@misc{postel_user_1980, title = {User {Datagram} {Protocol}}, url = {https://tools.ietf.org/html/rfc768}, language = {en}, urldate = {2021-03-01}, author = {Postel, J.}, month = aug, year = {1980}, file = {Snapshot:/home/jake/Zotero/storage/5N2EGXIC/rfc768.html:text/html}, } @article{kohler_designing_nodate, title = {Designing {DCCP}: {Congestion} {Control} {Without} {Reliability}}, abstract = {DCCP, the Datagram Congestion Control Protocol, is a new transport protocol in the TCP/UDP family that provides a congestion-controlled flow of unreliable datagrams. Delay-sensitive applications, such as streaming media and telephony, prefer timeliness to reliability. These applications have historically used UDP and implemented their own congestion control mechanisms—a difficult task—or no congestion control at all. DCCP will make it easy to deploy these applications without risking congestion collapse. It aims to add to a UDP-like foundation the minimum mechanisms necessary to support congestion control, such as possibly-reliable transmission of acknowledgement information. This minimal design should make DCCP suitable as a building block for more advanced application semantics, such as selective reliability. We introduce and motivate the protocol and discuss some of its design principles. Those principles particularly shed light on the ways TCP’s reliable byte-stream semantics influence its implementation of congestion control.}, language = {en}, author = {Kohler, Eddie and Handley, Mark and Floyd, Sally}, pages = {12}, file = {Kohler et al. - Designing DCCP Congestion Control Without Reliabi.pdf:/home/jake/Zotero/storage/KMDTAT3J/Kohler et al. - Designing DCCP Congestion Control Without Reliabi.pdf:application/pdf}, } @misc{kent_ip_2005, title = {{IP} {Authentication} {Header}}, url = {https://tools.ietf.org/html/rfc4302}, language = {en}, urldate = {2021-01-29}, author = {Kent, Stephen}, month = dec, year = {2005}, file = {Snapshot:/home/jake/Zotero/storage/8DTCGSYY/rfc4302.html:text/html}, } @article{dolev_security_1983, title = {On the {Security} of {Public} {Key} {Protocols}}, language = {en}, number = {2}, journal = {IEEE TRANSACTIONS ON INFORMATION THEORY}, author = {Dolev, Danny and Yao, Andrew C.}, year = {1983}, pages = {11}, file = {Dolev - 1983 - On the Security of Public Key Protocols.pdf:/home/jake/Zotero/storage/X6DEMNBM/Dolev - 1983 - On the Security of Public Key Protocols.pdf:application/pdf}, } @misc{beck_manifesto_2001, title = {Manifesto for {Agile} {Software} {Development}}, url = {http://agilemanifesto.org/}, urldate = {2021-01-29}, author = {Beck, Kent and Beedle, Mike and van Bekkenum, Arie and Cockburn, Alistair and Cunningham, Ward and Fowler, Martin and Grenning, James and Highsmith, Jim and Hunt, Andrew and Jeffries, Ron and Kern, Jon and Marick, Brian and Martin, Robert C. and Mellor, Steve and Schwaber, Ken and Sutherland, Jeff and Thomas, Dave}, year = {2001}, file = {Manifesto for Agile Software Development:/home/jake/Zotero/storage/93M8RQJR/agilemanifesto.org.html:text/html}, } @book{menezes_handbook_1997, address = {Boca Raton}, series = {{CRC} {Press} series on discrete mathematics and its applications}, title = {Handbook of applied cryptography}, isbn = {978-0-8493-8523-0}, publisher = {CRC Press}, author = {Menezes, A. J. and Van Oorschot, Paul C. and Vanstone, Scott A.}, year = {1997}, keywords = {Access control Handbooks, manuals, etc, Computers, Cryptography, Handbooks, manuals, etc}, } @techreport{dworkin_recommendation_2005, address = {Gaithersburg, MD}, title = {Recommendation for block cipher modes of operation :: the {CMAC} mode for authentication}, shorttitle = {Recommendation for block cipher modes of operation}, url = {https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf}, abstract = {This Recommendation specifies a message authentication code (MAC) algorithm based on a symmetric key block cipher. This block cipher-based MAC algorithm, called CMAC, may be used to provide assurance of the authenticity and, hence, the integrity of binary data.