Hiding information in a Stream Control Transmission Protocol

a b s t r a c t The STCP (Stream Control Transmission Protocol) is a candidate for a new transport layer protocol that may replace the TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol) protocols in future IP networks. Currently, the SCTP is implemented in, or can be added to, many popular operating systems (Windows, BSD, Linux, HP-UX or Sun Solaris). This paper identifies and presents the most likely ''places'' where hidden information can be exchanged using an SCTP. The paper focuses mostly on proposing new steganographic methods that can be applied to an SCTP and that can utilise new, characteristic SCTP features, such as multi-homing and multi-streaming. Moreover, for each method, the countermeasure is covered. When used with malicious intent, a method may pose a threat to network security. Knowledge about potential SCTP steganographic methods may be used as a supplement to RFC5062, which describes security attacks in an SCTP protocol. Presented in this paper is a complete analysis of information hiding in an SCTP, and this analysis can be treated as a ''guide'' when developing steganalysis (detection) tools

A new security extension for SCTP

In 2000, the Signaling Transport (SIGTRAN) working group of the IETF defined the Stream Control Transmission Protocol (SCTP) as a new transport protocol. SCTP is a new multi-purpose reliable transport protocol. Due to its various features and easy extensibility it is a valid option not only for already standardised applications but also in many new application scenarios. SCTP has several advantages over TCP and UDP. The analysis of already standardised as well as potential SCTP application scenarios clearly indicates that secure end-to-end transport is one of the crucial requirements for SCTP in the future. Up to now there exist two standardised SCTP security solutions which are called TLS over SCTP [37] and SCTP over IPSec [12]. The goal of this thesis was to evaluate existing SCTP security solutions and find an optimised and efficient security solution. Several drawbacks of the standardised SCTP security solutions identified during the analysis are mainly related to features distinguishing SCTP from TCP and UDP. To avoid these drawbacks a new security solution for SCTP, called Secure SCTP (S-SCTP), is proposed which integrates the cryptographic functions into SCTP. One main requirement was that S-SCTP should be fully compatible with standard SCTP while additionally providing strong security i.e. data confidentiality, integrity and authentication. This also means that all features, options and extensions available for standard SCTP have to be supported. Furthermore, S-SCTP should have advantages with respect to performance over all parameter ranges of SCTP and be user-friendly. To specify the S-SCTP protocol extension several new control messages and new message parameters have been defined. Furthermore, procedures for initialisation, rekeying, and termination of secure sessions have been specified and modelled in SDL. Based on an SCTP implementation available in our group and an open source implementation of TLS, TLS over SCTP and S-SCTP have been implemented. These implementations as well as an SCTP over IPSec configuration were used to do comparative performance studies in a lab testbed. These experiments show that the S-SCTP concept achieves its design goals. It supports all features and current extensions of SCTP. Furthermore, it avoids the inefficiencies of the other solutions over a wide range of application scenarios and protocol parameter settings

Delay-centric handover in SCTP

The introduction of the Stream Control Transmission Protocol (SCTP) has opened the possibility of a mobile aware transport protocol. The multihoming feature of SCTP negates the need for a solution such as Mobile IP and, as SCTP is a transport layer protocol, it adds no complexity to the network. Utilizing the handover procedure of SCTP, the large bandwidth of WLAN can be exploited whilst in the coverage of a hotspot, and still retain the 3G connection for when the user roams out of the hotspot’s range. All this functionality is provided at the transport layer and is transparent to the end user, something that is still important in non-mobile-aware legacy applications. However, there is one drawback to this scenario - the current handover scheme implemented in SCTP is failure-centric in nature. Handover is only performed in the presence of primary destination address failure. This dissertation proposes a new scheme for performing handover using SCTP. The handover scheme being proposed employs an aggressive polling of all destination addresses within an individual SCTP association in order to determine the round trip delay to each of these addresses. It then performs handover based on these measured path delays. This delay-centric approach does not incur the penalty associated with the current failover-based scheme, namely a number of timeouts before handover is performed. In some cases the proposed scheme can actually preempt the path failure, and perform handover before it occurs. The proposed scheme has been evaluated through simulation, emulation, and within the context of a wireless environment

