|
Abstract : |
Abstract---Key-agreement protocol will play an important role as an entrance to secure communication over the Internet. Specifically, ISAKMP(Internet Security Association and Key Management Protocol) /Oakley key-agreement is currently a leading approach for communication between two parties. Basic idea of ISAKMP/Oakley is an authenticated DiffieHellman (DH) key-agreement protocol. This authentication owes a lot to public-key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-ofService (DoS) attacks. In search of resistance against DoS attacks, this paper first describes a basic idea on the protection mechanism for authenticated DH keyagreement protocols against DoS attacks. The paper then proposes a DoS-resistant version of three-pass ISAKMP/Oakley's Phase 1 where DoS attacks impose expensive computation on the attackers themselves. The DoS-resistance is evaluated in terms of (1) the computational cost caused by bogus requests and (2) a server-blocking probability. I., |
