論文使用權限 Thesis access permission:校內一年後公開,校外永不公開 campus withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus:永不公開 not available
論文名稱 Title |
改善SCTP 之安全通訊協定 Improved Security Protocols for SCTP |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
49 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2009-07-07 |
繳交日期 Date of Submission |
2009-08-28 |
關鍵字 Keywords |
多重定址、密碼學、安全、串流控制傳輸協議 Stream Control Transmission Protocol (SCTP), Cryptography, Multihoming, Security |
||
統計 Statistics |
本論文已被瀏覽 5692 次,被下載 3 次 The thesis/dissertation has been browsed 5692 times, has been downloaded 3 times. |
中文摘要 |
隨著通訊技術的演進,桌上型電腦或是行動裝置可能同時配有多個有線的和 無線的網路介面,因此使用者需要多重定址的特性來有效的使用這些網路介面。 在2000 年12 月網際網路工程工作小組(InternetEngineering Task Force)的傳 輸工作組織(SIGTRAN Working Group)提出RFC2960,文中制訂了一種新的傳輸 協定-SCTP,包含了此一的特性。同時也因為這個特色而產生了一些安全上的漏 洞。本篇論文會提出一些方法去改良原來SCTP 架構並且解決在multihoming 所 產生的棘手問題,此外,我們也會提出一套植基於密碼學上更完善的安全保護方 案。最後,我們也會提供一個我們與其他相關的SCTP 安全解法的比較表並證實 了我們的貢獻。 |
Abstract |
With fast and prosperous development in communication technology, desktop or mobile devices may be equipped with wired and wireless network interfaces. Hence, users need a multihoming technique to help them making use of the network in- terfaces effectively. The Stream Control Transmission Protocol (SCTP) is a new transport protocol approved by the SIGTRAN Working Group of IETF (Internet Engineering Task Force) as RFC 2960 in October 2000 where it includes this useful characteristic. However, this feature may lead to some secure pitfalls. In this thesis, we come up with some approaches to improve SCTP against some existing tough problems raised from multihoming and provide more sufficient protection methods based on cryptography. Finally, a comparison of the existing security solutions is also given to demonstrate our contributions. |
目次 Table of Contents |
1 Introduction 1 1.1 Architecture of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Preliminaries 4 2.1 SCTP Chunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.1 ABORT Chunk . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.2 HEARTBEAT Chunk . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.3 ASCONF Chunk . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 TCP VS SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.1 TCP Connection Establishment . . . . . . . . . . . . . . . . . 5 2.2.2 SCTP Normal Association Establishment . . . . . . . . . . . . 6 2.2.3 Comparisons between SCTP and TCP . . . . . . . . . . . . . 8 2.3 Association Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4 Multihoming and Failover . . . . . . . . . . . . . . . . . . . . . . . . 11 2.5 Some Solutions to End-to-End Security . . . . . . . . . . . . . . . . . 12 2.5.1 SCTP over IPsec . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.5.2 Secure SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3 Attacks on SCTP 15 3.1 Address Stealing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.1.1 Attack Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2 Association Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.2.1 Attack Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3 Bombing Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.1 Attack Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4 The Modified Four-Way Handshake Protocol 21 4.1 Normal Association Establishment . . . . . . . . . . . . . . . . . . . 21 4.2 Association Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 4.3 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.3.1 Address Stealing . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.3.2 Association Hijacking . . . . . . . . . . . . . . . . . . . . . . . 26 4.3.3 Address Bombing . . . . . . . . . . . . . . . . . . . . . . . . . 27 5 Our IP-Based Signature Scheme for SCTP 28 5.1 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 28 5.2 Security Analysis on IP-Based Signature Scheme for SCTP . . . . . . 33 6 Comparisons 34 7 Conclusions 37 |
