Modication of Internet Key Exchange Resistant against Denial-of-service

نویسنده

Kanta Matsuura

چکیده

The rst phase of Internet Key Exchange (IKE) is an authenticated version of Di e-Hellman (DH) key-agreement. Since the authentication is computationally expensive, computational burden caused by malicious requests may exhaust the CPU resource of the target. Attackers can also abuse inappropriate use of Cookies and exhaust the memory resource of the target. In search of resistance against these Denial-ofService (DoS) attacks, this paper modi es threepass IKE Phase 1. The DoS-resistance is evaluated in terms of the computational cost and the memory cost caused by bogus requests.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols∗

We describe JFK, a new key exchange protocol, primarily designed for use in the IP Security Architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a number of novel engineering parameters that permit a variety of trade-offs, most notably the ability to balance the need for perfect forward secrecy against susceptibility to denial-of-service atta...

متن کامل

Denial of service in public key protocols

Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I present a survey of the literature on designing denial of service resistant communication protocols. I consider several different types of resources vulnerable to resource consumption attacks, and ...

متن کامل

A Denial-of-Service Resistant Public-key Authentication and Key Establishment Protocol

Network denial-ofservice attacks, which exhaust the server resources, have become a serious security threat to the Internet. Public Key Infrastructure (PU) has long been introduced in various authentication protocols to verifL the identities of the communicating parties. Although the use of PKI can present dijjculty to the denial-of service attackers, the underlying problem has not been resolve...

متن کامل

Resolution of ISAKMP/Oakley Key-Agreement Protocol Resistant against Denial-of-Service Attack

|Key-agreement protocol will play an important role as an entrance to secure communication over the Internet. Speci cally, ISAKMP(Internet Security Association and Key Management Protocol)/Oakley key-agreement is currently a leading approach for communication between two parties. Basic idea of ISAKMP/Oakley is an authenticated Di eHellman (DH) key-agreement protocol. This authentication owes a ...

متن کامل

BLIND: A Complete Identity Protection Framework for End-points

In this paper, we present a security framework that provides identity protection against active and passive attacks for end-points. The framework is based on a two-round-trip authenticated Diffie-Hellman key exchange protocol that identifies the end-points to each other and creates a security association between the peers. The protocol hides the public key based identifiers from attackers and e...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2000

Modication of Internet Key Exchange Resistant against Denial-of-service

نویسنده

چکیده

منابع مشابه

Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols∗

Denial of service in public key protocols

A Denial-of-Service Resistant Public-key Authentication and Key Establishment Protocol

Resolution of ISAKMP/Oakley Key-Agreement Protocol Resistant against Denial-of-Service Attack

BLIND: A Complete Identity Protection Framework for End-points

عنوان ژورنال:

اشتراک گذاری