Evaluating the Stream Control Transmission Protocol Using Uppaal
This is an incremental analysis for IoT security, confirming known claims about SCTP's advantages over TCP.
This paper tackled the problem of Denial-of-Service attacks in IoT by comparing TCP and SCTP handshake mechanisms, showing that SCTP successfully copes with illegitimate clients while TCP fails.
The Stream Control Transmission Protocol (SCTP) is a Transport Layer protocol that has been proposed as an alternative to the Transmission Control Protocol (TCP) for the Internet of Things (IoT). SCTP, with its four-way handshake mechanism, claims to protect the Server from a Denial-of-Service (DoS) attack by ensuring the legitimacy of the Client, which has been a known issue pertaining to the three-way handshake of TCP. This paper compares the handshakes of TCP and SCTP to discuss its shortcomings and strengths. We present an Uppaal model of the TCP three-way handshake and SCTP four-way handshake and show that SCTP is able to cope with the presence of an Illegitimate Client, while TCP fails. The results confirm that SCTP is better equipped to deal with this type of attack.