article

Efficient authenticated key agreement protocols resistant to a denial-of-service attack

Author:

Yuh-Min TsengAuthors Info & Claims

International Journal of Network Management, Volume 15, Issue 3

Pages 193 - 202

https://doi.org/10.1002/nem.561

Published: 01 May 2005 Publication History

Abstract

Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource-exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose-Matsuura protocol to reduce the computation cost. Both the Hirose-Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed.

References

[1]

1. Needham RM. Denial of services: An example. Communications of ACM 1994; 37(11):42-46.]]

Digital Library

[2]

2. Leiwo J, Aura T, Nikander P. Towards network denial of service resistant protocols. Proceedings of the Sixteenth Annual Working Conference on Information Security, IFIP Series, Vol.175, Beijing, China, 2000.]]

Digital Library

[3]

3. Diffie W, Hellman ME. New directions in cryptography. IEEE Transactions on Information Theory 1976; IT-22(6):644-654.]]

Digital Library

[4]

4. Ankney R, Johnson D, Matyas M. The Unified Model. Contribution to ANSI X9F1, 1995.]]

[5]

5. Lee WB, Chang CC. Integrating authentication in public key distribution system. Information Processing Letters 1996; 57:49-52.]]

Digital Library

[6]

6. Menezes AJ, Qu M, Vanstone SA. Some key agreement protocols providing implicit authentication. 2nd Workshop Selected Areas in Cryptography, 1995.]]

[7]

7. Tseng YM. Multi-party key agreement protocols with cheater identification. Applied Mathematics and Computation 2003; 145(2-3):551-559.]]

[8]

8. Tseng YM. On the security of an efficient two-pass key agreement protocol. Computer Standards and Interfaces 2004; 26(4):371-374.]]

[9]

9. Jablon DP. Extended password key exchange protocols. WETICE Workshop on Enterprise Security 1997; 248-255.]]

Digital Library

[10]

10. Kwon T, Song J. Secure agreement scheme for gxy via password authentication. Electronics Letters 1999; 35(11):892-893.]]

[11]

11. ElGamal T. Apublic key cryptosystem and signature scheme based on discrete logarithm. IEEE Transactions on Information Theory 1985; 31(4):469-472.]]

[12]

12. NIST. Digital signature standard (DSS), FIPS PUB XX, 1993.]]

[13]

13. Blake-Wilson S, Johnson D, Menezes A. Key agreement protocols and their security analysis. Proceedings of the Sixth IMA International Conference on Cryptography and Coding, Lecture Notes in Computer Science 1355, 1997; 30-45.]]

Digital Library

[14]

14. Blake-Wilson S, Menezes A. Authenticated Diffie--Hellman key agreement protocols. Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC '98), Lecture Notes in Computer Science 1556, 1999; 339-361.]]

Digital Library

[15]

15. Diffie W, Van Oorschot PC, Wiener MJ. Authentication and authenticated key exchanges. Designs, Codes and Cryptography 1992; 2:107-125.]]

Digital Library

[16]

16. ITSEC. Information Technology Security Evaluation Criteria. Version 1.2, COM(92) 298 final, Brussels, 1992.]]

[17]

17. Dwork C, Naor M. Pricing via processing or combating junk mail. Advances in Cryptology--Crypto'92, Lecture Notes in Computer Science 740, Springer-Verlag, 1993; 139-147.]]

Digital Library

[18]

18. Aura T, Nikander P. Stateless connections. Information and Communications Security (ICICS'97), Lecture Notes in Computer Science 1334, 1997; 87-97.]]

Digital Library

[19]

19. Hirose S, Matsuura K. Key agreement protocols resistant to a denial-of-service attack. IEICE Transactions on Information and Systems 2001; E-84-D(4):477-484.]]

[20]

20. Dobbertin H. The status of MD5 after a recent attack. CryptoBytes 1996; 2(2):1-6.]]

[21]

21. Nyberg K, Rueppel RA. Message recovery for signature schemes based on the discrete logarithm. Designs Codes and Cryptography 1996; 7(1-2): 61-81.]]

Digital Library

Cited By

Liu PShirazi SLiu WXie Y(2021)pKASSecurity and Communication Networks10.1155/2021/65717002021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/6571700
(2017)A novel lightweight key management scheme for RFID-sensor integrated hierarchical MANET based on internet of thingsInternational Journal of Advanced Intelligence Paradigms10.5555/3070666.30706739:2-3(220-245)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.5555/3070666.3070673
Nimbhorkar SMalik L(2016)Comparative Analysis of Authenticated Key Agreement Protocols Based on Elliptic Curve CryptographyProcedia Computer Science10.1016/j.procs.2016.02.06578:C(824-830)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1016/j.procs.2016.02.065
Show More Cited By

Index Terms

Efficient authenticated key agreement protocols resistant to a denial-of-service attack

Recommendations

Enhanced of key agreement protocols resistant to a denial-of-service attack

The denial-of-service attack, a malicious client executes a key agreement protocol simultaneously many times to exhaust the server's memory or computing resource and to interfere the honest client connecting with the server. It is a serious problem in ...
Impersonation Attacks on Key Agreement Protocols Resistant to Denial of Service Attacks

Hirose and Yoshida proposed an authenticated key agreement protocol based on the intractability of the Computational Diffie-Hellman problem. Recently, Hirose and Matsuura pointed out that Hirose and Yoshida's protocol is vulnerable to Denial-of-Service (...
Enhanced of Key Agreement Protocols Resistant to a Denial-of-Service Attack

The denial-of-service attack, a malicious client executes a key agreement protocol simultaneously many times to exhaust the server's memory or computing resource and to interfere the honest client connecting with the server. It is a serious problem in ...

Comments

Information & Contributors

Information

Published In

cover image International Journal of Network Management

International Journal of Network Management Volume 15, Issue 3

May 2005

65 pages

EISSN:1099-1190

Issue’s Table of Contents

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 May 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
638
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu PShirazi SLiu WXie Y(2021)pKASSecurity and Communication Networks10.1155/2021/65717002021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/6571700
(2017)A novel lightweight key management scheme for RFID-sensor integrated hierarchical MANET based on internet of thingsInternational Journal of Advanced Intelligence Paradigms10.5555/3070666.30706739:2-3(220-245)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.5555/3070666.3070673
Nimbhorkar SMalik L(2016)Comparative Analysis of Authenticated Key Agreement Protocols Based on Elliptic Curve CryptographyProcedia Computer Science10.1016/j.procs.2016.02.06578:C(824-830)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1016/j.procs.2016.02.065
Groza BMinea MCheung BHui LSandhu RWong D(2011)Formal modelling and automatic detection of resource exhaustion attacksProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966955(326-333)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966955
Teo JTan CChen HBononi L(2007)Denial-of-service resilience password-based group key agreement for wireless networksProceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks10.1145/1298239.1298263(136-143)Online publication date: 22-Oct-2007
https://dl.acm.org/doi/10.1145/1298239.1298263
Zou XKarandikar YBertino E(2007)A dynamic key management solution to access hierarchyInternational Journal of Network Management10.1002/nem.65617:6(437-450)Online publication date: 1-Nov-2007
https://dl.acm.org/doi/10.1002/nem.656

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents