Data Enriched SACK: A Novel Acknowledgement Generation Scheme for Secure SCTP

Author

Kumar, V.A. ; Das, D.

Author_Institution

Fourth Paradigm Inst., Bangalore, India

Volume

18

Issue

12

fYear

2014

fDate

Dec. 2014

Firstpage

2109

Lastpage

2112

Abstract

The Stream Control Transmission Protocol (SCTP) is inherently vulnerable to optimistic Selective Acknowledgement (SACK) spoofing. We highlight a threat scenario in which this vulnerability is exploited for the generation of sustained and powerful Denial-of-Service attack flood over the Internet. We identify and analyze a fundamental design limitation in SCTP that leads to the above mentioned vulnerability and propose a novel acknowledgement generation scheme, called Data Enriched SACK (DESACK), to make SCTP robust against optimistic SACK spoofing. We present the design and implementation details of DESACK. The proposed scheme is experimentally implemented, tested and integrated into the SCTP framework in the Linux Kernel. We also provide real-world experimental results to demonstrate the feasibility and effectiveness of DESACK on a highly loaded multi-hop production network.

Keywords

Internet; Linux; computer network security; operating system kernels; protocols; Internet; Linux kernel; acknowledgement generation scheme; data enriched SACK; denial-of-service attack; multihop production network; selective acknowledgement; stream control transmission protocol; Internet; Payloads; Ports (Computers); Protocols; Receivers; Robustness; DESACK; Data Enriched SACK; Optimistic SACK Spoofing; SCTP; Stream Control Transmission Protocol; Stream control transmission protocol; data enriched SACK; optimistic SACK spoofing;

fLanguage

English

Journal_Title

Communications Letters, IEEE

Publisher

ieee

ISSN

1089-7798

Type

jour

DOI

10.1109/LCOMM.2014.2367109

Filename

6945805