TLS the Erlang/OTP Way (Experience Report)
Authors: 
Ingela Anderton Andin, Raimo Niskanen, Péter Dimitrov, 
Kiko Fernandez-ReyesAuthors Info & Claims
Ingela Anderton Andin, Raimo Niskanen, Péter Dimitrov, Kiko Fernandez-ReyesAuthors Info & ClaimsPages 2 - 13
Abstract
The Transport Layer Security (TLS) protocol is one of the most used protocols to ensure data privacy, integrity and authenticity on the Internet. Erlang/OTP's TLS implementation is widely used in industry, and especially in the telecommunication sector.
This paper describes an overview of the TLS protocol in the context of Erlang. We explain Erlang/OTP's TLS protocol design and implementation, optimizations, a benchmark evaluation of the Erlang TLS protocol implementation against previous Erlang/OTP's TLS implementations, and a benchmark comparison against the Go's TLS implementation.
References
[1]
2023. Erlang. Kernel. Reference Manual (Version 8.5.2). inet module, setopts function. [online]. https://www.erlang.org/doc/man/inet.html#setopts-2
[2]
2023. Erlang. OTP Design Principles. User’s Guide (Version 14.0.2). [online]. https://www.erlang.org/doc/design_principles/users_guide.html
[3]
2023. Erlang. Reference Manual. Users Guide (Version 13.2.1). Distributed Erlang. [online]. https://www.erlang.org/doc/reference_manual/distributed.html
[4]
2023. Erlang. Secure Socket Layer. Users Guide (Version 10.9.1). Using TLS for Erlang Distribution. [online]. https://www.erlang.org/doc/apps/ssl/ssl_distribution.html
[5]
2023. Erlang. STDLIB Reference Manual (Version 4.3.1). gen_server module. [online]. https://www.erlang.org/doc/man/gen_server.html
[6]
2023. Erlang. STDLIB Reference Manual (Version 4.3.1). supervisor module. [online]. https://www.erlang.org/doc/man/supervisor.html
[7]
2023. MITRE: Common Vulnerabilities and Exposures (CVE). [online].
[8]
Gul A. Agha. 1990. ACTORS - a model of concurrent computation in distributed systems. MIT Press. isbn:978-0-262-01092-4
[9]
Ingela Anderton Andin. 2020. TLS the OTP Way. [online]. https://www.youtube.com/watch?v=mbJi_LQc1Rw
[10]
Joe Armstrong. 2007. A history of Erlang. In Proceedings of the Third ACM SIGPLAN History of Programming Languages Conference (HOPL-III), San Diego, California, USA, 9-10 June 2007, Barbara G. Ryder and Brent Hailpern (Eds.). ACM, 1–26. https://doi.org/10.1145/1238844.1238850
[11]
Joe Armstrong. 2007. Programming Erlang: Software for a Concurrent World. Pragmatic Bookshelf. isbn:193435600X
[12]
Joe Armstrong. 2010. Erlang. Commun. ACM, 53, 9 (2010), sep, 68–75. issn:0001-0782 https://doi.org/10.1145/1810891.1810910
[13]
Thomas Arts, John Hughes, Joakim Johansson, and Ulf T. Wiger. 2006. Testing telecoms software with quviq QuickCheck. In Proceedings of the 2006 ACM SIGPLAN Workshop on Erlang, Portland, Oregon, USA, September 16, 2006, Marc Feeley and Philip W. Trinder (Eds.). ACM, 2–10. https://doi.org/10.1145/1159789.1159792
[14]
Daniel Bleichenbacher. 1998. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1. In Advances in Cryptology - CRYPTO ’98, 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23-27, 1998, Proceedings, Hugo Krawczyk (Ed.) (Lecture Notes in Computer Science, Vol. 1462). Springer, 1–12. https://doi.org/10.1007/BFb0055716
[15]
István Bozó, Dániel Horpácsi, Zoltán Horváth, Róbert Kitlei, Judit Koszegi, Máté Tejfel, and Melinda Tóth. 2011. Refactorerl-source code analysis and refactoring in erlang. In Proceeding of the 12th Symposium on Programming Languages and Software Tools, Tallin, Estonia.
