STCP – A Safer Way to Connect Over the Internet
Built with Rust, Integrated into Linux
When today’s network protocols were originally designed, security was not the default.
STCP (Secure TCP), developed by Paxsudos IT, brings encryption and authentication directly into the core of the connection layer — now also running inside the Linux kernel, implemented in Rust.
In simple terms: security is built in from the start, not added later as an extra layer.
TL;DR:
STCP (Secure TCP) is Paxsudos IT’s new networking protocol designed to build strong encryption directly into the connection layer — without requiring the end user to understand or manage encryption at all.
The first proof of concept was built in Dart, but the core of the protocol has since been rewritten in Rust and implemented as a working Linux kernel module. This makes STCP both easy to use and highly secure, well suited for modern IoT and server environments.
How project got started ?
The project started from a simple idea: to build an encrypted protocol that does not require the user to understand cryptography. The first proof of concept (POC) was implemented in Dart — a fast and practical choice that made development quick and debugging especially easy. Through this POC, we tested the core idea, defined the protocol’s boundaries, and gathered valuable real-world insights before moving on to the Rust port.
Although the Dart version is not intended to run directly on IoT devices, the lessons learned from it made it possible to build the actual production version safely and efficiently as a kernel-level implementation.
Why kernel-module ?
The kernel-level implementation provides two major benefits:
Easy adoption:
STCP exposes a TCP-like interface. Because it is integrated directly into the operating system, it can be adopted easily in existing systems without major changes.
Efficiency and security:
Running inside the kernel reduces context switches and enables lower latency, while built-in encryption keeps all connections secure.
Rust was chosen as the implementation language because it enables a safe, native, and modern solution — even at the kernel level — without the traditional risks of memory-related errors.
Architecture and API
The STCP architecture is designed so that only a very thin C layer exists inside the kernel. C acts purely as a bridge between the Linux kernel and the Rust logic, while the actual protocol implementation lives in Rust. This means:
The kernel is essentially “unaware” of the protocol’s internal details — it only provides interfaces and forwards calls to Rust.
Rust handles encryption, key exchange, and all message processing.
C code is limited to a small loadable kernel module (LKM) surface: initialization, cleanup, registration, and ABI bridges.
This structure keeps the kernel clean and minimizes the amount of C code, making the system easier to maintain, review, and audit.
Security: How does the STCP protect your connections
STCP is designed to be difficult to break:
Dynamic key exchange:
There are no static keys or pre-shared secrets stored on devices. All keys are generated and exchanged dynamically.
X25519 + AES-GCM:
Modern elliptic-curve key exchange combined with AES-GCM provides strong, up-to-date cryptography.
Per-message encryption:
Each message can use its own encryption key and authentication tag, making both passive eavesdropping and active tampering extremely difficult.
The result is a protocol that delivers strong, end-to-end–style security without requiring users to manage keys or configuration themselves.
Use in production: easy & painless?
STCP is designed to be as easy to use as possible:
The compiled module is simply loaded into the kernel as a standard kernel module.
On the user’s system, only a small change is needed — for example, selecting a new protocol number (such as
IPPROTO_STCP = 253) or enabling support through configuration. Applications can continue using the familiar socket interface.In most cases, no application-level changes are required. STCP works cleanly alongside existing TCP interfaces.
Because of this, STCP can be adopted easily in both server environments and embedded systems.
Future and Goals
STCP is not just a protocol — it is a vision of secure and effortless networking:
Standardization:
The long-term goal is to make STCP more widely available and potentially establish it as an official alternative in the future.
Linux integration:
Another key goal is deeper integration into the Linux networking stack, making installation and maintenance even easier.
Extensibility:
Ease of use and extensibility are core design principles. Future development includes enhanced authentication options, different key management models, and device-specific optimizations.
Together, these goals aim to make secure networking simple, practical, and accessible by default.
Summary
STCP provides a secure and easy way to transfer data. It hides the complexity of cryptography from the end user, offers modern encryption with dynamic key exchange, and is designed to run directly at the Linux kernel level using Rust — safely and efficiently.
This is only the beginning. Development continues toward official integration and wider adoption. Get in touch if you’d like to try STCP in your own environment or take part in its development.
Contact person:
Publisher: Paxsudos IT
Writer: Lauri Jakku
Keywords: STCP, Secure TCP, Rust, Linux kernel, IoT, AES-GCM, X25519, cyber-safety