Automated Analysis of Internet Key Exchange Protocol v2 for Denial of Service Attacks

The Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks are aimed at maliciously consuming the available resources in computing systems to prevent genuine users from legitimately accessing them. These attacks can easily interrupt or disable targeted systems, so it is important for the system to detect and filter bogus connection requests as early as possible. Many common protocols TCP, HIP, SSL, etc., are vulnerable to DoS attacks. Until now, there has been no fit for all, generic solution to resist a DoS/DDoS attacks presented. An attractive alternative therefore is to investigate the approaches by which one can at least reduce the impact of the DoS/DDoS attacks. Our research work presented here focuses on the same. We develop a formal model of Internet Key Exchange version 2 (IKEv2) protocol using formal specification language of Colored Petri Nets (CPNs) to analyze the protocol for DoS attacks. IKEv2 is a member of the IPSec protocol suite and establishes a security association that includes secret information between source and destination. IPSec provides security services to applications viz. VPN, remote login, email, file transfer etc. Till date no automatic formal analysis of IKEv2 protocol is attempted for DoS attacks, hence we choose IKEv2 protocol to illustrate automatic analysis for DoS attacks. We use simulation approach of CPNs to analyze the protocol for DoS attacks. We analyze the processing cost and memory cost to carry out DoS attacks in IKEv2. In addition, we measure the strength of the protocol against DoS attacks using different experiments in CPNs.