Enhancing the Resistance of a Provably Secure Key Agreement Protocol to a Denial-of-Service Attack

  • Shouichi Hirose
  • Kanta Matsuura
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1726)

Abstract

In this manuscript, two key agreement protocols which are resistant to a denial-of-service attack are constructed from a key agreement protocol in [9] provably secure against passive and active attacks. The denial-of-service attack considered is the resource-exhaustion attack on a responder. By the resource-exhaustion attack, a malicious initiator executes a key agreement protocol simultaneously as many times as possible to exhaust the responder’s resources and to disturb executions of it between honest initiators and the responder. The resources are the storage and the CPU. The proposed protocols are the first protocols resistant to both the storage-exhaustion attack and the CPU-exhaustion attack. The techniques used in the construction are stateless connection, weak key confirmation, and enforcement of heavy computation. The stateless connection is effective to enhancing the resistance to the storage-exhaustion attack. The weak key confirmation and the enforcement of heavy computation are effective to enhancing the resistance to the CPU-exhaustion attack.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aura, T., Nikander, P.: Stateless connections. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 87–97. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  3. 3.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Infor. Theory IT-22, 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2(2), 107–125 (1992)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
  7. 7.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31(4), 469–472 (1985)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Harkins, D., Carrel, D.: The internet key exchange (IKE). RFC2409 (1998)Google Scholar
  9. 9.
    Hirose, S., Yoshida, S.: An authenticated Diffie-Hellman key agreement protocol secure against active attacks. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 135–148. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Just, M., Vaudenay, S.: Authenticated multi-party key agreement. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 36–49. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  11. 11.
    Karn, P., Simpson, W.: Photuris: Session-key management protocol. RFC2522 (1999)Google Scholar
  12. 12.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Technical Report CORR98-05, Department of C&O, University of Waterloo (1998)Google Scholar
  13. 13.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Shouichi Hirose
    • 1
  • Kanta Matsuura
    • 2
  1. 1.Graduate School of InformaticsKyoto UniversityKyotoJapan
  2. 2.Institute of Industrial ScienceUniversity of TokyoTokyoJapan

Personalised recommendations