Abstract
This document explains the reason for the integration of security
functionality into SCTP, and gives a short description of S-SCTP and
its services. S-SCTP is fully compatible with SCTP defined in
RFC4960, it is designed to integrate cryptographic functions into
SCTP.
1. Introduction
SCTP is a message oriented reliable transmission protocol which works
on top of the IP-based network. It provides several advantages over
other transmission protocols, such as TCP and UDP over IP. One of
the advantages is multistreaming -- user data transported by
individual streams. When multistreaming is used, network blocking
can be avoided in certain cases (e.g. network loss). Also, SCTP
supports multihoming -- the endpoints support multiple IP addresses.
SCTP provides unordered delivery, so that a receiver immediately
delivers user data to the upper layers upon receipt. For more
details, see RFC4960 [RFC4960].
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. A brief description of S-SCTP
S-SCTP provides security functionalities in the transport layer
without the need for any other security protocols (e.g. TLS or IP-
sec). Normally, a data transport over SCTP can either be secured
with TLS or can be protected by IPsec. As both TLS over SCTP and
SCTP over IPsec have disadvantages in certain scenarios, it is
preferable to integrate cryptographic functions into SCTP.
The main issues for the security solutions TLS over SCTP RFC3436
[RFC3436] and SCTP over IPSec RFC3554 [RFC3554] is scalability with
the number of streams. For N secure streams, N TLS connections have
to be created, and N handshakes have to be performed. If N is small,
this is not a big issue, but as N grows larger, it becomes a problem
because a handshake is a slow and expensive process. So, when an
application performs N handshakes, the load in terms of memory use,
CPU use etc. increases linearly over time. This problem could be
overcome by using IPsec. However, IPsec is not so flexible and on
the other hand SCTP over IPsec has to establish new security
associations (SA) for newly added IP addresses in dynamic address
reconfiguration scenario. In this case, the application has to
configure a new SA and to negotiate a new key exchange.
4. Key terms
This part gives the definitions of the key terms, which are used in
o Secure session: This is the session, which provides the security
functionalities for an established SCTP association.
o Master secret key: S-SCTP uses two kinds of secret keys. One is
the secret key for the S-SCTP packet authentication, and the other
is the secret key for the data encryption and decryption.
o Cipher suite: This is the suite of cryptographic algorithms, which
are used for key exchange, data encryption/decryption and the
packet authentication.
o Pre-enc-data: This is the collection of the data chunks, which
requires encryption. The data chunks are concatenated together
and create pre-enc-data. Pre-enc-data may include the padding
chunk.
o Cipher suite sequence: This is the bundle of cipher suites chosen
by an endpoint from the supported cipher suites.
read more..........http://tools.ietf.org/html/draft-hohendorf-secure-sctp-15