}, language = {en}, number = {NIST SP 800-38b}, urldate = {2021-01-01}, institution = {National Institute of Standards and Technology}, author = {Dworkin, M J}, month = may, year = {2005}, doi = {10.6028/NIST.SP.800-38b}, note = {Edition: 0}, pages = {NIST SP 800--38b}, file = {Dworkin - 2016 - Recommendation for block cipher modes of operation.pdf:/home/jake/Zotero/storage/SS3L2L43/Dworkin - 2016 - Recommendation for block cipher modes of operation.pdf:application/pdf}, } @misc{poovendran_aes-cmac_2006, title = {The {AES}-{CMAC} {Algorithm}}, url = {https://tools.ietf.org/html/rfc4493#section-2.4}, language = {en}, urldate = {2021-01-01}, author = {Poovendran, Radha and Lee, Jicheol}, month = jun, year = {2006}, file = {Snapshot:/home/jake/Zotero/storage/4IB8TD34/rfc4493.html:text/html}, } @misc{dalal_improving_2010, title = {Improving {TCP}'s {Robustness} to {Blind} {In}-{Window} {Attacks}}, url = {https://tools.ietf.org/html/rfc5961#ref-SITW}, language = {en}, urldate = {2021-01-01}, author = {Dalal, Mitesh and Stewart, Randall R. and Ramaiah, Anantha}, month = aug, year = {2010}, file = {Snapshot:/home/jake/Zotero/storage/XK2GP7KM/rfc5961.html:text/html}, } @techreport{watson_slipping_2003, type = {Technical {Whitepaper}}, title = {{SLIPPING} {IN} {THE} {WINDOW}: {TCP} {RESET} {ATTACKS}}, language = {en}, author = {Watson, Paul A}, month = oct, year = {2003}, pages = {33}, file = {Watson - SLIPPING IN THE WINDOW TCP RESET ATTACKS.pdf:/home/jake/Zotero/storage/RRPCGU6W/Watson - SLIPPING IN THE WINDOW TCP RESET ATTACKS.pdf:application/pdf}, } @inproceedings{wischik_design_2011, address = {USA}, series = {{NSDI}'11}, title = {Design, implementation and evaluation of congestion control for multipath {TCP}}, abstract = {Multipath TCP, as proposed by the IETF working group mptcp, allows a single data stream to be split across multiple paths. This has obvious benefits for reliability, and it can also lead to more efficient use of networked resources. We describe the design of a multipath congestion control algorithm, we implement it in Linux, and we evaluate it for multihomed servers, data centers and mobile clients. We show that some 'obvious' solutions for multipath congestion control can be harmful, but that our algorithm improves throughput and fairness compared to single-path TCP. Our algorithmis a drop-in replacement for TCP, and we believe it is safe to deploy.}, urldate = {2021-01-01}, booktitle = {Proceedings of the 8th {USENIX} conference on {Networked} systems design and implementation}, publisher = {USENIX Association}, author = {Wischik, Damon and Raiciu, Costin and Greenhalgh, Adam and Handley, Mark}, month = mar, year = {2011}, pages = {99--112}, file = {Wischik et al. - Design, implementation and evaluation of congestio.pdf:/home/jake/Zotero/storage/5EIJG455/Wischik et al. - Design, implementation and evaluation of congestio.pdf:application/pdf}, } @misc{tsou_ipsec_2012, title = {{IPsec} {Anti}-{Replay} {Algorithm} without {Bit} {Shifting}}, url = {https://tools.ietf.org/html/rfc6479}, language = {en}, urldate = {2021-01-01}, author = {Tsou, Tina and Zhang, Xiangyang}, month = jan, year = {2012}, file = {Snapshot:/home/jake/Zotero/storage/WCGNATZP/rfc6479.html:text/html}, } @misc{krawczyk_hmac_1997, title = {{HMAC}: {Keyed}-{Hashing} for {Message} {Authentication}}, shorttitle = {{HMAC}}, url = {https://tools.ietf.org/html/rfc2104#ref-BCK1}, language = {en}, urldate = {2020-12-31}, author = {Krawczyk, Hugo and Canetti, Ran and Bellare, Mihir}, month = feb, year = {1997}, file = {Snapshot:/home/jake/Zotero/storage/KUTP7P8A/rfc2104.html:text/html}, } @misc{handley_tcp_2020, title = {{TCP} {Extensions} for {Multipath} {Operation} with {Multiple} {Addresses}}, url = {https://tools.ietf.org/html/rfc8684}, language = {en}, urldate = {2020-12-22}, author = {Handley, Mark and Bonaventure, Olivier and Raiciu, Costin and Ford, Alan and Paasch, Christoph}, month = mar, year = {2020}, file = {Snapshot:/home/jake/Zotero/storage/ATRML74P/rfc8684.html:text/html}, } @book{anderson_security_2008, address = {Indianapolis, IN}, edition = {2nd ed}, title = {Security engineering: a guide to building dependable distributed systems}, isbn = {978-0-470-06852-6}, shorttitle = {Security engineering}, publisher = {Wiley Pub}, author = {Anderson, Ross}, year = {2008}, note = {OCLC: ocn192045774}, keywords = {Computer security, Distributed processing, Electronic data processing}, annote = {What is security engineering? -- Usability and psychology -- Protocols -- Access control -- Cryptography -- Distributed systems -- Economics -- Multilevel security -- Multilateral security -- Banking and bookkeeping -- Physical protection -- Monitoring and metering -- Nuclear command and control -- Security printing and seals -- Biometrics -- Physical tamper resistance -- Emission security -- API attacks -- Electronic and information warfare -- Telecom system security -- Network attack and defense -- Copyright and DRM -- The bleeding edge -- Terror, justice and freedom -- Managing the development of secure systems -- System evaluation and