The Design and Implementation of Secure Socket SCTP

This paper describes the design and implementation of secure socket SCTP ((SSCTP)-S-2). (SSCTP)-S-2 is a new multi-layer, end-to-end security solution for SCTP. It uses the AUTH protocol extension of SCTP for integrity protection of both control and user messages; TLS is the proposed solution for authentication and key agreement; Data confidentiality is provided through encryption and decryption at the socket library layer. (SSCTP)-S-2 is designed to offer as much security differentiation support as possible using standardized solutions and mechanisms. En the paper, (SSCTP)-S-2 is also compared to SCTP over IPsec and TLS over SCTP in terms of packet protection, security differentiation, and message complexity. The following main conclusions can be draw from the comparison. (SSCTP)-S-2 compares favorably in terms of offered security differentiation and message overhead. Confidentiality protection of SCTP control information is, however, only offered by SCTP over IPsec.