Resolution of ISAKMP/Oakley Key-Agreement Protocol Resistant against Denial-of-Service Attack

|Key-agreement protocol will play an important role as an entrance to secure communication over the Internet. Speci cally, ISAKMP(Internet Security Association and Key Management Protocol)/Oakley key-agreement is currently a leading approach for communication between two parties. Basic idea of ISAKMP/Oakley is an authenticated Di eHellman (DH) key-agreement protocol. This authentication owes a lot to public-key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-ofService (DoS) attacks. In search of resistance against DoS attacks, this paper rst describes a basic idea on the protection mechanism for authenticated DH keyagreement protocols against DoS attacks. The paper then proposes a DoS-resistant version of three-pass ISAKMP/Oakley's Phase 1 where DoS attacks impose expensive computation on the attackers themselves. The DoS-resistance is evaluated in terms of (1) the computational cost caused by bogus requests and (2) a server-blocking probability.