Sponsored by
Sponsored by
Aranya QUIC Channels (AQC) is an implementation of an Aranya data plane that uses TLS with QUIC to provide security while maintaining the featureset of default QUIC connections.
AQC uses the Aranya graph to extend authority and authentication to TLS enabled QUIC connections using preshared keys. Aranya provides a Pre-shared key (PSK) to use with QUIC connections that enables a secure connection with specific endpoints. By utilizing QUIC with preshared keys, AQC allows endpoints to utilize features of QUIC such as custom congestion control, retransmission, and streams.
Off-Graph data refers to information that interacts with Aranya but is not stored within the graph structure itself. Off-graph data is distinct from on-graph data. This data:
In AQC, ephemeral commands (see the relevant spec here: aranya sessions note ) are used to establish channels and agree on encryption keys, while the data sent through those channels does not need to interact with Aranya. Once the ephemeral command is processed against the policy, it will be dropped and not added to the graph.
A channel is used to group together two devices based on specific roles or attributes. Device IDs identify the endpoints of the channel, and the topic label is an additional attribute available to manage the access and permissions for channels. Creating a channel requires that a privileged user has assigned the sender and receiver of a channel permission to use a specific label. Once the participants have permission, they can open any number of channels on a given label.
To create a channel, a device will generate an ephemeral command and automatically transfer it to the peer using an encrypted QUIC transport. An ephemeral command is one that utilizes the same policy as all other commands, but which is never added to the DAG for persistent storage. The command is given to the Aranya runtime and produces effects based on the state of the factdb, but does not modify the state of the system. Due to the fact that ephemeral commands are not stored on the graph, devices need to transmit the command through an external transport mechanism. The ephemeral command used for creating a channel includes the information required for the peers to set up the encryption keys that will be used for the channel.
Figure 5: Workflow when creating a Channel
After processing the ephemeral create channel command, Aranya returns a PSK to the client. Matching PSKs are loaded into the QUIC TLS module allowing the peers to establish a secured connection.
Once a channel has been received by the peer and the PSKs are loaded into the QUIC transport, data can be sent on an AQC channel via QUIC streams if the endpoint has permission. Each user in a channel must be granted permission to send or receive on a channel. Finally, from the channel a stream can be instantiated. This stream is a wrapper around a QUIC stream. If all permissions are met and the stream is set up, the devices can then call send or receive to use the stream.
Once a channel is no longer in use, it can be deleted. Deleting a channel involves one of the participants invoking the delete channel method. The local state of the channel is removed and that participant will no longer be able to send or receive data on the channel.
A channel is revoked if the label associated with it is revoked from one of the participants. A label revocation will close the channel for both peers.