Efficient authenticated key agreement protocols resistant to a denial-of-service attack

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource-exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose-Matsuura protocol to reduce the computation cost. Both the Hirose-Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed.

Original languageEnglish
Pages (from-to)193-202
Number of pages10
JournalInternational Journal of Network Management
Volume15
Issue number3
DOIs
Publication statusPublished - 2005 May 1

Fingerprint

Network protocols
Servers
Program processors
Denial-of-service attack
Network security
Authentication
Costs

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Computer Networks and Communications

Cite this

@article{055fb4c3cc714b528a264b71ba2185d0,
title = "Efficient authenticated key agreement protocols resistant to a denial-of-service attack",
abstract = "Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource-exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose-Matsuura protocol to reduce the computation cost. Both the Hirose-Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed.",
author = "Yuh-Min Tseng",
year = "2005",
month = "5",
day = "1",
doi = "10.1002/nem.561",
language = "English",
volume = "15",
pages = "193--202",
journal = "International Journal of Network Management",
issn = "1055-7148",
publisher = "John Wiley and Sons Ltd",
number = "3",

}

Efficient authenticated key agreement protocols resistant to a denial-of-service attack. / Tseng, Yuh-Min.

In: International Journal of Network Management, Vol. 15, No. 3, 01.05.2005, p. 193-202.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Efficient authenticated key agreement protocols resistant to a denial-of-service attack

AU - Tseng, Yuh-Min

PY - 2005/5/1

Y1 - 2005/5/1

N2 - Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource-exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose-Matsuura protocol to reduce the computation cost. Both the Hirose-Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed.

AB - Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource-exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose-Matsuura protocol to reduce the computation cost. Both the Hirose-Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed.

UR - http://www.scopus.com/inward/record.url?scp=18844408349&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=18844408349&partnerID=8YFLogxK

U2 - 10.1002/nem.561

DO - 10.1002/nem.561

M3 - Article

VL - 15

SP - 193

EP - 202

JO - International Journal of Network Management

JF - International Journal of Network Management

SN - 1055-7148

IS - 3

ER -