MIT unveils a new Internet protocol for mobile clients
Posted on 09 July 2012.
By exchanging TCP with UDP, two MIT researchers have managed to create the State Synchronization Protocol (SSP) - a new Internet protocol more suited to establishing and sustaining the irregular and low-bandwidth connections typical of mobile devices connecting to wireless networks - and Mosh ("mobile shell"), a remote terminal application that implements it in order to guarantee the security of such connections.

SSP and Mosh were presented at last month's 2012 USENIX Annual Technical Conference, after Mosh having been tested - and found more than adequate - by users who downloaded it for free from MIT's website since April.

So what makes SSP so fitting?

First off, the Transmission Control Protocol - used by SSH - works under the assumption that the two endpoints it connects are fixed, and that the information exchanged must be received in the same order it was sent.

Obviously, when it comes to mobile connections, at least one of the endpoints will be moving around, shifting between Wi-Fi, computer and cellular networks, and this is something that TCP isn't equipped to deal with effectively. Consequently, SSH sessions are easily lost.

Also, in real-time communications, the most important information is the most recent one.

"If there's an outage for five seconds, you don't want to wait five seconds and have to see what you missed," Keith Winstein, one of the researching duo, explained for Computerworld. "You just want it to start up again [where you are now]."

But User Datagram Protocol's stateless nature - perfect for servers answering small queries from huge numbers of clients - and its transmission model that is not concerned about receiving bytes in the right order but about synchronizing objects / receiving latest screens, makes it suitable for mobile networking.

Another thing that makes all this easier is that SSP doesn't use IP addresses to identify endpoints. Instead, it uses cryptographic credentials, which also prevent connections from being hijacked by attackers. Consequently, SSP has no problem identifying that one or more of the endpoints are on the move and keeping the connection alive.

While Mosh, the only application that currently uses SSP, may not have a definitive and brilliant future, the researchers believe that the State Synchronization Protocol does and would be perfect for applications such as GMail, GChat, Skype, and others.

For more details about Mosh and SSP, I recommend watching the fascinating presentation by Winstein and visiting MIT's Mosh website.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th