SCTP Strategies to Secure End-To-End Communication DISSERTATION to obtain the academic grade doctor rerum naturalium (Dr. rer. nat.) in Computer Science Submitted to the Faculty of Economics and Business Administration Institute for Computer Science and Business Information Systems University of Duisburg-Essen by Robin Seggelmann, M.Sc. born on July 29th, 1982, in Oelde, Germany Reviewers: 1. Prof. Dr.-Ing. Erwin P. Rathgeb 2. Prof. Dr. Bruno M¨uller-Clostermann Date of Disputation: October 22nd, 2012 Abstract The Stream Control Transmission Protocol (SCTP) is a fairly recent generic trans- port protocol with novel features, like multi-streaming, multi-homing, and an ex- tendable architecture. This, however, prevents existing approaches to secure end- to-end connections from being used without limiting the supported SCTP features. New solutions also exist, but require extensive modifications that are difficult to re- alize and deploy. Hence, there is no widely deployed solution to secure SCTP-based connections. In this thesis, possible strategies to secure end-to-end SCTP connections are analyzed. For each strategy, a viable solution that does not limit the features of SCTP is presented, with a focus on deployability in terms of standardization as well as implementation. Implementations based on common open source tools are developed and used to conduct functionality and performance measurements, with simulated and real systems, to prove the usefulness of the suggested approaches. Keywords: SCTP, Security, DTLS, SSH, Tunneling I II Acknowledgements This thesis is the result of my work as a research associate in the Network Pro- gramming Lab of the Department of Electrical Engineering and Computer Science at the M¨unster University of Applied Sciences. First and foremost, I would like to thank Prof. Dr. Erwin P. Rathgeb for his support and supervision of this thesis and his invaluable comments on my work. I also thank Prof. Dr. Bruno M¨uller-Clostermann for the review of this thesis. I would like to gratefully acknowledge the enthusiastic support and inspiration of Prof. Dr. Michael T¨uxen at the M¨unster University of Applied Sciences. Fur- thermore, I am grateful to my colleague Dr. Irene R¨ungeler, as well as Dr. Thomas Dreibholz, Martin Becke and Thomas Beermann for their assistance, the technical discussions and motivation. In addition, I would also like to thank the Deutsche Forschungsgemeinschaft (DFG) for supporting this project. III IV Contents 1 Introduction 1 1.1 Motivation . 2 1.2 Goals ................................... 3 1.3 Organization of this Work . 3 2 Network and Transport Protocols 5 2.1 InternetProtocol............................. 5 2.2 Transmission Control Protocol . 6 2.3 User Datagram Protocol . 6 2.4 Datagram Congestion Control Protocol . 6 2.5 Stream Control Transmission Protocol . 7 2.5.1 Protocol Design . 7 2.5.2 Association Setup and Teardown . 8 2.5.3 Data Transfer . 9 2.5.4 Streams . 10 2.5.4.1 Sender Scheduling . 10 2.5.4.2 Receiver Scheduling . 11 2.5.5 Multi-homing . 12 2.5.6 Notifications . 12 2.5.7 Extensions . 13 2.6 Mobility Solutions . 14 3 Security Protocols 17 3.1 InternetProtocolSecurity . 17 3.2 Transport Layer Security . 18 3.2.1 Record Layer . 19 3.2.2 Handshake and ChangeCipherSpec Protocol . 19 3.2.3 Session Resumption . 20 3.2.4 Alert Protocol . 21 3.3 Datagram Transport Layer Security . 22 3.3.1 Record Layer Modifications . 22 3.3.2 Handshake Message Modifications . 23 3.3.3 Client Verification with Cookies . 24 V 3.3.4 Handshake Reliability . 24 3.3.5 Alert Protocol . 26 3.4 SecureShell................................ 26 3.4.1 Transport Layer . 26 3.4.2 Authentication Protocol . 27 3.4.3 Connection Protocol . 28 4 Tools and Software 31 4.1 Simulation . 