SCTP - Evaluating, Improving and Extending the Protocol for Broader Deployment

Zugriff auf den Volltext ist gesperrt, neue Version unter DuEPublico-ID 35000 The Stream Control Transmission Protocol (SCTP), originally designed for the transport of signaling messages over IP based telephony signaling networks, is a general transport protocol with features suitable for a variety of applications that can benefit from multihoming, multiple streams, or one of SCTP’s numerous extensions. To date, SCTP has found its way into all kernel implementations of UNIX derivatives and a Windows prototype, but there are still flaws, which have to be identified and corrected. In this thesis, first, a suite of tools consisting of an SCTP simulation and testing environment is provided to lay the groundwork for further studies. Starting from comparing and analyzing kernel implementations, several aspects of the protocol that lead to undesirable behavior are examined. Congestion and flow control that are adopted from the Transmission Control Protocol (TCP), although using the same mechanisms, need a special treatment because of SCTP’s message orientation. The analysis of the SCTP specific characteristics with the help of the simulation will finally result in solutions that lead to a better performance. The deployment of SCTP will be another concern that can be improved by introducing a specific Network Address Translation (NAT) for SCTP.Zugriff auf den Volltext ist gesperrt, neue Version unter DuEPublico-ID 35000 Das Stream Control Transmission Protocol (SCTP) wurde ursprünglich für den Transport von Signalisierungsnachrichten über IP basierte Netze konzipiert. Inzwischen hat es sich jedoch zu einem allgemeinen Transportprotokoll entwickelt, das einzigartige Eigenschaften besitzt. Daher ist es besonders für Anwendungen interessant, die von mehreren Netzwerkadressen pro Verbindung (Multihoming), mehreren unabhängigen Nachrichtenströmen oder einer der zahlreichen Protokollerweiterungen profitieren können. Mittlerweile hat SCTP in die Betriebssystemkerne aller UNIX-Derivate und eines Windows Prototyps Einzug gehalten, aber es gibt noch Mängel, deren Ursachen es zu entdecken und zu korrigieren gilt. In dieser Dissertation wird zunächst eine Reihe von Werkzeugen bereitgestellt, um die Grundlage für weitere Untersuchungen zu schaffen. Ausgehend von der Analyse und dem Vergleich von Implementierungen im Systemkern verschiedener Betriebssysteme werden einige Aspekte des Protokolls untersucht, die zu unerwünschtem Verhalten führen. Die Prinzipien der Überlast- und Flusskontrolle wurden vom stream-orientierten Transmission Control Protocol (TCP) übernommen und benutzen daher dieselben Mechanismen. SCTP als nachrichtenorientiertes Protokoll benötigt jedoch eine diesem Unterschied Rechnung tragende Implementierung der Algorithmen. Die Analyse von SCTP-spezifischen Charakteristika mithilfe der Simulation wird schließlich zu Lösungen führen und zu einer Verbesserung des Durchsatzes. Ein weiteres Anliegen dieser Arbeit ist die Verbreitung von SCTP. Sie kann durch die Einführung einer SCTP-spezifischen Methode zur Umsetzung von Netzwerkadressen (Network Address Translation (NAT)) verbessert werden

Softswitch: el núcleo de las redes convergentes

La infraestructura de las comunicaciones públicas conmutadas en la actualidad consiste en una variedad de diferentes redes, tecnologías y sistemas, la mayoría de las cuales se basan sobre estructuras de conmutación de circuitos. La tecnología evoluciona hacia redes basadas en paquetes y los proveedores de servicio necesitan la habilidad para interconectar sus clientes sin perder la fiabilidad, conveniencia y funcionalidad de las redes telefónicas públicas conmutadas. La tecnología Softswitch resulta de enfocar estas necesidades. La evolución de las redes de comunicaciones públicas nos sitúa en las redes de conmutación de circuitos que predominan en la actualidad, como la red pública telefónica conmutada. Sin embargo, la próxima generación de redes nos transportará a redes convergentes basadas en paquetes como la red Internet. La idea es proporcionar una diversidad de servicios de comunicaciones basados en IP2 equivalentes a los servicios de redes tradicionales por su calidad y facilidad de uso. En dichas redes convergentes, actuales y futuras, se tienen que fijar las normas, y los protocolos que permitan ofrecer un rango completo de servicios de calidad sobre redes de paquetes. La definición de un estándar común es fundamental para permitir la configuración, gestión y despliegue de servicios extremo a extremo con calidad de operador sobre redes multi-vendedor y en un entorno de inter-funcionamiento con distintos operadores

NGN-laboratorion verkkoliitännät

Työssä selvitettiin, miten Satakunnan ammattikorkeakoulun NGN-laboratorion verkosta voidaan tarjota palveluliitäntöjä kolmansille osapuolille. Mahdollisia palveluita olisivat esim. NGN-laboratorion älyverkkoliitäntä IN– ja CAMEL-pyynnöille, GSM-viestikeskusliitäntä, kansainvälinen verkkovierailu tai etäälle sijoitettava tukiasema. Työssä oleellinen osa oli tunnistaa palvelut, sekä selvittää tapa jolla toteuttaa niiden vaatimat yhteydet, perustuen standardiratkaisuihin, kuten SIGTRAN tai CESoPSN.This thesis investigated how to provide service connections to third parties from the NGN laboratory. Potential services could be for example the Intelligent Network access for IN and CAMEL requests, access to SMSC, international GSM roaming or a remote base station. It was essential to recognise these services and find out how those connections are realised based on standard solutions like SIGTRAN or CESoPSN

