An End-to-End Security Solution for SCTP

The stream control transmission protocol (SCTP) is a fairly new transport protocol that was initially designed for carrying signaling traffic in IP networks. SCTP offers a reliable end-to-end (E2E) transport. Compared to TCP, SCTP provides a much richer set of transport features such as message oriented transfer, multistreaming to handle head- of-line blocking, and multihoming for enhanced failover. These are all very attractive features, but at the same time proven hard and complex to secure for E2E transports. All existing security solutions have limitations. In this paper, a survey of existing solutions is first given. Then, an alternative solution is proposed. The proposed solution uses the new authenticated chunks for SCTP for integrity protection, TLS for key exchange and authentication, and symmetric encryption implemented at the socket layer for confidentiality protection. A qualitative comparison of the described E2E security solutions is also given.