Secure communication over diverse transports: [short paper]

Abstract

This paper describes BTP, a protocol that ensures the confidentiality, integrity, authenticity and forward secrecy of communication over diverse underlying transports, from low-latency, bidirectional transports like TCP to high-latency, unidirectional transports like DVDs sent through the mail. BTP is designed for use in censorship-resistant delay-tolerant overlays that operate over heterogeneous mixtures of underlying transports. By providing consistent security properties for a very wide range of transports, BTP simplifies the design and implementation of such overlays. Forward secrecy is achieved by establishing an initial shared secret between each pair of endpoint devices and using a one-way key derivation function to generate a series of temporary shared secrets from the initial shared secret. Once both devices have destroyed a given temporary secret, any keys derived from it cannot be re-derived if the devices are later compromised. BTP is designed to be compatible with traffic analysis prevention techniques such as traffic morphing: the protocol includes optional padding and uses no timeouts, handshakes or plaintext headers, with the goal of making it difficult to distinguish BTP from other protocols. If unlinkability between communicating devices is required, BTP can use anonymity systems such as Tor and Mixminion as underlying transports.