assurance}, file = {Anderson - 2008 - Security engineering a guide to building dependab.pdf:/home/jake/Zotero/storage/KP7KURZX/Anderson - 2008 - Security engineering a guide to building dependab.pdf:application/pdf}, } @inproceedings{wischik_control_2009, address = {Berlin, Heidelberg}, series = {Lecture {Notes} in {Computer} {Science}}, title = {Control of {Multipath} {TCP} and {Optimization} of {Multipath} {Routing} in the {Internet}}, isbn = {978-3-642-10406-0}, doi = {10.1007/978-3-642-10406-0_14}, abstract = {There are moves in the Internet architecture community to add multipath capabilities to TCP, so that end-systems will be able to shift their traffic away from congested parts of the network. We study two problems relating to the design of multipath TCP. (i) We investigate stochastic packet-level behaviour of some proposed multipath congestion control algorithms, and find that they do not behave how we might expect from fluid modeling: they tend to flap randomly between their available paths. We explain why, and propose a congestion control algorithm that does not flap. (ii) We consider how the path choice offered by the network affects the ability of end-systems to shift their traffic between a pool of resources. We define a ‘resource poolability’ metric, which measures for each resource how easy it is for traffic to be shifted away from that resource e.g. in the event of a traffic surge or link failure.}, language = {en}, booktitle = {Network {Control} and {Optimization}}, publisher = {Springer}, author = {Wischik, Damon and Handley, Mark and Raiciu, Costin}, editor = {Núñez-Queija, Rudesindo and Resing, Jacques}, year = {2009}, keywords = {congestion control, fluid model, load balancing, multipath TCP, resource pooling}, pages = {204--218}, file = {Springer Full Text PDF:/home/jake/Zotero/storage/3Y23DZS8/Wischik et al. - 2009 - Control of Multipath TCP and Optimization of Multi.pdf:application/pdf}, } @article{sharma_road_2020, title = {The {Road} {Not} {Taken}: {Re}-thinking the {Feasibility} of {Voice} {Calling} {Over} {Tor}}, volume = {2020}, shorttitle = {The {Road} {Not} {Taken}}, url = {https://content.sciendo.com/view/journals/popets/2020/4/article-p69.xml}, doi = {10.2478/popets-2020-0063}, abstract = {{\textless}section class="abstract"{\textgreater}{\textless}h2 class="abstractTitle text-title my-1" id="d516e2"{\textgreater}Abstract{\textless}/h2{\textgreater}{\textless}p{\textgreater}Anonymous VoIP calls over the Internet holds great significance for privacy-conscious users, whistle-blowers and political activists alike. Prior research deems popular anonymization systems like Tor unsuitable for providing the requisite performance guarantees that real-time applications like VoIP need. Their claims are backed by studies that may no longer be valid due to constant advancements in Tor. Moreover, we believe that these studies lacked the requisite diversity and comprehensiveness. Thus, conclusions from these studies, led them to propose novel and tailored solutions. However, no such system is available for immediate use. Additionally, operating such new systems would incur significant costs for recruiting users and volunteered relays, to provide the necessary anonymity guarantees.{\textless}/p{\textgreater}{\textless}p{\textgreater}It thus becomes an imperative that the exact performance of VoIP over Tor be quantified and analyzed, so that the potential performance bottlenecks can be amended. We thus conducted an extensive empirical study across various in-lab and real world scenarios to shed light on VoIP performance over Tor. In over half a million calls spanning 12 months, across seven countries and covering about 6650 Tor relays, we observed that {\textless}em{\textgreater}Tor supports good voice quality (Perceptual Evaluation of Speech Quality (PESQ) \>{\textless}/em{\textgreater}3 {\textless}em{\textgreater}and one-way delay \<{\textless}/em{\textgreater}400 {\textless}em{\textgreater}ms) in more than 85\% of cases{\textless}/em{\textgreater}. Further analysis indicates that in general for most Tor relays, the contentions due to cross-traffic were low enough to support VoIP calls, that are anyways transmitted at low rates (\<120 Kbps). Our findings are supported by concordant measurements using iperf that show more than the adequate available bandwidth for most cases. Hence, unlike prior efforts, our research reveals that Tor is suitable for supporting anonymous VoIP calls.