYSTEM\CurrentControlSet\Services\IPsec\AssumeUDPEncapsulationContextOnSendRule
Using the filtering options provided in MMC, it is possible to tailor the networking to require, request or permit traffic to various domains and protocols to use encryption.
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
using the SMTP STARTTLS
STARTTLS
STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted connection instead of using a separate port for encrypted communication....
extension for relaying messages across the Internet, or the Internet Message Access Protocol
Internet Message Access Protocol
Internet message access protocol is one of the two most prevalent Internet standard protocols for e-mail retrieval, the other being the Post Office Protocol...
(IMAP) STARTTLS extension for reading e-mail. With this implementation, it is not necessary to obtain a certificate from a certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
, as a self-signed certificate can be used.
- RFC 2595 Using TLS with IMAP, POP3 and ACAP
- RFC 3207 SMTP Service Extension for Secure SMTP over TLS
- STARTTLS and postfix
- STARTTLS and Exchange
Many systems employ a variant with third-party add-ons to traditional email packages by first attempting to obtain an encryption key and if unsuccessful, then sending the email in the clear. PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
, Hushmail
Hushmail
Hushmail is a web-based email service offering PGP-encrypted e-mail, file storage, vanity domain service, and instant messaging . Hushmail uses OpenPGP standards and the source is available for download. Additional security features include hidden IP addresses in e-mail headers...
, and Ciphire, among others can all be set up to work in this mode.
VoIP
Some Voice over IPVoice over IP
Voice over Internet Protocol is a family of technologies, methodologies, communication protocols, and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet...
(VoIP) solutions provide for painless encryption of voice traffic when possible. Some versions of the Sipura and Linksys
Linksys
Linksys by Cisco, commonly known as Linksys, is a brand of home and small office networking products now produced by Cisco Systems, though once a separate company founded in 1995 before being acquired by Cisco in 2003...
lines of analog telephony adapter
Analog telephony adapter
An analog telephony adapter, or analog telephone adapter, is a device used to connect one or more standard analog telephones to a digital telephone system or a non-standard telephone system....
s (ATA) include a hardware implementation of SRTP
Secure Real-time Transport Protocol
The Secure Real-time Transport Protocol defines a profile of RTP , intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications...
with the installation of a certificate from Voxilla, a VoIP information site. When the call is placed an attempt is made to use SRTP, if successful a series of tones are played into the handset, if not the call proceeds without using encryption. Skype
Skype
Skype is a software application that allows users to make voice and video calls and chat over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system...
and Amicima
Amicima
Amicima, Inc. was a software company headquartered in Santa Cruz, California, United States, developing new network protocols for client–server and peer-to-peer communication over the Internet and applications using the new protocols...
use only secure connections and the Gizmo5
Gizmo5
Gizmo5 was a Voice over Internet Protocol communications network and a proprietary freeware soft phone for that network. On November 12, 2009, Google announced that it had acquired Gizmo5...
attempts a secure connection between their clients. Phil Zimmermann
Phil Zimmermann
Philip R. "Phil" Zimmermann Jr. is the creator of Pretty Good Privacy , the most widely used email encryption software in the world. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone....
, Alan Johnston, and Jon Callas
Jon Callas
Jon Callas is an American computer security expert and Chief Technical Officer of Entrust. Callas has a long history of work in the computer security field, and is a frequent speaker at industry conferences. Additionally, Callas is a contributor to multiple IETF RFCs...
have proposed a new VoIP encryption protocol called ZRTP
ZRTP
ZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over Internet Protocol phone telephony call based on the Real-time Transport Protocol. It uses Diffie-Hellman key exchange and the Secure Real-time Transport Protocol for...
. They have an implementation of it called Zfone
Zfone
Zfone is software for secure voice communication over the Internet , using the ZRTP protocol. It is created by Phil Zimmermann, the creator of the PGP encryption software. Zfone works on top of existing SIP- and RTP-programs, but should work with any SIP- and RTP-compliant VoIP-program.Zfone turns...
whose source and compiled binaries are available.
Websites
For encrypting WWW/HTTP connections, typically HTTPSHttps
Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
is used. This can also be used for opportunistic website encryption. Most browsers verify the webserver's identity to make sure that an SSL certificate is signed by a trusted Certificate Authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
. The easiest way to enable opportunistic website encryption is by using self-signed certificates, but this causes browsers to display a warning each time the website is visited unless the user imports the website's certificate into their browser.
There are add-ons to Firefox called HTTPS Everywhere by EFF and HTTPSfinder. These addons find and automatically switch the connection to HTTPS when possible.
See also
- FreeS/WANFreeS/WANFreeS/WAN, for Free Secure Wide-Area Networking, was a free software project, which implemented a reference version of the IPsec network security layer for Linux and other Unix-like operating systems. The project goal of ubiquitous opportunistic encryption of Internet traffic was not realized,...
- IPsecIPsecInternet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
- John Gilmore
- OpenswanOpenswanOpenswan is a complete IPsec implementation for Linux 2.0, 2.2, 2.4 and 2.6 kernels.Openswan began as a fork of the now-defunct FreeS/WAN project, and continues to be released freely under the GNU General Public License. Unlike the FreeS/WAN project, it is not developed exclusively for the Linux...
- OpenVPNOpenVPNOpenVPN is a free and open source software application that implements virtual private network techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for...
- Pretty Good PrivacyPretty Good PrivacyPretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
- SRTPSecure Real-time Transport ProtocolThe Secure Real-time Transport Protocol defines a profile of RTP , intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications...
- StrongSwanStrongSwanstrongSwan is a complete IPsec implementation for Linux 2.6 and 3.x kernels.As a descendant of the FreeS/WAN project, it continues to be released under the GPL license. The project is actively maintained by Andreas Steffen who is a professor for Security in Communications at the University of...
- ZfoneZfoneZfone is software for secure voice communication over the Internet , using the ZRTP protocol. It is created by Phil Zimmermann, the creator of the PGP encryption software. Zfone works on top of existing SIP- and RTP-programs, but should work with any SIP- and RTP-compliant VoIP-program.Zfone turns...
- ZRTPZRTPZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over Internet Protocol phone telephony call based on the Real-time Transport Protocol. It uses Diffie-Hellman key exchange and the Secure Real-time Transport Protocol for...
- cf. Multifactor authentication
External links
- Enabling Email Confidentiality through the use of Opportunistic Encryption by Simson GarfinkelSimson GarfinkelSimson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California. Garfinkel is regarded as a leader in the fields of Digital forensics and Usable Security...
of the MIT Laboratory for Computer Science, May 2003 - Windows OE HOWTO
- Windows KB article on NAT-T and DH2048
- RFC 4322 - Opportunistic Encryption using the Internet Key Exchange (IKE)