In the current implementation of the Secure TCP, the session key negotiation takes place at the connection establishment phase, and session keys for the connection are not changed until the connection is closed. However, using the same key in the long period may give chances for eavesdroppers to decode data stream on the connection by using brute-force methods. In order to strengthen the Secure TCP, it is better to change session keys periodically.
There are some possible solutions to achieve this periodical session key change. One solution we are considering is to add a new TCP option to advertise new session key to the peer entity. If the peer entity receives the segment with this TCP option, then it uses the key in the option as a new session key. We are now integrating this option to the current version of the Secure TCP.