Evaluating the Stream Control Transmission Protocol Using Uppaal

The Stream Control Transmission Protocol (SCTP) is a Transport Layer protocol that has been proposed as an alternative to the Transmission Control Protocol (TCP) for the Internet of Things (IoT). SCTP, with its four-way handshake mechanism, claims to protect the Server from a Denial-of-Service (DoS) attack by ensuring the legitimacy of the Client, which has been a known issue pertaining to the three-way handshake of TCP. This paper compares the handshakes of TCP and SCTP to discuss its shortcomings and strengths. We present an Uppaal model of the TCP three-way handshake and SCTP four-way handshake and show that SCTP is able to cope with the presence of an Illegitimate Client, while TCP fails. The results confirm that SCTP is better equipped to deal with this type of attack.Comment: In Proceedings MARS 2017, arXiv:1703.0581

Secure Real-time Data Transmission for Drone Delivery Services using Forward Prediction Scheduling SCTP

Drone technology is considered the most effective solution for the improvement of various industrial fields. As a delivery service, drones need a secure communication system that is also able to manage all of the information data in real-time.  However, because the data transmission process occurs in a wireless network, data will be sent over a channel that is more unstable and vulnerable to attack. Thus, this research, purposes a  Forward Prediction Scheduling-based Stream Control Transmission Protocol (FPS-SCTP) scheme that is implemented on drone data transmission system. This scheme supports piggybacking, multi-streaming, and Late Messages Filter (LMF) which will improve the real-time transmission process in IEEE 802.11 wireless network. Meanwhile, on the cybersecurity aspect, this scheme provides the embedded option feature to enable the encryption mechanism using AES and the digital signatures mechanism using ECDSA. The results show that the FPS-SCTP scheme has better network performance than the default SCTP, and provides full security services with low computation time. This research contributes to providing a communication protocol scheme that is suitable for use on the internet of drones’ environment, both in real-time and reliable security levels

A new security extension for SCTP

In 2000, the Signaling Transport (SIGTRAN) working group of the IETF defined the Stream Control Transmission Protocol (SCTP) as a new transport protocol. SCTP is a new multi-purpose reliable transport protocol. Due to its various features and easy extensibility it is a valid option not only for already standardised applications but also in many new application scenarios. SCTP has several advantages over TCP and UDP. The analysis of already standardised as well as potential SCTP application scenarios clearly indicates that secure end-to-end transport is one of the crucial requirements for SCTP in the future. Up to now there exist two standardised SCTP security solutions which are called TLS over SCTP [37] and SCTP over IPSec [12]. The goal of this thesis was to evaluate existing SCTP security solutions and find an optimised and efficient security solution. Several drawbacks of the standardised SCTP security solutions identified during the analysis are mainly related to features distinguishing SCTP from TCP and UDP. To avoid these drawbacks a new security solution for SCTP, called Secure SCTP (S-SCTP), is proposed which integrates the cryptographic functions into SCTP. One main requirement was that S-SCTP should be fully compatible with standard SCTP while additionally providing strong security i.e. data confidentiality, integrity and authentication. This also means that all features, options and extensions available for standard SCTP have to be supported. Furthermore, S-SCTP should have advantages with respect to performance over all parameter ranges of SCTP and be user-friendly. To specify the S-SCTP protocol extension several new control messages and new message parameters have been defined. Furthermore, procedures for initialisation, rekeying, and termination of secure sessions have been specified and modelled in SDL. Based on an SCTP implementation available in our group and an open source implementation of TLS, TLS over SCTP and S-SCTP have been implemented. These implementations as well as an SCTP over IPSec configuration were used to do comparative performance studies in a lab testbed. These experiments show that the S-SCTP concept achieves its design goals. It supports all features and current extensions of SCTP. Furthermore, it avoids the inefficiencies of the other solutions over a wide range of application scenarios and protocol parameter settings

Introducing a novel authentication protocol for secure services in heterogeneous environments using Casper/FDR

Next Generation Networks is a convergence of networks such as 2G/3G, WLAN as well as the recently implemented Long Term Evolution (LTE) networks. Future mobile devices will switch between these different networks to maintain the connectivity with end servers. However, to support these heterogeneous environments, there is a need to consider a new design of the network infrastructure, where currently closed systems such as 3G will have to operate in an open environment. Security is a key issue in this open environment; after authenticating the mobile terminal to access the network, there is a requirement for service-level mechanisms to protect the session between the mobile terminal and the remote service provider. Furthermore, since mobile terminals switch between networks of different characteristics in terms of coverage, Quality of Service and security, there is a need for re-assessing the security of the same session over the different networks to comply with the changes at the network level due to the mobility. Therefore, this paper introduces a Service-Level Authentication and Key Agreement protocol to secure the session between the mobile terminal and the end server. The proposed protocol considers user mobilities in an heterogeneous environment and reassesses the session's security level in case of handover. The proposed protocol has been verified using formal methods approach based on the well-established Casper/FDR compilers

Seamless handover among heterogeneous mobile networks using stream control transmission protocol (SCTP)

Master'sMASTER OF ENGINEERIN

Strategies to Secure End-To-End Communication

The Stream Control Transmission Protocol (SCTP) is a fairly recent generic transport protocol with novel features, like multi-streaming, multi-homing, and an extendable architecture. This, however, prevents existing approaches to secure end-to-end connections from being used without limiting the supported SCTP features. New solutions also exist, but require extensive modifications that are difficult to realize and deploy. Hence, there is no widely deployed solution to secure SCTP-based connections. In this thesis, possible strategies to secure end-to-end SCTP connections are analyzed. For each strategy, a viable solution that does not limit the features of SCTP is presented, with a focus on deployability in terms of standardization as well as implementation. Implementations based on common open source tools are developed and used to conduct functionality and performance measurements, with simulated and real systems, to prove the usefulness of the suggested approaches