Strategies to Secure End-To-End Communication

The Stream Control Transmission Protocol (SCTP) is a fairly recent generic transport protocol with novel features, like multi-streaming, multi-homing, and an extendable architecture. This, however, prevents existing approaches to secure end-to-end connections from being used without limiting the supported SCTP features. New solutions also exist, but require extensive modifications that are difficult to realize and deploy. Hence, there is no widely deployed solution to secure SCTP-based connections. In this thesis, possible strategies to secure end-to-end SCTP connections are analyzed. For each strategy, a viable solution that does not limit the features of SCTP is presented, with a focus on deployability in terms of standardization as well as implementation. Implementations based on common open source tools are developed and used to conduct functionality and performance measurements, with simulated and real systems, to prove the usefulness of the suggested approaches

Leistungsbewertung und Optimierung eines neuen Transportprotokolls

Das Stream Control Transmission Protocol (SCTP) wurde als Basis f¨ur den effizienten Transport von Signalisierungsnachrichten aus dem Zentralen Zeichengabesystem No.7 (SS7) über IP-basierte Netze entwickelt. SCTP ist ein generisches Vielzweck-Transportprotokoll, welches verbindungsorientiert operiert und eine zuverlässige, nachrichtenorientierte Datenübertragung bietet. So unterstützt es mehrere unabh¨angige Nachrichtenströme in einer Verbindung sowie flexible Zustellmechanismen. Im Gegensatz zu TCP unterst¨utzt SCTP mehrere Netzadressen pro Verbindung (Multihoming), und aus diesem Grund sind SCTP-Endpunkte ¨uber mehrere – möglicherweise redundante – Netzwerkpfade erreichbar. In der vorliegenden Dissertation wurde das Verhalten und die Leistungsfähigkeit des SCTP in verschiedenen Szenarien untersucht. Geeignete Werkzeuge wurden zu diesem Zweck entwickelt: in einer Testbett-Umgebung wurde eine Unixbasierte Protokollimplementation namens sctplib dazu benutzt, die Fairness von SCTP im Zusammenspiel mit TCP sowie die Eignung des SCTP f¨ur den SS7-basierten Signalisierungstransport zu untersuchen. Ein ereignisorientiertes Simulationsmodell des SCTP-Datenpfades und einiger Elemente des Kontrollpfades wurde erstellt und mit Hilfe der Ergebnisse aus den Untersuchungen im Testbett validiert. Mit einer Erweiterung dieses Modells wurden Lastverteilungsalgorithmen untersucht. Lastverteilung ist aus der Perspektive eines Netzbetreibers wünschenswert, um eine gleichm¨aßige Verteilung der Verkehrslast zu erreichen, und Spitzenlasten im Netz abzufangen. Ihre effiziente Unterstützung erfordert jedoch betr¨achtliche Protokollmodifikationen beim SCTP. Neben einer Bewertung der in der Literatur beschriebenen Lastverteilungsalgorithmen wurden eigene Modifikationen dieser Algorithmen vorgeschlagen und gleichfalls bewertet. Dabei konnte gezeigt werden, dass die beschriebenen Modifikationen zu einer Optimierung der existierenden Lastverteilungsalgorithmen führen, sowohl im Hinblick auf den Gesamtdurchsatz als auch auf die zu erwartende Nachrichtenverzögerung

Protocol security for third generation telecommunication systems

In this thesis, a novel protocol stack architecture is presented. The Future Core Networks System (FCNS) forms a secure reference model for use in packet-switched structures, with its applicability ranging from computer to telecommunication networks. An insight on currently used network protocol systems is given, analysing standardised sets of communication rules with respect to the security they afford to the messages exchanged. The lack of protection schemes for the internal protocol stack messages and the implementation pitfalls of their security architectures are described, in relation to the effects they have on the communication process. The OSI security model is also considered, with disadvantages identified in the placement of security functionality and its management. The drawbacks depicted for currently used systems form the motivation behind this work. The analysis of the FCNS follows, which is composed of three parts. In the first part, the FCNS communication layers are examined, with respect to the mechanisms used to establish, maintain and tear down a connection between peer entities. In the second part, the security mechanisms of the proposed reference architecture are given, including details on the FCNS keystream generator used for the security of the internal FCNS messages. Finally, the FCNS Error Protocol is depicted, illustrating the modes of operation and advantages it exhibits over currently used systems. The work then moves into presenting details of the software FCNS implementation, followed by the presentation of the results and measurements obtained by the case studies created. Comparisons are given in relation to the TCP/IP suite, to provide the means of identifying the FCNS applicability in various network environments. The work is concluded by presenting the FCNS functionality in delivering information for the UMTS, together with further work that may enhance the flexibility and use of the proposed architecture