{\textless}/p{\textgreater}{\textless}/section{\textgreater}}, language = {en}, number = {4}, urldate = {2020-12-03}, journal = {Proceedings on Privacy Enhancing Technologies}, author = {Sharma, Piyush Kumar and Chaudhary, Shashwat and Hassija, Nikhil and Maity, Mukulika and Chakravarty, Sambuddho}, month = oct, year = {2020}, note = {Publisher: Sciendo Section: Proceedings on Privacy Enhancing Technologies}, pages = {69--88}, file = {Snapshot:/home/jake/Zotero/storage/IMQSR22L/journals\$002fpopets\$002f2020\$002f4\$002farticle-p69.html:text/html;Full Text PDF:/home/jake/Zotero/storage/H59PHVNZ/Sharma et al. - 2020 - The Road Not Taken Re-thinking the Feasibility of.pdf:application/pdf}, } @incollection{hutchison_blake2_2013, address = {Berlin, Heidelberg}, title = {{BLAKE2}: {Simpler}, {Smaller}, {Fast} as {MD5}}, volume = {7954}, isbn = {978-3-642-38979-5 978-3-642-38980-1}, shorttitle = {{BLAKE2}}, url = {http://link.springer.com/10.1007/978-3-642-38980-1_8}, abstract = {We present the hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3: up to 256-bit collision resistance, immunity to length extension, indifferentiability from a random oracle, etc. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 reduces the RAM requirements of BLAKE down to 168 bytes, making it smaller than any of the five SHA-3 finalists, and 32\% smaller than BLAKE. Finally, BLAKE2 provides a comprehensive support for tree-hashing as well as keyed hashing (be it in sequential or tree mode).}, language = {en}, urldate = {2020-11-28}, booktitle = {Applied {Cryptography} and {Network} {Security}}, publisher = {Springer Berlin Heidelberg}, author = {Aumasson, Jean-Philippe and Neves, Samuel and Wilcox-O’Hearn, Zooko and Winnerlein, Christian}, editor = {Hutchison, David and Kanade, Takeo and Kittler, Josef and Kleinberg, Jon M. and Mattern, Friedemann and Mitchell, John C. and Naor, Moni and Nierstrasz, Oscar and Pandu Rangan, C. and Steffen, Bernhard and Sudan, Madhu and Terzopoulos, Demetri and Tygar, Doug and Vardi, Moshe Y. and Weikum, Gerhard and Jacobson, Michael and Locasto, Michael and Mohassel, Payman and Safavi-Naini, Reihaneh}, year = {2013}, doi = {10.1007/978-3-642-38980-1_8}, note = {Series Title: Lecture Notes in Computer Science}, pages = {119--135}, file = {Aumasson et al. - 2013 - BLAKE2 Simpler, Smaller, Fast as MD5.pdf:/home/jake/Zotero/storage/ZG25MG4B/Aumasson et al. - 2013 - BLAKE2 Simpler, Smaller, Fast as MD5.pdf:application/pdf}, } @article{peng_multipath_2016, title = {Multipath {TCP}: {Analysis}, {Design}, and {Implementation}}, volume = {24}, issn = {1558-2566}, shorttitle = {Multipath {TCP}}, doi = {10.1109/TNET.2014.2379698}, abstract = {Multipath TCP (MP-TCP) has the potential to greatly improve application performance by using multiple paths transparently. We propose a fluid model for a large class of MP-TCP algorithms and identify design criteria that guarantee the existence, uniqueness, and stability of system equilibrium. We clarify how algorithm parameters impact TCP-friendliness, responsiveness, and window oscillation and demonstrate an inevitable tradeoff among these properties. We discuss the implications of these properties on the behavior of existing algorithms and motivate our algorithm Balia (balanced linked adaptation), which generalizes existing algorithms and strikes a good balance among TCP-friendliness, responsiveness, and window oscillation. We have implemented Balia in the Linux kernel. We use our prototype to compare the new algorithm to existing MP-TCP algorithms.}, number = {1}, journal = {IEEE/ACM Transactions on Networking}, author = {Peng, Q. and Walid, A. and Hwang, J. and Low, S. H.}, month = feb, year = {2016}, note = {Conference Name: IEEE/ACM Transactions on Networking}, keywords = {multipath TCP, Aggregates, Algorithm design and analysis, Asymptotic stability, balanced linked adaptation, Balia algorithm, Computer networks, convergence, Heuristic algorithms, Linux kernel, MP-TCP algorithms, nonlinear dynamical systems, Oscillators, Stability analysis, TCPIP, transport protocols, Vectors, window oscillation}, pages = {596--609}, file = {IEEE Xplore Abstract Record:/home/jake/Zotero/storage/S2L269MS/7000573.html:text/html;IEEE Xplore Full Text PDF:/home/jake/Zotero/storage/9QTMKA3G/Peng et al. - 2016 - Multipath TCP Analysis, Design, and Implementatio.pdf:application/pdf}, } @misc{ofcom_performance_2020, title = {The performance of fixed-line broadband delivered to {UK} residential customers}, shorttitle = {{UK} {Home} {Broadband} {Performance}}, url = {https://www.ofcom.org.uk/research-and-data/telecoms-research/broadband-research/home-broadband-performance-2019}, abstract = {Our annual home broadband performance report compares how different broadband packages perform, using data from monitors installed on people's broadband routers.