31 4.1.1 OMNeT++ . 32 4.1.2 INET Framework . 32 4.2 OpenSSL ................................. 33 4.2.1 Architecture . 33 4.2.2 Context Objects . 34 4.2.3 Session Objects . 34 4.2.4 Basic Input/Output Objects . 34 4.2.5 DTLS Implementation . 35 4.3 OpenSSH ................................. 35 5 Securing SCTP-based Applications 37 5.1 Security-aware Applications . 38 5.1.1 Integrated Mechanisms . 38 5.1.2 External Mechanisms . 38 5.2 Security-agnostic Applications . 39 5.2.1 Network Protocol Tunneling . 39 5.2.2 Transport Protocol Tunneling . 40 5.2.3 Application Protocol Tunneling . 41 5.3 Comparison . 42 5.4 Existing Security-aware Solutions for SCTP . 43 5.4.1 TLS over SCTP . 43 5.4.2 DTLS over SCTP . 44 5.4.3 SecureSCTP ........................... 44 5.4.4 SecureSocketSCTP ....................... 44 5.5 Existing Security-agnostic Solutions for SCTP . 45 5.5.1 Internet Protocol Security . 45 5.5.2 TLS/DTLS-based Tunneling . 45 5.6 Conclusion . 45 6 SCTP-aware DTLS 47 6.1 General Considerations . 47 6.2 Open Issues and Proposed Solutions . 47 6.2.1 Encryption and Authentication . 48 6.2.2 Ensuring Order and Reliability . 48 6.2.3 Message Loss Prevention . 49 VI 6.2.4 Renegotiations . 49 6.2.5 Shutdown............................. 50 6.2.6 Session Resumption . 51 6.2.7 Generic Adaptations . 51 6.2.8 SCTP Extensions . 52 6.3 ImplementingSCTP-awareDTLS. 53 6.3.1 Existing Implementation . 53 6.3.2 BIOObject............................ 53 6.3.3 SSLObject ............................ 54 6.4 Performance Evaluation . 55 6.4.1 Single Core Throughput Measurements . 55 6.4.2 Dual Core Throughput Measurements . 57 6.4.3 Renegotiations . 58 6.5 Optimizations . 60 6.5.1 Handshake Message Synchronization . 61 6.5.2 Avoiding Duplicate HMACs . 62 6.5.3 Allowing Multiple Epochs . 62 6.6 Conclusion . 64 7 DTLS-based Tunneling 65 7.1 General Considerations . 65 7.2 Heartbeat Extension . 66 7.3 PathMTUDiscovery........................... 67 7.4 Mobility Extension . 69 7.4.1 General Considerations . 69 7.4.2 Concept . 71 7.4.3 Security Considerations . 73 7.4.4 ICMP Considerations . 74 7.5 Implementing Heartbeats and DTLS Mobility . 75 7.6 Evaluation and Measurements . 77 7.6.1 Direct Use . 77 7.6.2 Tunneling............................. 80 7.7 Conclusion . 83 8 SSH Tunneling 85 8.1 SSH Forwarding of SCTP . 85 8.1.1 SSH Modifications . 85 8.1.2 Limitations . 87 8.2 Forwarding over SCTP . 87 8.2.1 Usage of Multi-Homing . 88 8.2.2 Usage of Multi-Streaming . 88 8.2.2.1 Security Considerations . 91 8.2.2.2 SCTP Data Chunk Header Encryption . 91 8.2.3 Stream Scheduling Considerations . 92 VII 8.2.3.1 First-Come, First-Served Scheduling . 92 8.2.3.2 Round-Robin Scheduling . 92 8.2.3.3 Fair Bandwidth Scheduling . 93 8.2.3.4 Priority Scheduling . 94 8.2.3.5 Per Packet Scheduling . 95 8.2.3.6 Preemptive Scheduling . 95 8.2.4 Congestion Control Considerations . 95 8.2.5 Flow Control Considerations . 96 8.3 Forwarding other Transport Protocols . 96 8.3.1 SCTP Forwarding Characteristics . 97 8.3.2 UDP Forwarding Characteristics . 98 8.3.3 DCCP Forwarding Characteristics . 98 8.4 Implementing Forwarding in OMNeT++/INET . 98 8.4.1 Stream Scheduling . 99 8.4.2 Forwarding Application . 99 8.5 ImplementingSSHoverSCTP . 99 8.5.1 Adding Support for SCTP . 99 8.5.2 Adding Support for Multi-Streaming . 100 8.5.3 Forwarding Other Transport Protocols . 100 8.5.4 Pluggable Schedulers in the Kernel . 100 8.6 Performance Evaluation . 101 8.6.1 Simulation and Real Setup . 101 8.6.2 Reliability with Multi-Homing . 102 8.6.3 Throughput with Multi-Homing and CMT . 104 8.6.4 Delay with Mapping Channels onto Streams . 106 8.6.5 Delay with Di↵erent Stream Schedulers . 107 8.7 Conclusion . 109 9 Conclusion 111 9.1 Achieved Results . 111 9.2 Future.