论文信息 - A Robust Stream Control Transmission Protocol (SCTP)-Based Authentication Protocol

A Robust Stream Control Transmission Protocol (SCTP)-Based Authentication Protocol

Among the Stream Control Transmission Protocol (SCTP)’s features that make it more robust and efficient than other transport layer protocols, are Multihoming and multistreaming. However, these assets make it more more vulnerable under several attacks. Several researches have been trying to secure SCTP but it is obvious that these efforts can degrade the QoS (Quality of Service) by adding additional delay. Therefore, we propose in this paper a secure authentication protocol for SCTP. Our scheme is designed to protect multihoming networks with reduced number of exchanging messages, and parameters in each message and communicating nodes. We use SPAN (Security Protocol Animator) for AVISPA (Automated Validation of Internet Security Protocols and Applications) tool for analysis and validation of our scheme. The obtained validation results show that the scheme is safe.

Mohammad S. Obaidat | Faouzi Zarai | Amel Meddeb-Makhlouf | Malek Rekik

[1] Danny Dolev,et al. On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[2] Mohammad S. Obaidat,et al. An efficient design and validation technique for secure handover between 3GPP LTE and WLANs systems , 2014, J. Syst. Softw..

[3] Mohammad S. Obaidat,et al. A SCTP-based authentication protocol: SCTPAP , 2014, 2014 5th International Conference on Data Communication Networking (DCNET).

[4] Mohammad S. Obaidat,et al. Security of e-Systems and Computer Networks , 2007 .

[5] Maria-Dolores Cano. On the Use of SCTP in Wireless Networks , 2011 .

[6] Eric Rescorla,et al. Transport Layer Security over Stream Control Transmission Protocol , 2002, RFC.

[7] Eric Rescorla,et al. Authenticated Chunks for the Stream Control Transmission Protocol (SCTP) , 2007, RFC.

[8] Angelos D. Keromytis,et al. On the Use of Stream Control Transmission Protocol (SCTP) with IPsec , 2003 .