Denial of service in public key protocols
نویسنده
چکیده
Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I present a survey of the literature on designing denial of service resistant communication protocols. I consider several different types of resources vulnerable to resource consumption attacks, and outline countermeasures against such attacks. I also describe how these countermeasures are used in the ISAKMP/IKE and Photuris protocols, and give overview of design recommendations for future protocols.
منابع مشابه
A Denial-of-Service Resistant Public-key Authentication and Key Establishment Protocol
Network denial-ofservice attacks, which exhaust the server resources, have become a serious security threat to the Internet. Public Key Infrastructure (PU) has long been introduced in various authentication protocols to verifL the identities of the communicating parties. Although the use of PKI can present dijjculty to the denial-of service attackers, the underlying problem has not been resolve...
متن کاملCryptographic Salt: A Countermeasure against Denial-of-Service Attacks
Denial-of-service (DoS) attack is one of the most malicious Internetbased attacks. Introduction of cryptographic authentication protocols into Internet environment does not help alleviate the impact of denial-of-service attacks, but rather increases the vulnerability to the attack because of the heavy computation associated with cryptographic operation. Nevertheless, many Internet security prot...
متن کاملEnhancing SVO Logic for Mobile IPv6 Security Protocols
In order to protect Mobile Internet Protocol Version 6 (MIPv6), considerable researches have been made, consequently followed by various security protocols, which are based on public key cryptography. Especially, depending on a proper address based public key method, these protocols use each node’s address as a public key certificate to authenticate its public key because no global public key i...
متن کاملPassword Authenticated Key Exchange and Protected Password Change Protocols
In this paper, we propose new password authenticated key exchange (PAKE) and protected password change (PPC) protocols without any symmetric or public-key cryptosystems. The security of the proposed protocols is based on the computational Diffie-Hellman assumption in the random oracle model. The proposed scheme can resist both forgery server and denial of service attacks.
متن کاملOn reusing ephemeral keys in Diffie-Hellman key agreement protocols
A party may choose to reuse ephemeral public keys in a Diffie-Hellman key agreement protocol in order to reduce its computational workload or to mitigate against denial-of-service attacks. In this note we highlight the danger of reusing ephemeral keys if domain parameters are not appropriately selected or if public keys are not appropriately validated.
متن کامل