EPFL Logo
fr|en
Login
Concept

Opportunistic encryption

Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems. Opportunistic encryption can be used to combat passive wiretapping. (an active wiretapper, on the other hand, can disrupt encryption negotiation to either force an unencrypted channel or perform a man-in-the-middle attack on the encrypted link.) It does not provide a strong level of security as authentication may be difficult to establish and secure communications are not mandatory. However, it does make the encryption of most Internet traffic easy to implement, which removes a significant impediment to the mass adoption of Internet traffic security. Opportunistic encryption on the Internet is described in "Opportunistic Encryption using the Internet Key Exchange (IKE)", "Opportunistic Security: Some Protection Most of the Time", and in "Opportunistic Security for HTTP/2". The FreeS/WAN project was one of the early proponents of OE. The effort is continued by the former freeswan developers now working on Libreswan. Libreswan aims to support different authentication hooks for Opportunistic Encryption with IPsec. Version 3.16, which was released in December 2015, had support for Opportunistic IPsec using AUTH-NULL which is based on RFC 7619. The Libreswan Project is currently working on (forward) Domain Name System Security Extensions (DNSSEC) and Kerberos support for Opportunistic IPsec. Openswan has also been ported to the OpenWrt project. Openswan used reverse DNS records to facilitate the key exchange between the systems. It is possible to use OpenVPN and networking protocols to set up dynamic VPN links which act similar to OE for specific domains. The FreeS/WAN and forks such as Openswan and strongSwan offer VPNs that can also operate in OE mode using IPsec-based technology. Obfuscated TCP is another method of implementing OE.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.