}, language = {en}, urldate = {2020-11-21}, journal = {Ofcom}, author = {Ofcom}, month = may, year = {2020}, file = {2020 - UK home broadband performance, measurement period .pdf:/home/jake/Zotero/storage/HPR3TALB/2020 - UK home broadband performance, measurement period .pdf:application/pdf;Snapshot:/home/jake/Zotero/storage/437YQTVF/home-broadband-performance-2019.html:text/html}, } @inproceedings{hacker_effects_2002, title = {The {Effects} of {Systemic} {Packet} {Loss} on {Aggregate} {TCP} {Flows}}, doi = {10.1109/SC.2002.10029}, abstract = {The use of parallel TCP connections to increase throughput for bulk transfers is common practice within the high performance computing community. However, the effectiveness, fairness, and efficiency of data transfers across parallel connections is unclear. This paper considers the impact of systemic non-congestion related packet loss on the effectiveness, fairness, and efficiency of parallel TCP transmissions. The results indicate that parallel connections are effective at increasing aggregate throughput, and increase the overall efficiency of the network bottleneck. In the presence of congestion related losses, parallel flows steal bandwidth from other single stream flows. A simple modification is presented that reduces the fairness problems when congestion is present, but retains effectiveness and efficiency.}, booktitle = {{SC} '02: {Proceedings} of the 2002 {ACM}/{IEEE} {Conference} on {Supercomputing}}, author = {Hacker, T. J. and Noble, B. D. and Athey, B. D.}, month = nov, year = {2002}, note = {ISSN: 1063-9535}, keywords = {Aggregates, Bandwidth, Biology computing, Computer hacking, Concurrent computing, High performance computing, Internet, Loss measurement, Robustness, Throughput}, pages = {7--7}, file = {IEEE Xplore Abstract Record:/home/jake/Zotero/storage/F9XVJNZS/1592843.html:text/html;IEEE Xplore Full Text PDF:/home/jake/Zotero/storage/GGX3FAK6/Hacker et al. - 2002 - The Effects of Systemic Packet Loss on Aggregate T.pdf:application/pdf}, } @inproceedings{donenfeld_wireguard_2017, address = {San Diego, CA}, title = {{WireGuard}: {Next} {Generation} {Kernel} {Network} {Tunnel}}, isbn = {978-1-891562-46-4}, shorttitle = {{WireGuard}}, url = {https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/wireguard-next-generation-kernel-network-tunnel/}, doi = {10.14722/ndss.2017.23160}, abstract = {WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual network interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use. The virtual tunnel interface is based on a proposed fundamental principle of secure tunnels: an association between a peer public key and a tunnel source IP address. It uses a single round trip key exchange, based on NoiseIK, and handles all session creation transparently to the user using a novel timer state machine mechanism. Short pre-shared static keys—Curve25519 points—are used for mutual authentication in the style of OpenSSH. The protocol provides strong perfect forward secrecy in addition to a high degree of identity hiding. Transport speed is accomplished using ChaCha20Poly1305 authenticated-encryption for encapsulation of packets in UDP. An improved take on IP-binding cookies is used for mitigating denial of service attacks, improving greatly on IKEv2 and DTLS’s cookie mechanisms to add encryption and authentication. The overall design allows for allocating no resources in response to received packets, and from a systems perspective, there are multiple interesting Linux implementation techniques for queues and parallelism. Finally, WireGuard can be simply implemented for Linux in less than 4,000 lines of code, making it easily audited and verified.}, language = {en}, urldate = {2020-11-19}, booktitle = {Proceedings 2017 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Donenfeld, Jason A.