Opportunistic encryption (OE) refers to any
system
A system is a group of Interaction, interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment (systems), environment, is described by its boundaries, ...
that, when connecting to another system, attempts to
encrypt
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.
Opportunistic encryption can be used to combat
passive wiretapping. (an ''active'' wiretapper, on the other hand, can disrupt encryption negotiation to either force an unencrypted channel or perform a
man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
on the encrypted link.) It does not provide a strong level of
security
Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
as authentication may be difficult to establish and secure communications are not mandatory. However, it does make the encryption of most
Internet traffic
Internet traffic is the flow of data within the entire Internet, or in certain network links of its constituent networks. Common traffic measurements are total volume, in units of multiples of the byte, or as transmission rates in bytes per cert ...
easy to implement, which removes a significant impediment to the mass adoption of Internet traffic security.
Opportunistic encryption on the Internet is described in "Opportunistic Encryption using the Internet Key Exchange (IKE)", "Opportunistic Security: Some Protection Most of the Time", and in "Opportunistic Security for HTTP/2".
Routers
The
FreeS/WAN
FreeS/WAN, for Free Secure Wide-Area Networking, was a free software project, which implemented a reference version of the IPsec network security layer for Linux. The project goal of ubiquitous opportunistic encryption of Internet traffic was n ...
project was one of the early proponents of OE. The effort is continued by the former freeswan developers now working on
Libreswan
Libreswan is a Fork (software development), fork of the Openswan IPsec Virtual private network, VPN implementation.
Libreswan is created by almost all of the Openswan developers after a lawsuit about the ownership of the Openswan name was fi ...
. Libreswan aims to support different authentication hooks for Opportunistic Encryption with
IPsec
In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
. Version 3.16, which was released in December 2015, had support for Opportunistic IPsec using AUTH-NULL which is based o
RFC 7619 The Libreswan Project is currently working on (forward)
Domain Name System Security Extensions
The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...
(DNSSEC) and
Kerberos support for Opportunistic IPsec.
Openswan
In the field of computer security, Openswan provides a complete IPsec implementation for Linux and FreeBSD.
Openswan, begun as a Fork (software development), fork of the now-defunct FreeS/WAN project, continues to use the GNU General Public Li ...
has also been ported to the
OpenWrt
OpenWrt (from ''open wireless router'') is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All com ...
project. Openswan used reverse
DNS
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
records to facilitate the key exchange between the systems.
It is possible to use
OpenVPN
OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...
and networking protocols to set up dynamic VPN links which act similar to OE for specific domains.
Linux and Unix-like systems
The FreeS/WAN and forks such as Openswan and
strongSwan offer VPNs which can also operate in OE mode using IPsec based technology.
Obfuscated TCP
Obfuscated TCP (ObsTCP) was a proposal for a transport layer protocol which implements opportunistic encryption over Transmission Control Protocol (TCP). It was designed to prevent mass wiretapping and malicious corruption of TCP traffic on the Int ...
is another method of implementing OE.
Windows OS
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
platforms have an implementation of OE installed by default. This method uses IPsec to secure the traffic and is a simple procedure to turn on. It is accessed via the
MMC and "IP Security Policies on Local Computer" and then editing the properties to assign the "(Request Security)" policy. This will turn on optional IPsec in a Kerberos environment.
Many systems also have problems when either side is behind a
NAT
Nat or NAT may refer to:
Computing
* Network address translation (NAT), in computer networking
Organizations
* National Actors Theatre, New York City, U.S.
* National AIDS trust, a British charity
* National Archives of Thailand
* National As ...
. This problem is addressed by NAT Traversal (
NAT-T
Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).
NAT traversal techniques are required for m ...
) and is accomplished by editing a
registry Registry may refer to:
Computing
* Container registry, an operating-system-level virtualization registry
* Domain name registry, a database of top-level internet domain names
* Local Internet registry
* Metadata registry, information system for re ...
item. Using the filtering options provided in MMC, it is possible to tailor the networking to require, request or permit traffic to various domains and protocols to use encryption.
