%0 Conference Paper %1 ki-2002-0020 %A Kiesel, Sebastian %B Proceedings of the 8th EUNICE Open European Summer School (EUNICE 2002) %C Trondheim, Norway %D 2002 %K %P 177--184 %T On the Use of Cryptographic Cookies for Transport Layer Connection Establishment %U http://www.ikr.uni-stuttgart.de/Content/Publications/View/FullPage.html?36358 %X In October 2000, the specification of SCTP (Stream Control Transmission Protocol, a new transport layer protocol) was published by the Internet Engineering Task Force (IETF). SCTP uses a cryptographic cookie mechanism to protect itself against denial-of-service attacks aiming at the association startup procedure. However, the basic idea of the cookie mechanism is not new. A similar mechanism for the TCP protocol has been proposed back in 1996 and has been implemented in the TCP protocol engines of several operating systems. The TCP SYN cookie mechanism has not been published as an RFC, probably because it does not require any changes to the existing TCP specification. This paper gives an introduction to the problem of DoS attacks against transport layer protocols and presents the basic idea of the cookie approach. The specific implementations of this idea both for TCP and SCTP are explained and compared, especially with respect to the fact that for TCP, the mechanism had to fit into the existing protocol specification, whereas for SCTP, the protocol has been designed from scratch with the cookie mechanism in mind.

@inproceedings{ki-2002-0020, abstract = {In October 2000, the specification of SCTP (Stream Control Transmission Protocol, a new transport layer protocol) was published by the Internet Engineering Task Force (IETF). SCTP uses a cryptographic cookie mechanism to protect itself against denial-of-service attacks aiming at the association startup procedure. However, the basic idea of the cookie mechanism is not new. A similar mechanism for the TCP protocol has been proposed back in 1996 and has been implemented in the TCP protocol engines of several operating systems. The TCP SYN cookie mechanism has not been published as an RFC, probably because it does not require any changes to the existing TCP specification. This paper gives an introduction to the problem of DoS attacks against transport layer protocols and presents the basic idea of the cookie approach. The specific implementations of this idea both for TCP and SCTP are explained and compared, especially with respect to the fact that for TCP, the mechanism had to fit into the existing protocol specification, whereas for SCTP, the protocol has been designed from scratch with the cookie mechanism in mind.}, added-at = {2023-11-17T18:29:11.000+0100}, address = {Trondheim, Norway}, author = {Kiesel, Sebastian}, biburl = {https://puma.ub.uni-stuttgart.de/bibtex/296e3f86848d57f52afda5dc7abe56386/skiesel}, booktitle = {Proceedings of the 8th EUNICE Open European Summer School (EUNICE 2002)}, interhash = {c05eb67ebab45d718b18b96a00099adc}, intrahash = {96e3f86848d57f52afda5dc7abe56386}, keywords = {}, month = sep, pages = {177--184}, pdf = {http://www.ikr.uni-stuttgart.de/Content/Publications/Archive/Ki_paper-sigtran-eunice2002_36358.pdf}, timestamp = {2023-11-17T17:29:11.000+0100}, title = {{On the Use of Cryptographic Cookies for Transport Layer Connection Establishment}}, url = {http://www.ikr.uni-stuttgart.de/Content/Publications/View/FullPage.html?36358}, year = 2002 }