Firewall traversal method by inserting pseudo TCP header into QUIC

Keigo Taga, Junjun Zheng, Koichi Mouri, Shoichi Saito, Eiji Takimoto

Research output: Contribution to journalConference article

Abstract

—A wide range of communication protocols has been developed recently to address service diversification. At the same time, firewalls(FWs) are installed at the boundary between internal networks such as those owned by companies and homes, and the Internet. In general, FWs are configured as whitelists is whitelist that release only the port corresponding to the service to be used and block communication from other ports. This means that many protocols except those well used are blocked by FWs resulting in users not being able to benefit from any new protocols. In this paper, we propose a method for traversing an FW and enabling communication by inserting a pseudo TCP header imitating HTTPS into a packet, which will be blocked by the FW. Since the packet capsulated by the proposed method disguised by HTTPS camouflaging only when passing through the FW, the TCP control of the end node is not executed, and the advantages of Quick UDP Internet Connection are not lost. In this study, we implemented the proposed method as a loadable kernel module using Netflter in Linux and verified its operation and performance.

Original languageEnglish
Pages (from-to)216-221
Number of pages6
JournalLecture Notes in Engineering and Computer Science
Volume2239
Publication statusPublished - Jan 1 2019
Event2019 International MultiConference of Engineers and Computer Scientists, IMECS 2019 - Kowloon, Hong Kong
Duration: Mar 13 2019Mar 15 2019

Fingerprint

Network protocols
Internet
Communication
Industry
Linux

All Science Journal Classification (ASJC) codes

  • Computer Science (miscellaneous)

Cite this

Firewall traversal method by inserting pseudo TCP header into QUIC. / Taga, Keigo; Zheng, Junjun; Mouri, Koichi; Saito, Shoichi; Takimoto, Eiji.

In: Lecture Notes in Engineering and Computer Science, Vol. 2239, 01.01.2019, p. 216-221.

Research output: Contribution to journalConference article

Taga, Keigo ; Zheng, Junjun ; Mouri, Koichi ; Saito, Shoichi ; Takimoto, Eiji. / Firewall traversal method by inserting pseudo TCP header into QUIC. In: Lecture Notes in Engineering and Computer Science. 2019 ; Vol. 2239. pp. 216-221.
@article{e81c514cc6ba4336b98ae2c59222c2c8,
title = "Firewall traversal method by inserting pseudo TCP header into QUIC",
abstract = "—A wide range of communication protocols has been developed recently to address service diversification. At the same time, firewalls(FWs) are installed at the boundary between internal networks such as those owned by companies and homes, and the Internet. In general, FWs are configured as whitelists is whitelist that release only the port corresponding to the service to be used and block communication from other ports. This means that many protocols except those well used are blocked by FWs resulting in users not being able to benefit from any new protocols. In this paper, we propose a method for traversing an FW and enabling communication by inserting a pseudo TCP header imitating HTTPS into a packet, which will be blocked by the FW. Since the packet capsulated by the proposed method disguised by HTTPS camouflaging only when passing through the FW, the TCP control of the end node is not executed, and the advantages of Quick UDP Internet Connection are not lost. In this study, we implemented the proposed method as a loadable kernel module using Netflter in Linux and verified its operation and performance.",
author = "Keigo Taga and Junjun Zheng and Koichi Mouri and Shoichi Saito and Eiji Takimoto",
year = "2019",
month = "1",
day = "1",
language = "English",
volume = "2239",
pages = "216--221",
journal = "Lecture Notes in Engineering and Computer Science",
issn = "2078-0958",

}

TY - JOUR

T1 - Firewall traversal method by inserting pseudo TCP header into QUIC

AU - Taga, Keigo

AU - Zheng, Junjun

AU - Mouri, Koichi

AU - Saito, Shoichi

AU - Takimoto, Eiji

PY - 2019/1/1

Y1 - 2019/1/1

N2 - —A wide range of communication protocols has been developed recently to address service diversification. At the same time, firewalls(FWs) are installed at the boundary between internal networks such as those owned by companies and homes, and the Internet. In general, FWs are configured as whitelists is whitelist that release only the port corresponding to the service to be used and block communication from other ports. This means that many protocols except those well used are blocked by FWs resulting in users not being able to benefit from any new protocols. In this paper, we propose a method for traversing an FW and enabling communication by inserting a pseudo TCP header imitating HTTPS into a packet, which will be blocked by the FW. Since the packet capsulated by the proposed method disguised by HTTPS camouflaging only when passing through the FW, the TCP control of the end node is not executed, and the advantages of Quick UDP Internet Connection are not lost. In this study, we implemented the proposed method as a loadable kernel module using Netflter in Linux and verified its operation and performance.

AB - —A wide range of communication protocols has been developed recently to address service diversification. At the same time, firewalls(FWs) are installed at the boundary between internal networks such as those owned by companies and homes, and the Internet. In general, FWs are configured as whitelists is whitelist that release only the port corresponding to the service to be used and block communication from other ports. This means that many protocols except those well used are blocked by FWs resulting in users not being able to benefit from any new protocols. In this paper, we propose a method for traversing an FW and enabling communication by inserting a pseudo TCP header imitating HTTPS into a packet, which will be blocked by the FW. Since the packet capsulated by the proposed method disguised by HTTPS camouflaging only when passing through the FW, the TCP control of the end node is not executed, and the advantages of Quick UDP Internet Connection are not lost. In this study, we implemented the proposed method as a loadable kernel module using Netflter in Linux and verified its operation and performance.

UR - http://www.scopus.com/inward/record.url?scp=85065761739&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85065761739&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:85065761739

VL - 2239

SP - 216

EP - 221

JO - Lecture Notes in Engineering and Computer Science

JF - Lecture Notes in Engineering and Computer Science

SN - 2078-0958

ER -