E-mail
Opportunistic Encryption can also be used for specific traffic like
e-mail
Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
using the
SMTP
The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...
STARTTLS extension for relaying messages across the Internet, or the
Internet Message Access Protocol
In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by .
IMAP was designed with the goal of per ...
(IMAP) STARTTLS extension for reading e-mail. With this implementation, it is not necessary to obtain a certificate from a
certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...
, as a
self-signed certificate
In cryptography and computer security, self-signed certificates are public key certificates that are not issued by a certificate authority (CA). These self-signed certificates are easy to make and do not cost money. However, they do not provide any ...
can be used.
* Using TLS with IMAP, POP3 and ACAP
* SMTP Service Extension for Secure SMTP over TLS
STARTTLS and postfixSTARTTLS and Exchange
Many systems employ a variant with third-party add-ons to traditional email packages by first attempting to obtain an encryption key and if unsuccessful, then sending the email in the clear. PGP
PGP or Pgp may refer to:
Science and technology
* P-glycoprotein, a type of protein
* Pelvic girdle pain, a pregnancy discomfort
* Personal Genome Project, to sequence genomes and medical records
* Pretty Good Privacy, a computer program for the ...
, p≡p, Hushmail
Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender (either both are Hushm ...
, and Ciphire, among others can all be set up to work in this mode.
In practice, STARTTLS in SMTP is often deployed with self-signed certificates, which represents a minimal one-time task for a system administrator, and results in most email traffic being opportunistically encrypted.
VoIP
Some Voice over IP
Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of speech, voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms In ...
(VoIP) solutions provide for painless encryption of voice traffic when possible. Some versions of the Sipura Technology
Sipura Technology, Inc. was a Voice over IP (VoIP) startup company based in San Jose, California founded in 2003 with its siblings VideoCore and Komodo Technology, Inc. Sipura made VoIP telephone adapters including the Sipura Phone Adapter SPA21 ...
and Linksys
Linksys is an American brand of data networking hardware products mainly sold to home users and small businesses. It was founded in 1988 by the couple Victor and Janie Tsao, both Taiwanese immigrants to the United States. Linksys products incl ...
lines of analog telephony adapter
An analog telephone adapter (ATA) is a device for connecting traditional analog telephones, fax machines, and similar customer-premises devices to a digital telephone system or a voice over IP telephony network.
An ATA is often built into a sma ...
s (ATA) include a hardware implementation of SRTP with the installation of a certificate from Voxilla, a VoIP information site. When the call is placed an attempt is made to use SRTP, if successful a series of tones are played into the handset, if not the call proceeds without using encryption. Skype
Skype () is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for VoIP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, deb ...
and Amicima
Amicima, Inc. was a software company headquartered in Santa Cruz, California, United States, developing new network protocols for client–server and peer-to-peer communication over the Internet and applications using the protocols. Amicima's as ...
use only secure connections and Gizmo5
Gizmo5 (formerly known as Gizmo Project and SIPphone) was a voice over IP communications network and a proprietary freeware soft phone for that network. On November 12, 2009, Google announced that it had acquired Gizmo5. On March 4, 2011, Google ...
attempts a secure connection between its clients. Phil Zimmermann
Philip R. Zimmermann (born 1954) is an American computer scientist and Cryptography, cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. He is also known for his work in VoI ...
, Alan Johnston, and Jon Callas
Jon Callas is an American computer security expert, software engineer, user experience designer, and technologist who is the co-founder and former CTO of the global encrypted communications service Silent Circle.http://www.linkedin.com/in/joncal ...
have proposed a new VoIP encryption protocol called ZRTP
ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. ...
. They have an implementation of it called Zfone
is software for secure voice communication over the Internet (VoIP), using the ZRTP protocol. It is created by Phil Zimmermann, the creator of the PGP encryption software. Zfone works on top of existing SIP- and RTP-programs, but should work w ...
whose source and compiled binaries are available.
