Secure End-to-End Transport over SCTP

  • Carsten Hohendorf
  • Erwin P. Rathgeb
  • Esbold Unurkhaan
  • Michael Tüxen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)


The Stream Control Transmission Protocol is a new transport protocol initially developed to transport signaling messages over IP networks. The new features of SCTP make it also a suitable candidate for applications which nowadays use the standard transport protocols TCP and UDP. Many of these applications have strict requirements regarding the end-to-end security. Providing end-to-end security by using IPsec or the Transport Layer Security (TLS) protocol in combination with SCTP is subject to functional and performance related limitations. These can be avoided by integrating security functions directly into SCTP (S-SCTP). Although S-SCTP in principle solves all limitations, some issues remain hindering broad deployment of this solution. Therefore, we propose an alternative solution which preserves the advantages of S-SCTP while avoiding major modifications to existing standards and operating systems.


Security Solution Stream Control Transmission Protocol Data Chunk Transport Layer Security Record Layer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Postel, J.: Transmission Control Protocol, STD7, RFC793 (September 1981)Google Scholar
  2. 2.
    Dierks, T., Allen, C.: The TLS Protocol, RFC2246 (January 1999)Google Scholar
  3. 3.
    Ong, L., Rytina, I., Garcia, M., Schwarzbauer, H., Coene, L., Lin, H., Juhasz, I., Holdrege, M., Sharp, C.: Framework Architecture for Signaling Transport, RFC2719 (October 1999)Google Scholar
  4. 4.
    Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., Paxson, V.: Stream Control Transmission Protocol, RFC2960 (October 2000)Google Scholar
  5. 5.
    Mitton, D., St.Johns, M., Barkley, S., Nelson, D., Patil, B., Stevens, M., Wolff, B.: Authentication, Authorization, and Accounting: Protocol Evaluation. RFC3127 (June 2001)Google Scholar
  6. 6.
    Tuexen, M., Xie, Q., Stewart, R., Shore, M., Ong, L., Loughney, J., Stillman, M.: Requirements for Reliable Server Pooling, RFC3237 (January 2002)Google Scholar
  7. 7.
    Ong, L., Yoakum, J.: An Introduction to the Stream Control Transmission Protocol (SCTP), RFC3286 (May 2002)Google Scholar
  8. 8.
    Jungmaier, A., Rescorla, E., Tuexen, M.: Transport Layer Security over Stream Control Transmission Protocol, RFC3436 (December 2002)Google Scholar
  9. 9.
    Bellovin, S., Ioannidis, J., Keromytis, A., Stewart, R.: On the use of Stream Control Transmission Protocol (SCTP) with IPsec, RFC3554 (July 2003)Google Scholar
  10. 10.
    Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., Conrad, P.: Stream Control Transmission Protocol (SCTP) Partial Reliability Extension, RFC3758 (May 2004)Google Scholar
  11. 11.
    Loughney, J., Tuexen, M., Pastor-Balbas, J.: Security considerations for signaling Transport (SIGTRAN) Protocols, RFC3788 (June 2004)Google Scholar
  12. 12.
    Leinen, S.: Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX), RFC3955 (October 2004)Google Scholar
  13. 13.
    Kent, S., Seo, K.: Security Architecture for the Internet Protocol, RFC4301 (December 2005)Google Scholar
  14. 14.
    Kent, S.: IP Authentication Header, RFC4302 (December 2005)Google Scholar
  15. 15.
    Kent, S.: IP Encapsulation Security Payload (ESP), RFC4303 (December 2005)Google Scholar
  16. 16.
    Kaufman, C.: Internet Key Exchange (IKEv2) Protocol, RFC4306 (December 2005)Google Scholar
  17. 17.
    Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., Conrad, P.: Stream Control Transmission Protocol (SCTP) Dynamic Address Reconfiguration, draft-ietf-tsvwg-addip-sctp-14 (work in progress) (March 2006)Google Scholar
  18. 18.
    Riegel, M., Tuexen, M.: Mobile SCTP, draft-riegel-tuexen-mobile-sctp-05 (work in progress) (July 2005)Google Scholar
  19. 19.
    Tuexen, M., Stewart, R., Lei, P., Rescorla, E.: Authenticated Chunks for Stream Control Transmission Protocol (SCTP), draft-ietf-tsvwg-sctp-auth-01 (work in progress) (October 2005)Google Scholar
  20. 20.
    Stillman, M., Gopal, R., Sengodan, S., Guttman, E., Holdrege, M.: Threats Introduced by Rserpool and Requirements for Security in response to Threats, draft-ietf-rserpool-threats-05 (work in progress) (July 2005)Google Scholar
  21. 21.
    Hohendorf, C., Unurkhaan, E., Dreibholz, T.: Secure SCTP, draft-hohendorf-secure-sctp-00 (work in progress) (July 2005)Google Scholar
  22. 22.
    Unurkhaan, E.: Secure End-to-End Transport - A new security extension for SCTP, Dissertation, University of Duisburg-Essen (June 2005)Google Scholar
  23. 23.
    Esbold, U., Rathgeb, E.P., Jungmaier, A.: Secure SCTP - A Versatile Secure Transport Protocol. Telecommunications 27(2-4), 273 (2004)CrossRefGoogle Scholar
  24. 24.
    Stewart, R., Xie, Q.: Stream Control Transmission Protocol - A Reference Guide. Addison-Wesley, Reading (2002)Google Scholar
  25. 25.
    Jungmaier, A.: SCTP for beginners (2003),
  26. 26.
  27. 27.
    Modadugu, N., Resorla, E.: The Design and Implementation of Datagram TLS. In: Network and Distributed System Security Symposium (February 2004)Google Scholar
  28. 28.
    Resorla, E., Modadugu, N.: Datagram Transport Layer Security, draft-rescorla-dtls-05.txt (June 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Carsten Hohendorf
    • 1
  • Erwin P. Rathgeb
    • 1
  • Esbold Unurkhaan
    • 2
  • Michael Tüxen
    • 3
  1. 1.Institute for Experimental Mathematics, Computer Networking Technology GroupUniversity of Duisburg-EssenEssenGermany
  2. 2.Computer Science and Management SchoolMongolian Science and Technological UniversityUlaanbaatarMongolia
  3. 3.Münster University of Applied SciencesSteinfurtGermany

Personalised recommendations