Towards Denial-of-Service-Resilient Key Agreement Protocols

  • Douglas Stebila
  • Berkant Ustaoglu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5594)


Denial of service resilience is an important practical consideration for key agreement protocols in any hostile environment such as the Internet. There are well-known models that consider the security of key agreement protocols, but denial of service resilience is not considered as part of these models. Many protocols have been argued to be denial-of-service-resilient, only to be subsequently broken or shown ineffective.

In this work we propose a formal definition of denial of service resilience, a model for secure authenticated key agreement, and show how security and denial of service resilience can be considered in a common framework, with a particular focus on client puzzles. The model accommodates a variety of techniques for achieving denial of service resilience, and we describe one such technique by exhibiting a denial-of-service-resilient secure authenticated key agreement protocol. Our approach addresses the correct integration of denial of service countermeasures with the key agreement protocol to prevent hijacking attacks that would otherwise render the countermeasures irrelevant.


Hash Function Service Attack Host Identity Protocol Expensive Operation Honest Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)CrossRefzbMATHGoogle Scholar
  7. 7.
    Wang, X., Reiter, M.: Defending against denial-of-service attacks with puzzle auctions. In: Proc. 2003 IEEE Symposium on Security and Privacy (SP 2003), pp. 78–92. IEEE Press, Los Alamitos (2003)CrossRefGoogle Scholar
  8. 8.
    Aura, T., Nikander, P.: Stateless connections. In: Han, Y., Okamoto, T., Qing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 87–97. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. 9.
    Meadows, C.: A formal framework and evaluation method for network denial of service. In: Proc. 1999 IEEE Computer Security Foundations Workshop (CSFW), vol. 4, IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  10. 10.
    Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: Proceedings of the 5th IFIP Working Conference on Dependable Computing for Critical Applications (DCCA-5), pp. 44–55 (September 1995)Google Scholar
  11. 11.
    Diffie, W., van Oorschot, P., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2(2), 107–125 (1992)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Smith, J., Gonzalez-Nieto, J., Boyd, C.: Modelling denial of service attacks on JFK with Meadows’s cost-based framework. In: Buyya, R., Ma, T., Safavi-Naini, R., Steketee, C., Susilo, W. (eds.) Proc. 4th Australasian Information Security Workshop – Network Security (AISW-NetSec) 2006. CRPIT, vol. 54, pp. 125–134. Australian Computer Society (2006)Google Scholar
  13. 13.
    Karn, P., Simpson, W.A.: Photuris: Session-key management protocol, RFC 2522 (March 1999)Google Scholar
  14. 14.
    Krawczyk, H.: SIGMA: The ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Kaufman, C.: Internet Key Exchange (IKEv2) protocol, RFC 4306 (December 2005)Google Scholar
  16. 16.
    Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Keromytis, A.D., Reingold, O.: Just Fast Keying: Key agreement in a hostile Internet. ACM Transactions on Information and System Security 7(2), 1–30 (2004)CrossRefzbMATHGoogle Scholar
  17. 17.
    Mao, W., Paterson, K.G.: On the plausible deniability feature of Internet protocols (manuscript, 2002)Google Scholar
  18. 18.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  19. 19.
    Back, A.: A partial hash collision based postage scheme (1997),
  20. 20.
    Juels, A., Brainard, J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: Proc. Internet Society Network and Distributed System Security Symposium (NDSS), pp. 151–165. Internet Society (1999)Google Scholar
  21. 21.
    Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. In: Proc. Internet Society Network and Distributed System Security Symposium (NDSS 2003). Internet Society (2003)Google Scholar
  22. 22.
    Waters, B., Juels, A., Halderman, J.A., Felten, E.W.: New client puzzle outsourcing techniques for DoS resistance. In: Proc. 11th ACM Conference on Computer and Communications Security (CCS), pp. 246–256. ACM, New York (2004)Google Scholar
  23. 23.
    Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Eddy, W.M.: TCP SYN flooding attacks and common mitigations, RFC 4987 (August 2007)Google Scholar
  25. 25.
    Jakobsson, M., Juels, A.: Proofs of work and bread pudding protocols. In: Preneel, B. (ed.) Proceedings of the IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security. IFIP Conference Proceedings, vol. 152, pp. 258–272. Kluwer Academic Publishers, Dordrecht (1999)Google Scholar
  26. 26.
    Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Designs, Codes and Cryptography 46(3), 329–342 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.R.: Host Identity Protocol, Internet-Draft (February 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Douglas Stebila
    • 1
  • Berkant Ustaoglu
    • 2
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia
  2. 2.NTT Information Sharing Platform LaboratoriesTokyoJapan

Personalised recommendations