The Design and Message Complexity of Secure Socket SCTP

摘要

This paper describes the design of secure socket SCTP (SS-SCTP). SS-SCTP is a new end-to-end security solution that uses the AUTH extension for integrity protection of messages and TLS for mutual authentication and key negotiation. Data confidentiality is in SS-SCTP provided through encryption at the socket layer. SS-SCTP aims to offer a high degree of security differentiation based on features in the base SCTP protocol as well as in standardized extensions. The flexible message concept provided in the base protocol plays a central role in the design of SS-SCTP. In the paper, a comparison of the message complexity produced by SS-SCTP, SCTP over IPsec, and TLS over SCTP is also presented. The main conclusion that can be drawn from the comparison is that, depending on the traffic pattern, SS-SCTP produces either less or similar message overhead compared to the standardized solutions when transferring user data.