}, year = {2017}, file = {Donenfeld - 2017 - WireGuard Next Generation Kernel Network Tunnel.pdf:/home/jake/Zotero/storage/6MEQYC9J/Donenfeld - 2017 - WireGuard Next Generation Kernel Network Tunnel.pdf:application/pdf}, } @misc{schooler_sip_2002, title = {{SIP}: {Session} {Initiation} {Protocol}}, shorttitle = {{SIP}}, url = {https://tools.ietf.org/html/rfc3261}, language = {en}, urldate = {2021-04-30}, author = {Schooler, Eve and Camarillo, Gonzalo and Handley, Mark and Peterson, Jon and Rosenberg, Jonathan and Johnston, Alan and Schulzrinne, Henning and Sparks, Robert}, month = jun, year = {2002}, file = {Snapshot:/home/jake/Zotero/storage/VQKGNJGF/rfc3261.html:text/html}, } @misc{bishop_hypertext_2021, title = {Hypertext {Transfer} {Protocol} {Version} 3 ({HTTP}/3)}, url = {https://tools.ietf.org/html/draft-ietf-quic-http-34}, language = {en}, urldate = {2021-04-30}, author = {Bishop, Mike}, month = feb, year = {2021}, file = {Snapshot:/home/jake/Zotero/storage/SA5YGQGZ/draft-ietf-quic-http-34.html:text/html}, } @inproceedings{honda_understanding_2005, title = {Understanding {TCP} over {TCP}: effects of {TCP} tunneling on end-to-end throughput and latency}, volume = {6011}, shorttitle = {Understanding {TCP} over {TCP}}, url = {https://www.spiedigitallibrary.org/conference-proceedings-of-spie/6011/60110H/Understanding-TCP-over-TCP--effects-of-TCP-tunneling-on/10.1117/12.630496.short}, doi = {10.1117/12.630496}, abstract = {TCP tunnel is a technology that aggregates and transfers packets sent between end hosts as a single TCP connection. By using a TCP tunnel, the fairness among aggregated flows can be improved and several protocols can be transparently transmitted through a firewall. Currently, many applications such as SSH, VTun, and HTun use a TCP tunnel. However, since most applications running on end hosts generally use TCP, two TCP congestion controls (i.e., end-to-end TCP and tunnel TCP) operate simultaneously and interfere each other. Under certain conditions, it has been known that using a TCP tunnel severely degrades the end-to-end TCP performance. Namely, it has known that using a TCP tunnel drastically degrades the end-to-end TCP throughput for some time, which is called \textit{TCP meltdown} problem. On the contrary, under other conditions, it has been known that using a TCP tunnel significantly improves the end-to-end TCP performance. However, it is still an open issue --- how, when, and why is a TCP tunnel malicious for end-to-end TCP performance? In this paper, we therefore investigate effect of TCP tunnel on end-to-end TCP performance using simulation experiments. Specifically, we quantitatively reveal effects of several factors (e.g., the propagation delay, usage of SACK option, TCP socket buffer size, and sender buffer size of TCP tunnel) on performance of end-to-end TCP and tunnel TCP.}, urldate = {2021-04-30}, booktitle = {Performance, {Quality} of {Service}, and {Control} of {Next}-{Generation} {Communication} and {Sensor} {Networks} {III}}, publisher = {International Society for Optics and Photonics}, author = {Honda, Osamu and Ohsaki, Hiroyuki and Imase, Makoto and Ishizuka, Mika and Murayama, Junichi}, month = oct, year = {2005}, pages = {60110H}, file = {Full Text PDF:/home/jake/Zotero/storage/HZ4HF793/Honda et al. - 2005 - Understanding TCP over TCP effects of TCP tunneli.pdf:application/pdf;Snapshot:/home/jake/Zotero/storage/VQLH6I65/12.630496.html:text/html}, } @inproceedings{amin_assessing_2013, address = {Berlin, Heidelberg}, series = {Lecture {Notes} in {Computer} {Science}}, title = {Assessing the {Impact} of {Latency} and {Jitter} on the {Perceived} {Quality} of {Call} of {Duty} {Modern} {Warfare} 2}, isbn = {978-3-642-39265-8}, doi = {10.1007/978-3-642-39265-8_11}, abstract = {Jane McGonigal stated in her 2010 TED Talk that humans spend 3 billion hours a week playing video games around the planet. Americans alone devote 183 million hours per week to gaming. With numbers like these, it’s no wonder why end user demands for bandwidth have increased exponentially and the potential for network congestion is always present. We conduct a user study that focuses on the question: “How much network impairment is acceptable before users are dissatisfied?” In particular, the main objective of our study is to measure a gamer’s perceived Quality of Experience (QoE) for a real-time first person shooter (FPS) online game Call of Duty Modern Warfare 2 in presence of varied levels of network congestion. We develop a Mean Opinion Score (MOS) metric to determine each gamers’ QoE. We investigate the following hypothesis: The gamers’ perceived QoE correlates to their skill level.