|
Abstract
|
In October 2000, the specification of SCTP (Stream Control Transmission Protocol, a new transport layer protocol) was published by the Internet Engineering Task Force (IETF). SCTP uses a cryptographic cookie mechanism to protect itself against denial-of-service attacks aiming at the association startup procedure. However, the basic idea of the cookie mechanism is not new. A similar mechanism for the TCP protocol has been proposed back in 1996 and has been implemented in the TCP protocol engines of several operating systems. The TCP SYN cookie mechanism has not been published as an RFC, probably because it does not require any changes to the existing TCP specification. This paper gives an introduction to the problem of DoS attacks against transport layer protocols and presents the basic idea of the cookie approach. The specific implementations of this idea both for TCP and SCTP are explained and compared, especially with respect to the fact that for TCP, the mechanism had to fit into the existing protocol specification, whereas for SCTP, the protocol has been designed from scratch with the cookie mechanism in mind.
|
|
Reference entry
|
Kiesel, S.
On the Use of Cryptographic Cookies for Transport Layer Connection Establishment
Beiträge zur 13. GI/ITG Fachtagung Kommunikation in Verteilten Systemen (KiVS 2003), Leipzig, February 2003
|