Effects of mobility and multihoming on transport-protocol security

Author

Aura, Tuomas ; Nikander, Pekka ; Camarillo, Gonzalo

Author_Institution

Microsoft Res., Cambridge, UK

fYear

2004

fDate

9-12 May 2004

Firstpage

12

Lastpage

26

Abstract

The Stream Control Transmission Protocol (SCTP) is a reliable message-based transport protocol developed by the IETF that could replace TCP in some applications. SCTP allows endpoints to have multiple IP addresses for the purposes of fault tolerance. There is on-going work to extend the SCTP multihoming functions to support dynamic addressing and endpoint mobility. This paper explains how the multihoming and mobility features can be exploited for denial-of-service attacks, connection hijacking, and packet flooding. We propose implementation guidelines for SCTP and changes to the mobility extensions that prevent most of the attacks. The same lessons apply to multihomed TCP variants and other transport-layer protocols that incorporate some flavor of dynamic addressing.

Keywords

IP networks; Internet; computer crime; message passing; mobile computing; telecommunication security; transport protocols; IP addresses; SCTP mobility; SCTP multihoming; Stream Control Transmission Protocol; connection hijacking; denial-of-service attacks; dynamic addressing; endpoint mobility; fault tolerance; message-based transport protocol; packet flooding; transport layer protocols; transport protocol security; Access protocols; Computer crime; Data security; Fault tolerance; Guidelines; Internet; Mobile communication; Proposals; TCPIP; Transport protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on

ISSN

1081-6011

Print_ISBN

0-7695-2136-3

Type

conf

DOI

10.1109/SECPRI.2004.1301312

Filename

1301312