Secure SCTP – A Versatile Secure Transport Protocol

The Stream Control Transmission Protocol (SCTP) is a new general purpose transport protocol defined by the IETF. Originally intended for the transport of voice signaling data (SS7) over IP networks, SCTP together with newly defined extensions is increasingly considered for other application scenarios as well. These require strong security solutions to authenticate the communication partners and protect sensitive data with respect to integrity and confidentiality. Proposals have been issued on how to protect SCTP transport by using standard security protocols such as TLS and IPsec. However, these solutions introduce limitations or inefficiencies und thus may not be able to fully exploit the capabilities of SCTP. Therefore, we propose a security extension to SCTP named Secure SCTP (S-SCTP) to solve these issues in an efficient and user-friendly way.

[1]  Craig Metz,et al.  PF_KEY Key Management API, Version 2 , 1998, RFC.

[2]  Angelos D. Keromytis,et al.  On the Use of Stream Control Transmission Protocol (SCTP) with IPsec , 2003, RFC.

[3]  Douglas Otis,et al.  Stream Control Transmission Protocol (SCTP) Checksum Change , 2002, RFC.

[4]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[5]  Eric Rescorla,et al.  Transport Layer Security over Stream Control Transmission Protocol , 2002, RFC.

[6]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[7]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[8]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[9]  Ram Dantu,et al.  SS7 MTP2-User Peer-to-Peer Adaptation Layer , 2000 .

[10]  Ken Morneault,et al.  Signaling System 7 (SS7) Message Transfer Part 3 (MTP3) - User Adaptation Layer (M3UA) , 2002, RFC.

[11]  Stephen E. Deering,et al.  Path MTU Discovery for IP version 6 , 1996, RFC.

[12]  John Loughney,et al.  Signalling Connection Control Part User Adaptation Layer (SUA) , 2004, RFC.

[13]  Ram Dantu,et al.  Signaling System 7 (SS7) Message Transfer Part 2 (MTP2) - User Peer-to-Peer Adaptation Layer (M2PA) , 2005, RFC.

[14]  John Loughney,et al.  Security Considerations for Signaling Transport (SIGTRAN) Protocols , 2004, RFC.

[15]  A. Jungmaier,et al.  Performance evaluation of the simple control transmission protocol (SCTP) , 2000, ATM 2000. Proceedings of the IEEE Conference on High Performance Switching and Routing (Cat. No.00TH8485).

[16]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[17]  Maureen Stillman Threats Introduced by Rserpool and Requirements for Security in response to Threats , 2002 .

[18]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[19]  Donald E. Eastlake,et al.  Randomness Recommendations for Security , 1994, RFC.

[20]  Thomas Dreibholz,et al.  A new scheme for IP-based Internet-mobility , 2003, 28th Annual IEEE International Conference on Local Computer Networks, 2003. LCN '03. Proceedings..

[21]  Lixia Zhang,et al.  Stream Control Transmission Protocol , 2000, RFC.

[22]  Ian Rytina,et al.  Framework Architecture for Signaling Transport , 1999, RFC.

[23]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[24]  Ram Dantu,et al.  Signaling System 7 (SS7) Message Transfer Part 2 (MTP2) - User Adaptation Layer , 2002, RFC.

[25]  Michael Tüxen,et al.  Architecture for Reliable Server Pooling , 2006 .

[26]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[27]  Rob Adams,et al.  The ESP CBC-Mode Cipher Algorithms , 1998, RFC.

[28]  Michael A. Ramalho,et al.  Stream Control Transmission Protocol (SCTP) Partial Reliability Extension , 2004, RFC.

[29]  Randall Stewart,et al.  Enpoint Name Resolution Protocol (enrp) , 2000 .

[30]  Xu Mei Internet Key Exchange , 2003 .

[31]  Stephen E. Deering,et al.  Path MTU discovery , 1990, RFC.

[32]  Angelos D. Keromytis,et al.  On the Use of Stream Control Transmission Protocol (SCTP) with IPsec , 2003 .

[33]  Vern Paxson,et al.  TCP Congestion Control , 1999, RFC.

[34]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.