Websites
For encrypting WWW
The World Wide Web (WWW), commonly known as the Web, is an information system enabling documents and other web resources to be accessed over the Internet.
Documents and downloadable media are made available to the network through web se ...
/HTTP
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
connections, HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
is typically used, which requires strict encryption and has significant administrative costs, both in terms of initial setup and continued maintenance costs for the website
A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google Search, Google, Facebook, Amaz ...
operator. Most browsers verify the webserver
A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiate ...
's identity to make sure that an SSL certificate is signed by a trusted certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...
and has not expired, usually requiring the website operator to manually change the certificate every one or two years. The easiest way to enable some sort of opportunistic website encryption is by using self-signed certificates, but this causes browsers to display a warning each time the website is visited unless the user manually marks the website's certificate as trusted. Because unencrypted websites do not currently display any such warnings, the use of self-signed certificates is not well received.
In 2015, Mozilla
Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, wi ...
started to roll out opportunistic encryption in Firefox
Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...
version 37. This was quickly rolled back (in update 37.0.1) due to a serious vulnerability
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally."
A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
that could bypass SSL certificate verification.
Browser extensions like HTTPS Everywhere
HTTPS Everywhere is a free and open-source browser extension for Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Brave, Vivaldi and Firefox for Android, which is developed collaboratively by The Tor Project and the Electronic Frontier F ...
and HTTPSfinder find and automatically switch the connection to HTTPS when possible.
Several proposals were available for true, seamless opportunistic encryption of HTTP/2
HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google. HTTP/2 was developed by the HTTP Working ...
protocol. These proposals were later rejected. Poul-Henning Kamp
Poul-Henning Kamp (; born 1966) is a Danish computer software developer known for work on various projects including FreeBSD and Varnish. He currently resides in Slagelse, Denmark.
Involvement in the FreeBSD project
Poul-Henning Kamp has been c ...
, lead developer of Varnish and a senior FreeBSD
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
kernel developer, has criticized the IETF
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
for following a particular political agenda
In politics, a political agenda is a list of subjects or problems (issues) to which government officials as well as individuals outside the government are paying serious attention to at any given time.
The political agenda is most often shaped by ...
with HTTP/2 for not implementing opportunistic encryption in the standard.
Weaknesses
STARTTLS implementations often used with SMTP
The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...
are vulnerable to STRIPTLS attacks when subject to active wiretapping.
See also
*John Gilmore John Gilmore may refer to:
* John Gilmore (activist) (born 1955), co-founder of the Electronic Frontier Foundation and Cygnus Solutions
* John Gilmore (musician) (1931–1995), American jazz saxophonist
* John Gilmore (representative) (1780–1845), ...
*Multi-factor authentication
Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
*Opportunistic TLS
Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted ( TLS or SSL) connection instead of using a separate port for encrypted ...
* Opportunistic Wireless Encryption (OWE)
* Security level
*Security level management
Security level management (SLM) comprises a quality assurance system for electronic information security.
The aim of SLM is to display the IT security status transparently across a company at any time, and to make IT security a measurable quanti ...
*tcpcrypt
In computer networking, tcpcrypt is a transport layer communication encryption protocol. Unlike prior protocols like TLS (SSL), tcpcrypt is implemented as a TCP extension. It was designed by a team of six security and networking experts: Andrea ...
References
External links
Enabling Email Confidentiality through the use of Opportunistic Encryption
by Simson Garfinkel
Simson L. Garfinkel (born 1965) is Senior Data Scientist at the Department of Homeland Security (DHS). He was formerly the US Census Bureau's Senior Computer Scientist for Confidentiality and Data Access. Previously, he was a computer scientist at ...
of the MIT Laboratory for Computer Science, May 2003
Windows KB article on NAT-T and DH2048
* – Opportunistic Encryption using the Internet Key Exchange (IKE)
* – Pervasive Monitoring Is an Attack
{{SSL/TLS
Cryptographic software
Internet Protocol based network software
Internet privacy