Protecting Key Exchange and Management Protocols Against Resource Clogging Attacks
نویسنده
چکیده
Many cryptographic key exchange and management protocols involve computationally expensive operations, such as modular exponentia-tions, and are therefore vulnerable to resource clogging attacks. This paper overviews and discusses the basic principles and the rationale behind an anti-clogging mechanism that was originally designed and proposed to protect the Photuris Session Key Management Protocol against resource clogging attacks. The mechanism was later approved by the IETF IPsec WG to be included into the Internet Key Management Protocol (IKMP) or Internet Key Exchange (IKE) protocol respectively. The paper introduces and discusses the Photuris anti-clogging mechanism , derives some design considerations, and elaborates on possibilities to use similar techniques to improve an existing HTTP state management protocol and to protect TCP/IP implementations against TCP SYN ooding attacks.
منابع مشابه
Denial of service in public key protocols
Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I present a survey of the literature on designing denial of service resistant communication protocols. I consider several different types of resources vulnerable to resource consumption attacks, and ...
متن کاملSecurity in Wireless Ad Hoc Networks
An ad hoc network is a collection of wireless nodes that dynamically form a temporary network and operates without the use of existing network infrastructure. In the near future, many personal electronic devices will be able to communicate with each other over a short-range wireless channel. We investigate the principal security issues for such an environment. The traditional way of protecting ...
متن کاملAn ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure
Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication. This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...
متن کاملDesign, implementation, and performance analysis of DiscoSec - Service pack for securing WLANs
To improve the already tarnished reputation of WLAN security, the new IEEE 802.11i security standard provides means for an enhanced user authentication and strong data confidentiality. However, the standard focuses on securing higher-layer data, i.e., protecting IEEE 802.11 data frames. Management frames used for connection administration are left unprotected and a wide spectrum of known attack...
متن کاملDual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks
Password-based key-server protocols are susceptible to password chaining attacks, in which an enemy uses knowledge of a user's current password to learn all future passwords. As a result, the exposure of a single password eeectively compromises all future communications by that user. The same protocols also tend to be vulnerable to dictionary attacks against user passwords. Bellovin and Merritt...
متن کامل