[16]
Marco M. Carvalho, Jared DeMott, Richard Ford, and David A. Wheeler. 2014. Heartbleed 101. IEEE Secur. Priv., 12, 4 (2014), 63–67. https://doi.org/10.1109/MSP.2014.66
[17]
Francesco Cesarini and Steve Vinoski. 2016. Designing for scalability with Erlang/OTP: implement robust, fault-tolerant systems. " O’Reilly Media, Inc.".
[18]
Russ Cox, Robert Griesemer, Rob Pike, Ian Lance Taylor, and Ken Thompson. 2022. The Go programming language and environment. Commun. ACM, 65, 5 (2022), 70–78. https://doi.org/10.1145/3488716
[19]
Frank S. de Boer, Vlad Serbanescu, Reiner Hähnle, Ludovic Henrio, Justine Rochas, Crystal Chang Din, Einar Broch Johnsen, Marjan Sirjani, Ehsan Khamespanah, Kiko Fernandez-Reyes, and Albert Mingkun Yang. 2017. A Survey of Active Object Languages. ACM Comput. Surv., 50, 5 (2017), 76:1–76:39. https://doi.org/10.1145/3122848
[20]
Tim Dierks and Christopher Allen. 1999. The TLS Protocol Version 1.0. RFC, 2246 (1999), 1–80. https://doi.org/10.17487/RFC2246
[21]
Tim Dierks and Eric Rescorla. 2006. The Transport Layer Security (TLS) Protocol Version 1.1. RFC, 4346 (2006), 1–87. https://doi.org/10.17487/RFC4346
[22]
Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC, 5246 (2008), 1–104. https://doi.org/10.17487/RFC5246
[23]
Alan AA Donovan and Brian W Kernighan. 2015. The Go programming language. Addison-Wesley Professional.
[24]
Viktória Fördős. 2020. Secure Design and Verification of Erlang Systems. In Proceedings of the 19th ACM SIGPLAN International Workshop on Erlang (Erlang 2020). Association for Computing Machinery, New York, NY, USA. 31–40. isbn:9781450380492 https://doi.org/10.1145/3406085.3409011
[25]
Alan O. Freier, Philip Karlton, and Paul C. Kocher. 2011. The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC, 6101 (2011), 1–67. https://doi.org/10.17487/RFC6101
[26]
Amir Ghaffari, Natalia Chechina, Phil Trinder, and Jon Meredith. 2013. Scalable Persistent Storage for Erlang: Theory and Practice. In Proceedings of the Twelfth ACM SIGPLAN Workshop on Erlang (Erlang ’13). Association for Computing Machinery, New York, NY, USA. 73–74. isbn:9781450323857 https://doi.org/10.1145/2505305.2505315
[27]
Ákos Hajdu, Matteo Marescotti, Thibault Suzanne, Ke Mao, Radu Grigore, Per Gustafsson, and Dino Distefano. 2022. InfERL: scalable and extensible Erlang static analysis. In Erlang ’22: 21st ACM SIGPLAN International Workshop on Erlang, Ljubljana, Slovenia, 11 September 2022, Stavros Aronis and Burcu Kulahcioglu Ozkan (Eds.). ACM, 33–39. https://doi.org/10.1145/3546186.3549929
[28]
R. J. M. Hughes. 1983. The design and implementation of programming languages. Ph. D. Dissertation. University of Oxford, UK. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.348018
[29]
Miguel Jimenez, Tobias Lindahl, and Konstantinos Sagonas. 2007. A language for specifying type contracts in Erlang and its interaction with success typings. In Proceedings of the 2007 ACM SIGPLAN Workshop on Erlang, Freiburg, Germany, October 5, 2007, Simon J. Thompson and Lars-Åke Fredlund (Eds.). ACM, 11–17. https://doi.org/10.1145/1292520.1292523
[30]
Richard E. Jones, Antony L. Hosking, and J. Eliot B. Moss. 2011. The Garbage Collection Handbook: The art of automatic memory management. CRC Press. isbn:978-1-4200-8279-1 http://gchandbook.org/
[31]
Simon L. Peyton Jones. 1987. The Implementation of Functional Programming Languages. Prentice-Hall.
[32]
David Kaloper-Mersinjak, Hannes Mehnert, Anil Madhavapeddy, and Peter Sewell. 2015. Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 223–238. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kaloper-mersinjak
[33]
Michael Kerrisk. 2010. The Linux programming interface: a Linux and UNIX system programming handbook. No Starch Press.
