Modelling denial of service attacks on JFK with Meadows's cost-based framework
نویسندگان
چکیده
We present the first detailed application of Meadows’s cost-based modelling framework to the analysis of JFK, an Internet key agreement protocol. The analysis identifies two denial of service attacks against the protocol that are possible when an attacker is willing to reveal the source IP address. The first attack was identified through direct application of a cost-based modelling framework, while the second was only identified after considering coordinated attackers. Finally, we demonstrate how the inclusion of client puzzles in the protocol can improve denial of service resistance against both identified attacks.
منابع مشابه
HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملAnalyzing DoS-Resistance of Protocols Using a Cost-Based Framework
This paper addresses protocol susceptibility to denial-of-service attacks. We analyze protocol fragments using Meadows’s cost-based framework [9] to identify sequences of actions that render servers disabled, either due to memory or CPU exhaustion. In particular, we show that the JFK protocol [1] is DoS-resistant when bogus messages are handled in an appropriate way. We also discuss the relatio...
متن کاملTowards a Provably Secure DoS-Resilient Key Exchange Protocol with Perfect Forward Secrecy
Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al. (ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denialof-service (DoS) attacks. Using Meadows’ cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in the Canetti-Krawczyk model under the Decisiona...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملAutomated Proof of Resistance of Denial of Service Attacks Using Event with Theorem Prover
The huge damage of denial of service attacks in security protocols attracts researchers’ attention and effort to analysis, verification and prevention of denial of service attacks. In order to model resistance of denial of service attacks, firstly, we extend applied pi calculus from both adversary context and processes aspects; secondly, the first computer-aided method of resistance of denial o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006