ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Efficient authenticated key agreement protocols resistant to a denial-of-service attack
Full text PdfPdf (134 KB)
Source International Journal of Network Management archive
Volume 15 ,  Issue 3  (May 2005) table of contents
Pages: 193 - 202  
Year of Publication: 2005
ISSN:1099-1190
Author
Yuh-Min Tseng  Information Security Laboratory, Department of Mathematics, National Changhua University of Education, Jin-De Campus, Chang-Hua 500, Taiwan
Publisher
John Wiley & Sons, Inc.  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 0,   Downloads (12 Months): 16,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: 10.1002/nem.561

ABSTRACT

Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource-exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose-Matsuura protocol to reduce the computation cost. Both the Hirose-Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Roger M. Needham, Denial of service: an example, Communications of the ACM, v.37 n.11, p.42-46, Nov. 1994  [doi>10.1145/188280.188294]
 
2
Jussipekka Leiwo , Tuomas Aura , Pekka Nikander, Towards Network Denial of Service Resistant Protocols, Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures, p.301-310, August 22-24, 2000
 
3
3. Diffie W, Hellman ME. New directions in cryptography. IEEE Transactions on Information Theory 1976; IT-22(6):644-654.
 
4
4. Ankney R, Johnson D, Matyas M. The Unified Model. Contribution to ANSI X9F1, 1995.
 
5
Wei-Bin Lee , Chin-Chen Chang, Integrating authentication in public key distribution system, Information Processing Letters, v.57 n.1, p.49-52, Jan. 15, 1996  [doi>10.1016/0020-0190(95)00177-8]
 
6
6. Menezes AJ, Qu M, Vanstone SA. Some key agreement protocols providing implicit authentication. 2nd Workshop Selected Areas in Cryptography, 1995.
 
7
7. Tseng YM. Multi-party key agreement protocols with cheater identification. Applied Mathematics and Computation 2003; 145(2-3):551-559.
 
8
8. Tseng YM. On the security of an efficient two-pass key agreement protocol. Computer Standards and Interfaces 2004; 26(4):371-374.
 
9
David P. Jablon, Extended Password Key Exchange Protocols Immune to Dictionary Attacks, Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, p.248-255, June 18-20, 1997
 
10
10. Kwon T, Song J. Secure agreement scheme for gxy via password authentication. Electronics Letters 1999; 35(11):892-893.
 
11
11. ElGamal T. Apublic key cryptosystem and signature scheme based on discrete logarithm. IEEE Transactions on Information Theory 1985; 31(4):469-472.
 
12
12. NIST. Digital signature standard (DSS), FIPS PUB XX, 1993.
 
13
Simon Blake-Wilson , Don Johnson , Alfred Menezes, Key Agreement Protocols and Their Security Analysis, Proceedings of the 6th IMA International Conference on Cryptography and Coding, p.30-45, December 17-19, 1997
 
14
Simon Blake-Wilson , Alfred Menezes, Authenticated Diffie-Hellman Key Agreement Protocols, Proceedings of the Selected Areas in Cryptography, p.339-361, August 17-18, 1998
 
15
Whitfield Diffie , Paul C. Van Oorschot , Michael J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, v.2 n.2, p.107-125, June 1992  [doi>10.1007/BF00124891]
 
16
16. ITSEC. Information Technology Security Evaluation Criteria. Version 1.2, COM(92) 298 final, Brussels, 1992.
 
17
Cynthia Dwork , Moni Naor, Pricing via Processing or Combatting Junk Mail, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.139-147, August 16-20, 1992
 
18
Tuomas Aura , Pekka Nikander, Stateless connections, Proceedings of the First International Conference on Information and Communication Security, p.87-97, November 11-14, 1997
 
19
19. Hirose S, Matsuura K. Key agreement protocols resistant to a denial-of-service attack. IEICE Transactions on Information and Systems 2001; E-84-D(4):477-484.
 
20
20. Dobbertin H. The status of MD5 after a recent attack. CryptoBytes 1996; 2(2):1-6.
 
21
Kaisa Nyberg , Rainer A. Rueppel, Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem, Designs, Codes and Cryptography, v.7 n.1-2, p.61-81, Jan. 1996  [doi>10.1007/BF00125076]

CITED BY  2
Joseph Chee Ming Teo , Chik How Tan, Denial-of-service resilience password-based group key agreement for wireless networks, Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks, October 22-22, 2007, Chania, Crete Island, Greece
 
Xukai Zou , Yogesh Karandikar , Elisa Bertino, A dynamic key management solution to access hierarchy, International Journal of Network Management, v.17 n.6, p.437-450, November 2007

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols
          Subjects: Protocol architecture (OSI model)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols
          Subjects: Routing protocols

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Management, Security

Collaborative Colleagues:
Yuh-Min Tseng: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player