Secure SCTP
draft-hohendorf-secure-sctp-21
Network Working Group C. Hohendorf
Internet-Draft University of Duisburg-Essen
Intended status: Experimental E. Unurkhaan
Expires: July 12, 2016 Mongolian University
T. Dreibholz
Simula Research Laboratory
January 09, 2016
Secure SCTP
draft-hohendorf-secure-sctp-21.txt
Abstract
This document explains the reason for the integration of security
functionality into SCTP, and gives a short description of S-SCTP and
its services. S-SCTP is fully compatible with SCTP defined in
RFC4960, it is designed to integrate cryptographic functions into
SCTP.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 12, 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Hohendorf, et al. Expires July 12, 2016 [Page 1]
Internet-Draft Secure SCTP January 2016
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. A brief description of S-SCTP . . . . . . . . . . . . . . . . 3
4. Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Additional chunks and parameters . . . . . . . . . . . . . . 4
5.1. New type chunks and definitions . . . . . . . . . . . . . 4
5.1.1. Secure Session Open request chunk (SSOpReq) . . . . . 5
5.1.2. Secure Session Certificate chunk: (SSCert) . . . . . 8
5.1.3. Secure Session Open Acknowledge chunk (SSOpReq_Ack) . 10
5.1.4. Secure Session Server Key chunk (SSSerKey) . . . . . 11
5.1.5. Secure Session Client Key chunk (SSCliKey) . . . . . 14
5.1.6. Secure Session Open Complete chunk (SSOpCom) . . . . 16
5.1.7. Secure Session Close chunk (SSClose) . . . . . . . . 17
5.1.8. Secure Session Close Acknowledge chunk (SSClose_Ack) 18
5.1.9. Security Level Changed chunk (SecLevCHD) . . . . . . 18
5.1.10. Security Level Changed Acknowledged chunk
(SecLevCHD_Ack) . . . . . . . . . . . . . . . . . . . 19
5.1.11. Encrypted Data Chunk (EncData) . . . . . . . . . . . 19
5.1.12. Padding chunk (PADDING) . . . . . . . . . . . . . . . 20
5.1.13. Authentication chunk (AUTH) . . . . . . . . . . . . . 21
6. New Error Cause . . . . . . . . . . . . . . . . . . . . . . . 22
6.1. Secure Session failure . . . . . . . . . . . . . . . . . 22
6.2. Secure Session Certificate failure . . . . . . . . . . . 23
6.3. Decryption failure . . . . . . . . . . . . . . . . . . . 24
6.4. Authentication failure . . . . . . . . . . . . . . . . . 24
6.5. Decompression failure . . . . . . . . . . . . . . . . . . 24
7. S-SCTP packet format and security levels . . . . . . . . . . 25
8. S-SCTP data format . . . . . . . . . . . . . . . . . . . . . 25
9. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 26
9.1. Establishment of a secure session . . . . . . . . . . . . 26
9.2. Choice of cipher suite and compression method . . . . . . 28
9.3. Data transfer . . . . . . . . . . . . . . . . . . . . . . 29
9.4. Closing of a secure session . . . . . . . . . . . . . . . 30
9.5. Generation of the Master secret key . . . . . . . . . . . 30
9.6. Update of the master secret key . . . . . . . . . . . . . 31
Show full document text