[34]
Ilya G. Klyuchnikov. 2022. eqWAlizer: scaling Erlang development at WhatsApp with static typing (keynote). In Erlang ’22: 21st ACM SIGPLAN International Workshop on Erlang, Ljubljana, Slovenia, 11 September 2022, Stavros Aronis and Burcu Kulahcioglu Ozkan (Eds.). ACM, 1. https://doi.org/10.1145/3546186.3552537
[35]
Chris Okasaki. 2004. Functional Data Structures. In Handbook of Data Structures and Applications, Dinesh P. Mehta and Sartaj Sahni (Eds.). Chapman and Hall/CRC. https://doi.org/10.1201/9781420035179.pt6
[36]
Manolis Papadakis and Konstantinos Sagonas. 2011. A PropEr integration of types and function specifications with property-based testing. In Proceedings of the 10th ACM SIGPLAN workshop on Erlang, Tokyo, Japan, September 23, 2011, Kenji Rikitake and Erik Stenman (Eds.). ACM, 39–50. https://doi.org/10.1145/2034654.2034663
[37]
Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC, 8446 (2018), 1–160. https://doi.org/10.17487/RFC8446
[38]
Eric Rescorla, Hannes Tschofenig, Thomas Fossati, and Achim Kraus. 2022. Connection Identifier for DTLS 1.2. RFC, 9146 (2022), 1–14. https://doi.org/10.17487/RFC9146
[39]
Alexandre Jorge Barbosa Rodrigues and Viktória Fördős. 2018. Towards Secure Erlang Systems. In Proceedings of the 17th ACM SIGPLAN International Workshop on Erlang (Erlang 2018). Association for Computing Machinery, New York, NY, USA. 67–70. isbn:9781450358248 https://doi.org/10.1145/3239332.3242768
[40]
Albert Schimpf, Stefan Wehr, and Annette Bieniusa. 2023. Set-Theoretic Types for Erlang. In Proceedings of the 34th Symposium on Implementation and Application of Functional Languages (IFL ’22). Association for Computing Machinery, New York, NY, USA. Article 4, 14 pages. isbn:9781450398312 https://doi.org/10.1145/3587216.3587220
[41]
Jeffrey James Stapleton. 2014. Security without obscurity: A guide to confidentiality, authentication, and integrity. CRC press.
[42]
W. R. Stoye. 1985. The implementation of functional languages using custom hardware. Ph. D. Dissertation. University of Cambridge, UK. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.355864
[43]
Kuo-Chung Tai. 1994. Definitions and Detection of Deadlock, Livelock, and Starvation in Concurrent Programs. In Proceedings of the 1994 International Conference on Parallel Processing, North Carolina State University, NC, USA, August 15-19, 1994. Volume II: Software, K. C. Tai (Ed.). CRC Press, 69–72. https://doi.org/10.1109/ICPP.1994.84
[44]
Ferdinand Wagner, Ruedi Schmuki, Thomas Wagner, and Peter Wolstenholme. 2006. Modeling software with finite state machines: a practical approach. CRC Press.
Index Terms
- TLS the Erlang/OTP Way (Experience Report)
Recommendations
Verification of timed erlang/OTP components using the process algebra μcrl
ERLANG '07: Proceedings of the 2007 SIGPLAN workshop on ERLANG WorkshopRecent work has looked at how Erlang programs could be model-checked via translation into the process algebra μCRL. Rules for translating Erlang programs and OTP components into μCRL have been defined and investigated. However, in the existing work, no ...
Verifying Erlang/OTP Components in μCRL
FORTE '07: Proceedings of the 27th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed SystemsErlang is a concurrent functional programming language with explicit support for real-time and fault-tolerant distributed systems. Generic components encapsulated as design patterns are provided by the Open Telecom Platform (OTP) library. Although ...
Experience report: erlang in acoustic ray tracing
ICFP '08We investigated the relative merits of C++ and Erlang in the implementation of a parallel acoustic ray tracing algorithm for the U.S. Navy. We found a much smaller learning curve and better debugging environment for parallel Erlang than for pthreads-...
Comments
Information & Contributors
Information
Published In
August 2023
38 pages
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 31 August 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
Erlang '23
Sponsor:
Acceptance Rates
Overall Acceptance Rate 51 of 68 submissions, 75%
Upcoming Conference
ICFP '25
- Sponsor:
- sigplan
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 79Total Downloads
- Downloads (Last 12 months)29
- Downloads (Last 6 weeks)1
Reflects downloads up to 12 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in