}, language = {en}, booktitle = {Human-{Computer} {Interaction}. {Users} and {Contexts} of {Use}}, publisher = {Springer}, author = {Amin, Rahul and Jackson, France and Gilbert, Juan E. and Martin, Jim and Shaw, Terry}, editor = {Kurosu, Masaaki}, year = {2013}, keywords = {First Person Shooter Games, Network Impairment, Online Gaming, Quality of Experience}, pages = {97--106}, file = {Springer Full Text PDF:/home/jake/Zotero/storage/QASE3YCW/Amin et al. - 2013 - Assessing the Impact of Latency and Jitter on the .pdf:application/pdf}, } @article{roychoudhuri_impact_2006, series = {Monitoring and {Measurements} of {IP} {Networks}}, title = {On the impact of loss and delay variation on {Internet} packet audio transmission}, volume = {29}, issn = {0140-3664}, url = {https://www.sciencedirect.com/science/article/pii/S0140366406001381}, doi = {10.1016/j.comcom.2006.04.004}, abstract = {The quality of audio in IP telephony is significantly influenced by various factors, including type of encoder, delay, delay variation, rate and distribution of packet loss, and type of error concealment. Hence, the performance of IP telephony systems is highly dependent on understanding the contribution of these factors to audio quality, and their impact on adaptive transport mechanisms such as error and buffer control. We conducted a large-scale audio transmission experiment over the Internet in a 12-month-period in order to evaluate the effects and the correlation of such parameters on audio transmission over IP. We have noticed that the correlation of loss and delay is not linear, but stronger correlation is observed as the delay approaches certain thresholds. We have made a number of new observations on various delay thresholds that are significant for loss prediction for adaptive audio transmission over IP networks. We also have made new observations to assess the audio quality of PCM μ-law and G.728 codecs under different loss and delay conditions. The paper provides a number of recommendations for implementing efficient adaptive FEC mechanisms based on our measurement observations and analysis.}, language = {en}, number = {10}, urldate = {2021-05-09}, journal = {Computer Communications}, author = {Roychoudhuri, Lopamudra and Al-Shaer, Ehab and Brewster, Gregory B.}, month = jun, year = {2006}, keywords = {Internet measurement, IP telephony, Monitoring, VoIP}, pages = {1578--1589}, file = {ScienceDirect Full Text PDF:/home/jake/Zotero/storage/JJSEUY94/Roychoudhuri et al. - 2006 - On the impact of loss and delay variation on Inter.pdf:application/pdf}, } @misc{damjanovic_quic_2021, title = {{QUIC} and {HTTP}/3 {Support} now in {Firefox} {Nightly} and {Beta} – {Mozilla} {Hacks} - the {Web} developer blog}, url = {https://hacks.mozilla.org/2021/04/quic-and-http-3-support-now-in-firefox-nightly-and-beta}, abstract = {Support for QUIC and HTTP/3 is now enabled by default in Firefox Nightly and Firefox Beta. HTTP/3 will be available by the end of May.}, language = {en-US}, urldate = {2021-05-12}, journal = {Mozilla Hacks – the Web developer blog}, author = {Damjanovic, Dragana}, month = apr, year = {2021}, file = {Snapshot:/home/jake/Zotero/storage/M23DUPPY/quic-and-http-3-support-now-in-firefox-nightly-and-beta.html:text/html}, } @misc{govindan_enabling_2020, title = {Enabling {QUIC} in tip-of-tree}, url = {https://groups.google.com/a/chromium.org/g/net-dev/c/5M9Z5mtvg_Y/m/iw9co1VrBQAJ?pli=1}, urldate = {2021-05-12}, author = {Govindan, Dharani}, month = apr, year = {2020}, file = {Enabling QUIC in tip-of-tree:/home/jake/Zotero/storage/YSCGU6UF/iw9co1VrBQAJ.html:text/html}, } @misc{kinnear_boost_2020, title = {Boost performance and security with modern networking - {WWDC} 2020 - {Videos}}, url = {https://developer.apple.com/videos/play/wwdc2020/10111/?time=644}, abstract = {Speed up your app and make it more nimble, private and secure with modern networking APIs. Learn about networking protocols like IPv6,...}, language = {en}, urldate = {2021-05-12}, journal = {Apple Developer}, author = {Kinnear, Eric}, month = jun, year = {2020}, file = {Snapshot:/home/jake/Zotero/storage/E4SHEITG/10111.html:text/html}, } @misc{pennarun_how_2020, title = {How {Tailscale} works}, url = {https://tailscale.com/blog/how-tailscale-works/}, abstract = {People often ask us for an overview of how Tailscale works. We\’ve been}, language = {en}, urldate = {2021-05-12}, journal = {Tailscale}, author = {Pennarun, Avery}, month = mar, year = {2020}, file = {Snapshot:/home/jake/Zotero/storage/2CCG9LH2/how-tailscale-works.html:text/html}, } @misc{torvalds_linux_2020, title = {Linux 5.6 - {Linus} {Torvalds}}, url = {https://lore.kernel.org/lkml/CAHk-=wi9ZT7Stg-uSpX0UWQzam6OP9Jzz6Xu1CkYu1cicpD5OA@mail.gmail.com/}, urldate = {2021-05-12}, author = {Torvalds, Linus}, month = mar, year = {2020}, file = {Linux 5.6 - Linus Torvalds:/home/jake/Zotero/storage/33QZKUPE/CAHk-=wi9ZT7Stg-uSpX0UWQzam6OP9Jzz6Xu1CkYu1cicpD5OA@mail.gmail.com.html:text/html}, } @article{donenfeld_formal_nodate, title = {Formal {Verification} of the {WireGuard} {Protocol}}, abstract = {WireGuard, the secure network tunnel, uses an interesting DiffieHellman authenticated key exchange protocol based on NoiseIK, custom tailored to suit its unique operational requirements. This paper enumerates the security properties of this key exchange and then explores the formal verification of such properties. The end result is a formally verified secure network tunnel protocol.