Abstract
This paper describes the design of secure socket SCTP (SS-SCTP). SS-SCTP is a new end-to-end security solution that uses the AUTH extension for integrity protection of messages and TLS for mutual authentication and key negotiation. Data confidentiality is in SS-SCTP provided through encryption at the socket layer. SS-SCTP aims to offer a high degree of security differentiation based on features in the base SCTP protocol as well as in standardized extensions. The flexible message concept provided in the base protocol plays a central role in the design of SS-SCTP. In the paper, a comparison of the message complexity produced by SS-SCTP, SCTP over IPsec, and TLS over SCTP is also presented. The main conclusion that can be drawn from the comparison is that, depending on the traffic pattern, SS-SCTP produces either less or similar message overhead compared to the standardized solutions when transferring user data.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bellovin, S., Ioannidis, J., Keromytis, A., Stewart, R.: RFC 3554: On the use of stream control transmission protocol (SCTP) with IPsec (July 2003)
Chernick, C.M., Edington III, C., Fanto, M.J., Rosenthal, R.: Guidelines for the selection and use of transport layer security (TLS) implementations. National Institute of Standards and Technology (NIST) (June 2005)
Chown, P.: RFC 3268: Advanced encryption standard (AES) ciphersuites for transport layer security (TLS) (June 2002)
Dierks, T., Rescorla, E.: RFC 4346: The transport layer security (TLS) protocol version 1.1 (April 2006)
Eronen, P., Tschofenig, H.: RFC 4279: Pre-shared key ciphersuites for transport layer security (TLS) (December 2005)
Hohendorf, C., Rathgeb, E.P., Unurkhaan, E., Tüxen, M.: Secure end-to-end transport over SCTP. Journal of Computers 2(4), 31–40 (2007)
Institute of Electrical and Electronic Engineers (IEEE). Amendment 6: Medium access control (MAC) security enhancements. IEEE Std 802.11i, July 23 (2004)
Jungmair, A., Rescorla, E., Tuexen, M.: RFC 3436: Transport layer security over stream control transmission protocol (December 2002)
Kaufman, C.: RFC4306: Internet key exchange (IKEv2) protocol (December 2005)
Kent, S.: RFC4302: IP authentication header (December 2005)
Kent, S.: RFC4303: IP encapsulating security payload (ESP) (December 2005)
Kent, S., Seo, K.: RFC 4301: Security architecture for the Internet protocol (December 2005)
Lindskog, S., Brunstrom, A.: An end-to-end security solution for SCTP. In: Proceedings of the Third International Conference on Availability, Reliability and Security (ARES 2008), Barcelona, Spain, March 4–7, 2008, pp. 526–531 (2008)
Medvinsky, A., Hur, M.: RFC 2712: Addition of Kerberos cipher suites to transport layer security (TLS) (October 1999)
National Institute of Standards and Technology (NIST). Secure hash standard (August 1, 2002), http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
OpenSSL homepage (November 30, 2007), http://www.openssl.org/
Rescorla, E., Modadugu, N.: RFC 4347: Datagram transport layer security (April 2006)
Stewart, R.: RFC 4960: Stream control transmission protocol (September 2007)
Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., Conrad, P.: RFC 3578: Stream control transmission protocol (SCTP) partial reliability extension (May 2004)
Stewart, R., Tuexen, M., Camarillo, G.: RFC 5062: Security attacks found against the stream control transmission protocol (SCTP) and current countermeasures (September 2007)
Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., Kozuka, M.: RFC 5061: Stream control transmission protocol (SCTP) dynamic address reconfiguration (September 2007)
Stewart, R., Xie, Q., Yarroll, L., Poon, K., Tuexen, M.: Sockets API extensions for stream control transmission protocol (SCTP), draft-ietf-tsvwg-sctpsocket-15.txt (work in progress). Expires (January 10, 2008)
Tuexen, M., Stewart, R., Lei, P.: RFC 4820: Padding chunk and parameter for the stream control transmission protocol (SCTP) (March 2007)
Tuexen, M., Stewart, R., Lei, P., Rescorla, E.: RFC 4895: Authenticated chunks for stream control transmission protocol (SCTP) (August 2007)
Unurkhaan, E., Rathgeb, E.P., Jungmair, A.: Secure SCTP: A versatile secure transport protocol. Telecommunication Systems 27(2–4), 273–296 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lindskog, S., Brunstrom, A. (2008). The Design and Message Complexity of Secure Socket SCTP. In: Gervasi, O., Murgante, B., Laganà, A., Taniar, D., Mun, Y., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2008. ICCSA 2008. Lecture Notes in Computer Science, vol 5073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69848-7_40
Download citation
DOI: https://doi.org/10.1007/978-3-540-69848-7_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69840-1
Online ISBN: 978-3-540-69848-7
eBook Packages: Computer ScienceComputer Science (R0)