參考文獻 References |
[1] T. Aura, P. Nikander, and G. Camarillo, ”Effects of Mobility and Multihoming on Transport-Protocol Security,” IEEE Symposium on Security and Privacy, Berkeley, California, pp. 12-26, May 2004. [2] S. Bellovin, J. Ioannidis, A. Keromytis, and R. Stewart, ”On the use of stream control transmission protocol (SCTP) with IPsec,” RFC 3554, July 2003. [3] E. Cha, H. K. Choi, and S. J. Cho, ”Evaluation of Security Protocols for the Session Initiation Protocol,” IEEE Network, pp. 611-616, Aug. 2007 [4] P. T. Conrad, G. J. Heinz, A. L. Caro, P. D. Amer, and J. Fiore, ”SCTP in Battlefield Networks,” Proc. IEEE MILCOM 2001, pp. 289-295, Oct. 2001. [5] T. Dierks and C. Allen, ”The TLS Protocol,” RFC 2246, IETF, Jan. 1999. [6] C. Hohendorf, E. P. Rathgeb, E. Unurkhaan, and M. Tuxen, ”Secure end-to-end transport over SCTP.” Emerging Trends in Information and Communication Security, Lecture Notes in Computer Science, vol. 1880, Springer, Berlin, pp. 381-395, 2006. [7] A. Jungmaier, E. Rescorla and M. Tuexen, ”Transport Layer Security over Stream Control Transmission Protocol,” RFC 3436, Dec. 2002. [8] S˙ J. Koh, M. J. Chang, and M. L, ”mSCTP for Soft Handover in Transport Layer,” IEEE communications letters, VOL. 8, No. 3, pp. 189-191, Mar. 2004. [9] C. Kaufman, ”Internet Key Exchange (IKEv2) Protocol,” RFC 4306, IETF, Dec. 2005. [10] H. Krawczyk, M. Bellare, and R. Canetti, ”HMAC: Keyed-Hashing for Message Authentication,” RFC 2104, IETF, Feb. 1997. [11] S. Kent and K. Seo, ”Security Architecture for the Internet Protocol,” RFC 4301, IETF, Dec. 2005. [12] S. Kent, ”IP Authentication Header,” RFC 4302, IETF, Dec. 2005. [13] S. Kent, ”IP Encapsulation Security Payload (ESP),” RFC 4303, IETF, Dec. 2005. [14] S. Lindskog and A. Brunstrom, ”An End-to-End Security Solution for SCTP,” IEEE Availability, Reliability and Security, pp. 526-531, Mar. 2008. [15] L. Ong and J. Yoakum, ”An Introduction to the Stream Control Transmission Protocol (SCTP),” RFC 3286, IETF, May 2002. [16] E. Rescorla and N. Modadugu, ”Datagram transport layer security,” RFC 4347, IETF, Apr. 2006. [17] R. Stewart, Q. Xie et. al., ”Stream Control Transmission Protocol,” RFC 2960, IETF, Oct. 2000. [18] R. Stewart, ”Stream Control Transmission Protocol,” RFC 4960, IETF, Sept. 2007. [19] R. Stewart, Q. Xie et. al., ”Stream Control Transmission Protocol (SCTP) Dynamic Address Reconfiguration,” RFC 5061, IETF, Sept. 2007. [20] R Stewart, M. Tuexen, and G. Camarillo, ”Security Attacks Found Against the Stream Control Transmission Protocol (SCTP) and Current Countermeasures,” RFC 5062, IETF, Sep. 2007. [21] M. Tuexen, P. Lei, and E. Rescorla, ”Authenticated Chunks for the Stream Control Transmission Protocol (SCTP),” RFC 4895, IETF, Aug. 2007. [22] E. Unurkhaan, E. P. Rathgeb, and A. Jungmaier, ”Secure SCTP - A Versatile Secure Transport Protocol,” Telecommunication Systems, vol. 27, no. 2-4, pp. 273-296, 2004. [23] SCTP Release Notes, http://docs.hp.com/en/5992-6610/5992-6610.pdf |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:校內一年後公開,校外永不公開 campus withheld 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus:永不公開 not available 您的 IP(校外) 位址是 3.133.144.197 論文開放下載的時間是 校外不公開 Your IP address is 3.133.144.197 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |