(3.236.100.86) 您好!臺灣時間:2021/05/06 14:37
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:黃裕凱
研究生(外文):Yu-Kai Huang
論文名稱:改善SCTP之安全通訊協定
論文名稱(外文):Improved Security Protocols for SCTP
指導教授:范俊逸范俊逸引用關係
指導教授(外文):Chun-I Fan
學位類別:碩士
校院名稱:國立中山大學
系所名稱:資訊工程學系研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2009
畢業學年度:97
語文別:英文
論文頁數:49
中文關鍵詞:多重定址密碼學安全串流控制傳輸協議
外文關鍵詞:Stream Control Transmission Protocol (SCTP)CryptographyMultihomingSecurity
相關次數:
  • 被引用被引用:0
  • 點閱點閱:154
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著通訊技術的演進,桌上型電腦或是行動裝置可能同時配有多個有線的和
無線的網路介面,因此使用者需要多重定址的特性來有效的使用這些網路介面。
在2000 年12 月網際網路工程工作小組(InternetEngineering Task Force)的傳
輸工作組織(SIGTRAN Working Group)提出RFC2960,文中制訂了一種新的傳輸
協定-SCTP,包含了此一的特性。同時也因為這個特色而產生了一些安全上的漏
洞。本篇論文會提出一些方法去改良原來SCTP 架構並且解決在multihoming 所
產生的棘手問題,此外,我們也會提出一套植基於密碼學上更完善的安全保護方
案。最後,我們也會提供一個我們與其他相關的SCTP 安全解法的比較表並證實
了我們的貢獻。
With fast and prosperous development in communication technology, desktop or
mobile devices may be equipped with wired and wireless network interfaces. Hence,
users need a multihoming technique to help them making use of the network in-
terfaces effectively. The Stream Control Transmission Protocol (SCTP) is a new
transport protocol approved by the SIGTRAN Working Group of IETF (Internet
Engineering Task Force) as RFC 2960 in October 2000 where it includes this useful
characteristic. However, this feature may lead to some secure pitfalls. In this thesis,
we come up with some approaches to improve SCTP against some existing tough
problems raised from multihoming and provide more sufficient protection methods
based on cryptography. Finally, a comparison of the existing security solutions is
also given to demonstrate our contributions.
1 Introduction 1
1.1 Architecture of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Preliminaries 4
2.1 SCTP Chunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 ABORT Chunk . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 HEARTBEAT Chunk . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.3 ASCONF Chunk . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 TCP VS SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.1 TCP Connection Establishment . . . . . . . . . . . . . . . . . 5
2.2.2 SCTP Normal Association Establishment . . . . . . . . . . . . 6
2.2.3 Comparisons between SCTP and TCP . . . . . . . . . . . . . 8
2.3 Association Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4 Multihoming and Failover . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5 Some Solutions to End-to-End Security . . . . . . . . . . . . . . . . . 12
2.5.1 SCTP over IPsec . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.5.2 Secure SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3 Attacks on SCTP 15
3.1 Address Stealing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.1 Attack Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2 Association Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.1 Attack Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.3 Bombing Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3.1 Attack Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4 The Modified Four-Way Handshake Protocol 21
4.1 Normal Association Establishment . . . . . . . . . . . . . . . . . . . 21
4.2 Association Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.3 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.3.1 Address Stealing . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.3.2 Association Hijacking . . . . . . . . . . . . . . . . . . . . . . . 26
4.3.3 Address Bombing . . . . . . . . . . . . . . . . . . . . . . . . . 27
5 Our IP-Based Signature Scheme for SCTP 28
5.1 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.2 Security Analysis on IP-Based Signature Scheme for SCTP . . . . . . 33
6 Comparisons 34
7 Conclusions 37
[1] T. Aura, P. Nikander, and G. Camarillo, ”Effects of Mobility and Multihoming
on Transport-Protocol Security,” IEEE Symposium on Security and Privacy,
Berkeley, California, pp. 12-26, May 2004.
