Research On Key Technologies Of Secure Stream Control Transmission Protocol

SCTP is a new multi-purpose reliable transport protocol. Due to its various features andeasy extensibility such as multi-streaming, multi-homing, partially reliable delivery, dynamicaddress reconfiguration, it is a valid option not only for already standardized applications butalso in many new application scenarios. With the several advantages of SCTP for datatransmission, the new features and extensibility of SCTP bring various security vulnerabilitiesby stealing their addresses, blind connection forgery, hijack the cookie, tricks a server to flood atarget address with data, and forward associations in an unexpected way. And SCTP lacks somesecurity service to protect the privacy, confidentiality and integrity of user data. The existingsolution use standardized security protocol as TLS and IPsec to provide security function forSCTP data transmission. Due to the fact that TLS and IPsec can’s support all the features andextendible function of SCTP, the solution based on TLS and IPsec subject to variousdisadvantages and limitation, bringing obstacle to the widely-use and popularization of SCTP.In order to resolve this problem, this thesis embeds security mechanism into SCTP directly toprovide a security solution with the features of downward compatibility, strong security, highperformance, and flexibility and user friendliness for SCTP. The main research work shows asbelow.1. A secure stream control transmission protocol framework is proposed. Due to thedisadvantages and drawbacks of existing security solutions of SCTP, security mechanism isintegrated into SCTP protocol to provide a secure stream control transmission protocolframework (Sec SCTP). Compared to the existing security solution, he Sec SCTP frameworkhas various advantages and new features, such as downward compatibility, strong security, highperformance, flexibility and user friendliness and so on, providing confidentiality, integrity andauthentication cryptographic function for SCTP based data transmission. The location ofsecurity mechanism embedded into SCTP is discussed deeply. The design goals, basic conceptand work process of Sec SCTP are present at the same time in detail.2. A Sec SCTP based secure architecture is designed. Aiming at the design goals of SecSCTP and various security requirement of SCTP, a secure stream control transmission protocolis put forward based on Sec SCTP. The new type chunks, parameters and new error causes arepresent to support the security requirement of Sec SCTP. The new data format of Sec SCTP isdiscussed. At the same time, several association-related technologies such as establishment of asecure session, choice of cipher suite and compression method, data transfer, closing of a securesession, generation of the master secret key, update of the master secret key are put forward indetail. 3. A method for the establishment of SCTP association based on cookie mechanism andverification tag is proposed. Due to the drawbacks of vulnerabilities to address camping orstealing, blind connection forgery, a method for the establishment of SCTP association based oncookie mechanism and verification tag is proposed after the analysis of SCTP’s associationestablishment. Cookie mechanism is introduced into the association establishment withcryptological signature. While hash function is used to digest the verification tag so as toauthenticate the client. Cookie mechanism and verification tag are integrated together to securethe establishment of SCTP association. The security analysis indicates that the novel method forthe establishment of association is effective against address camping or stealing, blindconnection forgery, association hijacking and bombing attack with low computational overhead.4. A prototype and some modules of Sec SCTP are implemented and various performanceevaluation experiments of Sec SCTP are present. Through several extensibility and change ofSCTP socket API、transmission control block and the interfaces between SCTP and upperprotocol, a prototype and corresponding modules of Sec SCT are designed and implemented.The supported security function, message complexity and transmission performance of SecSCTP are evaluated by comparing to the existing standardized security solutions. The resultsindicate that Sec SCTP can avoid the drawbacks and disadvantages of the existing securitysolutions. It’s a effective, optimized, flexible and user friendly security solution.