Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
tcpcryptd(8)							  tcpcryptd(8)

       tcpcryptd  - Implement the tcpcrypt protocol by transparently modifying
       network I/O

       tcpcryptd [options]

       A list of all options is	produced by:

	      tcpcryptd	-h

       Configuration of	packet-diversion rules allows the system administrator
       to  control which TCP connections are protected by tcpcryptd.  The dae-
       mon receives packets for	transformation via a  "divert  port",  config-
       urable with -p port.

       The daemon communicates with user programs via a	"control socket", con-
       figurable with -u socket_address.  If socket_address begins  with  "/",
       it  is  interpreted  as	a  filesystem  path  pointing to a unix-domain
       socket; if it is	of the form ":port", it	is interpreted as the internet
       address localhost:port.

       Verbosity may be	increased with multiple	-v options.

       A  "phone-home"	test  will  be	performed at daemon startup to confirm
       end-to-end functionality	of the implementation (by  default,  with  the
       authors'	 server), but may be redirected	to another test-server with -s
       hostname	or disabled completely with -f.

       The tcpcryptd daemon transforms TCP segments via	a kernel "divert" port
       in  order  to  implement	 "opportunistic	 encryption"  according	to the
       tcpcrypt	protocol.

       For a peer that signals in the connection handshake that	it has support
       for  the	 tcpcrypt  protocol,  ephemeral	keys are exchanged and used to
       protect the confidentiality and integrity of the	connection's  applica-
       tion  data.   (The  protocol protects the integrity of parts of the TCP
       header as well.)	When a peer does not indicate support for  the	proto-
       col,  the  daemon will pass the remainder of the	connection unperturbed
       (and thus unprotected).

       Application software need not be	modified to take advantage of this fa-
       cility,	which  provides	confidentiality	in the face of passive network
       attackers (those	who cannot modify network data in  transit).   But  in
       order  to  protect communication	from active attackers, the application
       must intentionally authenticate the connection as described below.

       The tcpcrypt protocol does not itself  protect  communications  against
       "active attackers", that	is, those who are able to modify network pack-
       ets in transit.	Such an	attacker may perform a "man in the middle" at-
       tack that allows	her to behave as the endpoint of the encrypted connec-
       tion and	thus compromise	its security.

       However,	applications aware of tcpcrypt may authenticate	the connection
       in  whatever manner they	choose,	aided by an identifier for the connec-
       tion that is derived from the protocol and made available by tcpcryptd:

       A session id is derived from the	ephemeral keys used  to	 encrypt  each
       connection  protected  by  tcpcrypt.  This identifier is	(probabalisti-
       cally) unique over all connections, is not secret, and may be extracted
       by  applications	via the	user library libtcpcrypt.  Session ids for all
       active connections may also be listed with the netstat-like utility tc-

       Connection  peers  may ensure they are communicating securely with each
       other (enjoying confidentiality and integrity in	 the  face  of	active
       network	attackers) by confirming that the tcpcrypt session ids derived
       at each end are identical.  For example,	they may bind the  session  id
       together	 with  a shared	secret such as a password, sign	it with	public
       keys, use a voice connection to speak a fingerprint of  it,  or	simply
       record it for later confirmation.

       tcnetstat(8), <>



Want to link to this manual page? Use this URL:

home | help