Obfuscated TCP (ObsTCP) was a proposal for atransport layer protocol which implementsopportunistic encryption overTransmission Control Protocol (TCP). It was designed to prevent masswiretapping and malicious corruption of TCP traffic on theInternet, with lower implementation cost and complexity thanTransport Layer Security (TLS). In August 2008,IETF rejected the proposal for a TCP option, suggesting it be done on the application layer instead.[1] The project has been inactive since a few months later.
In 2010 June, a separate proposal calledtcpcrypt has been submitted, which shares many of the goals of ObsTCP: being transparent to applications, opportunistic and low overhead. It requires even less configuration (no DNS entries or HTTP headers). Unlike ObsTCP, tcpcrypt also provides primitives down to the application to implement authentication and preventman-in-the-middle attacks (MITM).[2]
ObsTCP was created byAdam Langley. The concept of obfuscating TCP communications using opportunistic encryption evolved through several iterations. The experimental iterations of ObsTCP used TCP options in 'SYN' packets to advertise support for ObsTCP, the server responding with a public key in the 'SYNACK'. AnIETF draft protocol was first published in July 2008. Packets were encrypted with Salsa20/8,[3] and signed packets with MD5 checksums.[4]
The present (third) iteration uses special DNS records (or out of band methods) to advertise support and keys, without modifying the operation of the underlying TCP protocol.[5]
ObsTCP is a low cost protocol intended to protect TCP traffic, without requiringpublic key certificates, the services ofCertificate Authorities, or a complexPublic Key Infrastructure. It is intended to suppress the use of undirected surveillance to trawl unencrypted traffic, rather than protect against man in the middle attack.
The software presently supports the Salsa20/8[3]stream cipher and Curve25519[6] elliptic-curve Diffie Hellman function.
| Feature | ObsTCP | SSL/TLS/HTTPS |
|---|---|---|
| Public Key Infrastructure | Does not require a signed public key certificate | Requires that a signed public key certificate is purchased (or self-signed certificate is used) |
| Web browser support | Patched versions ofFirefox available[7] | Widely supported by all popular web browsers |
| Web server support | Requires patches/server upgrades forlighttpd and Apache[8] | Widely supported by popular web servers |
| Network latency | Nil additional round trips per connection (thoughDNS lookup may be required to obtain key advertisement) | One or two additional round trips per connection |
| Encryption speed | Very fast cryptography | Slower |
| TCP port | Can use any TCP port | Typically uses port 443, but can use any TCP port |
| Security characteristics | Does not resist some man-in-the-middle attacks | Resists man-in-the-middle attacks |
A server using ObsTCP advertises a public key and aport number.
ADNS 'A record' may be used to advertise server support for ObsTCP (with aDNS 'CNAME record' providing a 'friendly' name). HTTP header records, or cached/out of band keyset information may also be used instead.
A client connecting to an ObsTCP server parses the DNS entries, uses HTTP header records, or uses cached/out of band data to obtain the public key and port number, before connecting to the server and encrypting traffic.