[2] S. Bellovin, J. Ioannidis, A. Keromytis, and R. Stewart, ”On the use of stream
control transmission protocol (SCTP) with IPsec,” RFC 3554, July 2003.
[3] E. Cha, H. K. Choi, and S. J. Cho, ”Evaluation of Security Protocols for the
Session Initiation Protocol,” IEEE Network, pp. 611-616, Aug. 2007
[4] P. T. Conrad, G. J. Heinz, A. L. Caro, P. D. Amer, and J. Fiore, ”SCTP in
Battlefield Networks,” Proc. IEEE MILCOM 2001, pp. 289-295, Oct. 2001.
[5] T. Dierks and C. Allen, ”The TLS Protocol,” RFC 2246, IETF, Jan. 1999.
[6] C. Hohendorf, E. P. Rathgeb, E. Unurkhaan, and M. Tuxen, ”Secure end-to-end
transport over SCTP.” Emerging Trends in Information and Communication
Security, Lecture Notes in Computer Science, vol. 1880, Springer, Berlin, pp.
381-395, 2006.
[7] A. Jungmaier, E. Rescorla and M. Tuexen, ”Transport Layer Security over
Stream Control Transmission Protocol,” RFC 3436, Dec. 2002.
[8] S˙ J. Koh, M. J. Chang, and M. L, ”mSCTP for Soft Handover in Transport
Layer,” IEEE communications letters, VOL. 8, No. 3, pp. 189-191, Mar. 2004.
[9] C. Kaufman, ”Internet Key Exchange (IKEv2) Protocol,” RFC 4306, IETF,
Dec. 2005.
[10] H. Krawczyk, M. Bellare, and R. Canetti, ”HMAC: Keyed-Hashing for Message
Authentication,” RFC 2104, IETF, Feb. 1997.
[11] S. Kent and K. Seo, ”Security Architecture for the Internet Protocol,” RFC
4301, IETF, Dec. 2005.
[12] S. Kent, ”IP Authentication Header,” RFC 4302, IETF, Dec. 2005.
[13] S. Kent, ”IP Encapsulation Security Payload (ESP),” RFC 4303, IETF, Dec.
2005.
[14] S. Lindskog and A. Brunstrom, ”An End-to-End Security Solution for SCTP,”
IEEE Availability, Reliability and Security, pp. 526-531, Mar. 2008.
[15] L. Ong and J. Yoakum, ”An Introduction to the Stream Control Transmission
Protocol (SCTP),” RFC 3286, IETF, May 2002.
[16] E. Rescorla and N. Modadugu, ”Datagram transport layer security,” RFC 4347,
IETF, Apr. 2006.
[17] R. Stewart, Q. Xie et. al., ”Stream Control Transmission Protocol,” RFC 2960,
IETF, Oct. 2000.
[18] R. Stewart, ”Stream Control Transmission Protocol,” RFC 4960, IETF, Sept.
2007.
[19] R. Stewart, Q. Xie et. al., ”Stream Control Transmission Protocol (SCTP)
Dynamic Address Reconfiguration,” RFC 5061, IETF, Sept. 2007.
[20] R Stewart, M. Tuexen, and G. Camarillo, ”Security Attacks Found Against the
Stream Control Transmission Protocol (SCTP) and Current Countermeasures,”
RFC 5062, IETF, Sep. 2007.
[21] M. Tuexen, P. Lei, and E. Rescorla, ”Authenticated Chunks for the Stream
Control Transmission Protocol (SCTP),” RFC 4895, IETF, Aug. 2007.
[22] E. Unurkhaan, E. P. Rathgeb, and A. Jungmaier, ”Secure SCTP - A Versatile
Secure Transport Protocol,” Telecommunication Systems, vol. 27, no. 2-4, pp.
273-296, 2004.
[23] SCTP Release Notes, http://docs.hp.com/en/5992-6610/5992-6610.pdf
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊
 
系統版面圖檔 系統版面圖檔