TurboTLS: TLS connection establishment with 1 less round trip

02/10/2023
by   Carlos Aguilar-Melchor, et al.
0

We show how to establish TLS connections using one less round trip. In our approach, which we call TurboTLS, the initial client-to-server and server-to-client flows of the TLS handshake are sent over UDP rather than TCP. At the same time, in the same flights, the three-way TCP handshake is carried out. Once the TCP connection is established, the client and server can complete the final flight of the TLS handshake over the TCP connection and continue using it for application data. No changes are made to the contents of the TLS handshake protocol, only its delivery mechanism. We avoid problems with UDP fragmentation by using request-based fragmentation, in which the client sends in advance enough UDP requests to provide sufficient room for the server to fit its response with one response packet per request packet. Clients can detect which servers support this without an additional round trip, if the server advertises its support in a DNS HTTPS resource record. Experiments using our software implementation show substantial latency improvements. On reliable connections, we effectively eliminate a round trip without any noticeable cost. To ensure adequate performance on unreliable connections, we use lightweight packet ordering and buffering; we can have a client wait a very small time to receive a potentially lost packet (e.g., a fraction of the RTT observed for the first fragment) before falling back to TCP without any further delay, since the TCP connection was already in the process of being established. This approach offers substantial performance improvements with low complexity, even in heterogeneous network environments with poorly configured middleboxes.

READ FULL TEXT
research
09/07/2021

A Just-In-Time Networking Framework for Minimizing Request-Response Latency of Wireless Time-Sensitive Applications

This paper puts forth a networking paradigm, referred to as just-in-time...
research
04/12/2019

QUICker connection establishment with out-of-band validation tokens

QUIC is a secure transport protocol and aims to improve the performance ...
research
12/07/2020

Machine Learning Prediction of Gamer's Private Networks

The Gamer's Private Network (GPN) is a client/server technology created ...
research
09/04/2020

Short-Lived Forward-Secure Delegation for TLS

On today's Internet, combining the end-to-end security of TLS with Conte...
research
05/09/2023

Opportunistic Mutual Exclusion

Mutual exclusion is an important problem in the context of shared resour...
research
11/09/2021

Classifying DNS Servers based on Response Message Matrix using Machine Learning

Improperly configured domain name system (DNS) servers are sometimes use...
research
07/16/2012

Diagnosing client faults using SVM-based intelligent inference from TCP packet traces

We present the Intelligent Automated Client Diagnostic (IACD) system, wh...

Please sign up or login with your details

Forgot password? Click here to reset