ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Modelling denial of service attacks on JFK with Meadows's cost-based framework
Full text PdfPdf (213 KB)
Source ACM International Conference Proceeding Series; Vol. 167 archive
Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54 table of contents
Hobart, Tasmania, Australia
Pages: 125 - 134  
Year of Publication: 2006
ISBN ~ ISSN:1445-1336 , 1-920-68236-8
Authors
J. Smith  Information Security Institute, Queensland University of Technology, Brisbane, Australia
J. M. González-Nieto  Information Security Institute, Queensland University of Technology, Brisbane, Australia
C. Boyd  Information Security Institute, Queensland University of Technology, Brisbane, Australia
Publisher
Australian Computer Society, Inc.  Darlinghurst, Australia, Australia
Bibliometrics
Downloads (6 Weeks): 8,   Downloads (12 Months): 30,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  

ABSTRACT

We present the first detailed application of Meadows's cost-based modelling framework to the analysis of JFK, an Internet key agreement protocol. The analysis identifies two denial of service attacks against the protocol that are possible when an attacker is willing to reveal the source IP address. The first attack was identified through direct application of a cost-based modelling framework, while the second was only identified after considering coordinated attackers. Finally, we demonstrate how the inclusion of client puzzles in the protocol can improve denial of service resistance against both identified attacks.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Abadi, M., Blanchet, B. & Fournet, C. (2003), 'Just Fast Keying in the ππ-calculus', www. http://www.cse.ucsc.edu/~abadi/Papers/ pijfk.pdf.
 
2
Abadi, M., Burrows, M., Manasse, M. & Wobber, T. (2003), Moderately Hard, Memory-bound Functions, in 'Proceedings of the 10th Annual Ney-work and Distributed System Security Symposium', Internet Society.
3
William Aiello , Steven M. Bellovin , Matt Blaze , Ran Canetti , John Ioannidis , Angelos D. Keromytis , Omer Reingold, Just fast keying: Key agreement in a hostile internet, ACM Transactions on Information and System Security (TISSEC), v.7 n.2, p.242-273, May 2004  [doi>10.1145/996943.996946]
 
4
Tuomas Aura , Pekka Nikander, Stateless connections, Proceedings of the First International Conference on Information and Communication Security, p.87-97, November 11-14, 1997
 
5
Tuomas Aura , Pekka Nikander , Jussipekka Leiwo, DOS-Resistant Authentication with Client Puzzles, Revised Papers from the 8th International Workshop on Security Protocols, p.170-177, April 03-05, 2000
 
6
Ran Canetti , Hugo Krawczyk, Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.453-474, May 06-10, 2001
 
7
Castelluccia, C., Mykletun, E. & Tsudik, G. (2005), Improving Secure Server Performance by Rebalancing SSL/TLS Handshakes, Cryptology ePrint Archive 2005/037, IACR. URL: http://eprint.iacr.org/2005/037
 
8
Dean, D. & Stubblefield, A. (2001), Using Client Puzzles to Protect TLS, in 'Proceedings of the 10th Annual USENIX Security Symposium'.
 
9
Cynthia Dwork , Moni Naor, Pricing via Processing or Combatting Junk Mail, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.139-147, August 16-20, 1992
 
10
Feng, W., Kaiser, E., Feng, W. & Luu, A. (2005), The Design and Implementation of Network Puzzles, in 'Proceedings of INFOCOM 2005', IEEE. To Appear.
 
11
Gong, L. & Syverson, P. (1995), Fail-stop protocols: An approach to designing secure protocols, in 'Preprints of the 5th International Conference on Dependable Computing for Critical Applications', pp. 44-54.
 
12
D. Harkins , D. Carrel, The Internet Key Exchange (IKE), RFC Editor, 1998
 
13
Juels, A. & Brainard, J. (1999), Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks, in 'Proceedings of the Network and Distributed Systems Security Symposium (NDSS)', pp. 151-165.
 
14
P. Karn , W. Simpson, Photuris: Session-Key Management Protocol, RFC Editor, 1999
 
15
Kaufman, C. (2004), Internet Key Exchange (IKEv2) Protocol, Internet-Draft 17, Internet Engineering Task Force.
 
16
Chae Hoon Lim , Pil Joong Lee, A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp, Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, p.249-263, August 17-21, 1997
 
17
Catherine Meadows, A Formal Framework and Evaluation Method for Network Denial of Service, Proceedings of the 1999 IEEE Computer Security Foundations Workshop, p.4, June 28-30, 1999
 
18
Catherine Meadows, A cost-based framework for analysis of denial of service in networks, Journal of Computer Security, v.9 n.1-2, p.143-164, Jan. 1,2001
 
19
Ramachandran, V. (2002), Analyzing DoS-Resistance of Protocols Using a Cost-Based Framework, Technical Report YALEU/DCS/TR-1239, Yale University, Department of Computer Science.
 
20
Simpson, W. A. (1999), 'IKE/ISAKMP Considered Harmful', USENIX ;login 24(6).
 
21
XiaoFeng Wang , Michael K. Reiter, Defending Against Denial-of-Service Attacks with Puzzle Auctions, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.78, May 11-14, 2003
22
XiaoFeng Wang , Michael K. Reiter, Mitigating bandwidth-exhaustion attacks using congestion puzzles, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030118]
23
Brent Waters , Ari Juels , J. Alex Halderman , Edward W. Felten, New client puzzle outsourcing techniques for DoS resistance, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030117]

CITED BY
Suratose Tritilanunt , Colin Boyd , Ernest Foo , Juan Manuel González Nieto, Cost-based and time-based analysis of DoS-resistance in HIP, Proceedings of the thirtieth Australasian conference on Computer science, p.191-200, January 30-February 02, 2007, Ballarat, Victoria, Australia

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations
      C.2.4 Distributed Systems
  C.4 PERFORMANCE OF SYSTEMS
      Subjects: Modeling techniques

  E. Data
  E.3 DATA ENCRYPTION


General Terms:
Design, Management, Security


Keywords:
cryptographic protocols, denial of service, security analysis methodologies

Collaborative Colleagues:
J. Smith: colleagues
J. M. González-Nieto: colleagues
C. Boyd: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player