Enhanced Performance and Privacy for TLS over TCP Fast Open

  • 1 University of Hamburg,
  • 2 University of Hamburg,
  • 3 University of Hamburg,
  • 4 University of Hamburg,
  • 5 University of Hamburg,


Small TCP flows make up the majority of web flows. For them, the TCP three-way handshake induces significant delay overhead. The TCP Fast Open (TFO) protocol can significantly decrease this delay via zero round-trip time (0-RTT) handshakes for all TCP handshakes that follow a full initial handshake to the same host. However, this comes at the cost of privacy limitations and also has some performance limitations. In this paper, we investigate the TFP deployment on popular websites and browsers. We found that a client revisiting a web site for the first time fails to use an abbreviated TFO handshake in 40% of all cases due to web server load-balancing using multiple IP addresses. Our analysis further reveals significant privacy problems of the protocol design and implementation. Network-based attackers and online trackers can exploit TFO to track the online activities of users. As a countermeasure, we introduce a novel protocol called TCP Fast Open Privacy (FOP). TCP FOP prevents tracking by network attackers and impedes third-party tracking, while still allowing 0-RTT handshakes as in TFO. As a proof-of-concept, we have implemented the proposed protocol for the Linux kernel and a TLS library. Our measurements indicate that TCP FOP outperforms TLS over TFO when websites are served from multiple IP addresses.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Alexa Internet Inc. Alexa Top 1,000,000 Sites, 2018. URL http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.

  • [2] J. Anastasov. IP-TCP_METRICS, 2018. URL man7.org/linux/man-pages/man8/ip-tcp_metrics.8.html.

  • [3] P. Balasubramanian. Privacy problems of TCP Fast Open, 2019. URL mailarchive.ietf.org/arch/msg/tcpm/7QtnB9FCF-pKeUpNt64woJ-kCy8.

  • [4] A. Bittau, M. Hamburg, M. Handley, D. Mazieres, and D. Boneh. The case for ubiquitous transport-level encryption. 2010.

  • [5] Y. Cheng, J. Chu, S. Radhakrishnan, and A. Jain. TCP Fast Open. RFC 7413, Dec. 2014.

  • [6] P. Eckersley. How unique is your web browser? In PET Symposium. Springer, 2010.

  • [7] S. Englehardt and A. Narayanan. Online tracking: A 1-million-site measurement and analysis. In CCS, 2016.

  • [8] Google LLC. Google IPv6 Statistics, 2019. URL https://www.google.com/intl/en/ipv6/statistics.html.

  • [9] M. Honda, Y. Nishida, C. Raiciu, A. Greenhalgh, M. Hand-ley, and H. Tokuda. Is it still possible to extend TCP? In IMC, 2011.

  • [10] HTTP Archive. Report: State of the Web, 2018. URL https://www.httparchive.org/reports/state-of-the-web.

  • [11] Kernel development community. Kernel TLS, 2019. URL www.kernel.org/doc/html/latest/networking/tls.html.

  • [12] A. Langley, A. Riddoch, A. Wilk, A. Vicente, C. Krasic, D. Zhang, F. Yang, F. Kouranov, I. Swett, J. Iyengar, et al. The QUIC transport protocol: Design and Internet-scale deployment. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication, 2017.

  • [13] Linux man-pages project. tcp - TCP protocol, 2018. URL man7.org/linux/man-pages/man7/tcp.7.htmll.

  • [14] K. McCarthy. OK, this time it’s for real: The last available IPv4 address block has gone, 2019. URL https://www.theregister.co.uk/2018/04/18/last_ipv4_address/.

  • [15] Mozilla Corporation. User tracking via TCP Fast Open, 2018. URL bugzilla.mozilla.org/show_bug.cgi?id=1500224.

  • [16] Mozilla Foundation. Private Browsing - Use Firefox without saving history, 2018. URL https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history.

  • [17] S. J. Murdoch. Hot or not: Revealing hidden services by their clock skew. In CCS, 2006.

  • [18] D. T. Narten, R. P. Draves, and S. Krishnan. Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 4941, Sept. 2007.

  • [19] OpenSignal. LTE Latency: How does it compare to other technologies?, 2014. URL opensignal.com/blog/2014/03/10/lte-latency-how-does-it-compare-to-other-technologies/.

  • [20] OpenSignal. State of Mobile Networks: USA (July 2018), 2018. URL opensignal.com/reports/2018/07/usa/state-ofthe-mobile-network.

  • [21] C. Paasch. Network support for TCP Fast Open, 2016. URL nanog.org/sites/default/files/Paasch_Network_Support.pdf.

  • [22] L. Polcák, J. Jirásek, and P. Matousek. Comment on” Remote Physical Device Fingerprinting”. IEEE Trans. Dependable Sec. Comput., 11, 2014.

  • [23] J. Postel. Transmission Control Protocol. RFC 793, Sept. 1981.

  • [24] J. Postel and J. K. Reynolds. Assigned Numbers. RFC 1700, Oct. 1994.

  • [25] C. Raiciu, C. Paasch, S. Barre, A. Ford, M. Honda, F. Duchene, O. Bonaventure, and M. Handley. How hard can it be? designing and implementing a deployable multi-path TCP. In NSDI, 2012.

  • [26] E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, Aug. 2018.

  • [27] StatCounter. Desktop Browser Market Share Worldwide, 2018. URL http://gs.statcounter.com/browser-market-share.

  • [28] E. Sy. Enhanced Performance and Privacy via Resolver-Less DNS. arXiv preprint arXiv:1908.04574, 2019.

  • [29] E. Sy, C. Burkert, H. Federrath, and M. Fischer. Tracking Users Across the Web via TLS Session Resumption. ACSAC ’18, 2018.

  • [30] E. Sy, C. Burkert, H. Federrath, and M. Fischer. A QUIC Look at Web Tracking. PET Symposium, 3, 2019.

  • [31] E. Sy, M. Moennich, T. Mueller, H. Federrath, and M. Fischer. Enhanced Performance for the encrypted Web through TLS Resumption across Hostnames. arXiv preprint arXiv:1902.02531, 2019.

  • [32] Y. Xie, F. Yu, K. Achan, E. Gillum, M. Goldszmidt, and T. Wobber. How Dynamic Are IP Addresses? SIGCOMM Comput. Commun. Rev., 37(4), Aug. 2007.


Journal + Issues