}, language = {en}, author = {Donenfeld, Jason A and Milner, Kevin}, pages = {11}, file = {Donenfeld - Formal Verification of the WireGuard Protocol.pdf:/home/jake/Zotero/storage/IGVX3ECM/Donenfeld - Formal Verification of the WireGuard Protocol.pdf:application/pdf}, } @incollection{preneel_cryptographic_2018, address = {Cham}, title = {A {Cryptographic} {Analysis} of the {WireGuard} {Protocol}}, volume = {10892}, isbn = {978-3-319-93386-3 978-3-319-93387-0}, url = {http://link.springer.com/10.1007/978-3-319-93387-0_1}, abstract = {WireGuard (Donenfeld, NDSS 2017) is a recently proposed secure network tunnel operating at layer 3. WireGuard aims to replace existing tunnelling solutions like IPsec and OpenVPN, while requiring less code, being more secure, more performant, and easier to use. The cryptographic design of WireGuard is based on the Noise framework. It makes use of a key exchange component which combines long-term and ephemeral Diffie-Hellman values (along with optional preshared keys). This is followed by the use of the established keys in an AEAD construction to encapsulate IP packets in UDP. To date, WireGuard has received no rigorous security analysis. In this paper, we, rectify this. We first observe that, in order to prevent Key Compromise Impersonation (KCI) attacks, any analysis of WireGuard’s key exchange component must take into account the first AEAD ciphertext from initiator to responder. This message effectively acts as a key confirmation and makes the key exchange component of WireGuard a 1.5 RTT protocol. However, the fact that this ciphertext is computed using the established session key rules out a proof of session key indistinguishability for WireGuard’s key exchange component, limiting the degree of modularity that is achievable when analysing the protocol’s security. To overcome this proof barrier, and as an alternative to performing a monolithic analysis of the entire WireGuard protocol, we add an extra message to the protocol. This is done in a minimally invasive way that does not increase the number of round trips needed by the overall WireGuard protocol. This change enables us to prove strong authentication and key indistinguishability properties for the key exchange component of WireGuard under standard cryptographic assumptions.}, language = {en}, urldate = {2021-05-12}, booktitle = {Applied {Cryptography} and {Network} {Security}}, publisher = {Springer International Publishing}, author = {Dowling, Benjamin and Paterson, Kenneth G.}, editor = {Preneel, Bart and Vercauteren, Frederik}, year = {2018}, doi = {10.1007/978-3-319-93387-0_1}, note = {Series Title: Lecture Notes in Computer Science}, pages = {3--21}, file = {Dowling and Paterson - 2018 - A Cryptographic Analysis of the WireGuard Protocol.pdf:/home/jake/Zotero/storage/GGI6BMJF/Dowling and Paterson - 2018 - A Cryptographic Analysis of the WireGuard Protocol.pdf:application/pdf}, } @misc{donenfeld_wireguard_2020, title = {wireguard fixes for 5.6-rc7}, url = {https://lore.kernel.org/netdev/20200319003047.113501-1-Jason@zx2c4.com/}, urldate = {2021-05-12}, author = {Donenfeld, Jason A}, month = mar, year = {2020}, file = {[PATCH net 0/5] wireguard fixes for 5.6-rc7 - Jason A. Donenfeld:/home/jake/Zotero/storage/QZLP2EZP/20200319003047.113501-1-Jason@zx2c4.com.html:text/html}, } @misc{cloudflare_cloudflare_nodate, title = {Cloudflare - {The} {Web} {Performance} \& {Security} {Company}}, url = {https://www.cloudflare.com/}, abstract = {Here at Cloudflare, we make the Internet work the way it should. Offering CDN, DNS, DDoS protection and security, find out how we can help your site.}, language = {en-us}, urldate = {2021-05-12}, journal = {Cloudflare}, author = {Cloudflare, Inc.}, file = {Snapshot:/home/jake/Zotero/storage/Y9XA4G7L/www.cloudflare.com.html:text/html}, } @misc{henderson_newreno_2012, title = {The {NewReno} {Modification} to {TCP}'s {Fast} {Recovery} {Algorithm}}, url = {https://tools.ietf.org/html/rfc6582}, urldate = {2021-05-13}, author = {Henderson, T. and Floyd, S. and Gurtov, A. and Nishida, Y.}, month = apr, year = {2012}, file = {rfc6582:/home/jake/Zotero/storage/9X85DZDZ/rfc6582.html:text/html}, }