Skip to main content
SpringerLink
Log in

Examining the DoS Resistance of HIP

  • Conference paper
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (OTM 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4277))

Abstract

We examine DoS resistance of the Host Identity Protocol (HIP) and discuss a technique to deny legitimate services. To demonstrate the experiment, we implement a formal model of HIP based on Timed Petri Nets and use a simulation approach provided in CPN Tools to achieve a formal analysis. By integrating adjustable puzzle difficulty, HIP can mitigate the effect of DoS attacks. However, the inability to protect against coordinated adversaries on a hash-based puzzle causes the responder to be susceptible to DoS attacks at the identity verification phase. As a result, we propose an enhanced approach by employing a time-lock puzzle instead of a hash-based scheme. Once the time-lock puzzle is adopted, the effect of coordinated attacks will be removed and the throughput from legitimate users will return to the desirable level.

An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
EUR 29.95
Price includes VAT (Netherlands)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 85.59
Price includes VAT (Netherlands)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 108.99
Price includes VAT (Netherlands)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Al-azzoni, I.: The Verification of Cryptographic Protocols using Coloured Petri Nets. Master of Applied Sciences Thesis, Department of Software Engineering, McMaster University, Ontario, Canada (2004)

    Google Scholar 

  2. Aura, T., Nagarajan, A., Gurtov, A.: Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 481–493. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. Aura, T., Nikander, P.: Stateless Connections. In: International Conference on Information and Communications Security, Beijing, China, November 1997, pp. 87–97 (1997)

    Google Scholar 

  4. Aura, T., Nikander, P., Leiwo, J.: DoS-resistant authentication with client puzzles. In: Security Protocols Workshop 2000, pp. 170–181 (April 2000)

    Google Scholar 

  5. Back, A.: Hashcash - A Denial of Service Counter-Measure (2002), http://citeseer.ist.psu.edu/back02hashcash.html

  6. Beal, J., Shepard, T.: Deamplification of DoS Attacks via Puzzles (2004), available http://web.mit.edu/jakebeal/www/Unpublished/puzzle.pdf

  7. Computer Emergency Response Team (CERT). SYN Flooding Attack (1996) [Online] available: http://www.cert.org/advisories/CA-1996-21.html

  8. Doyle, E.M.: Automated Security Analysis of Cryptographic Protocols using Coloured Petri Net Specification. Master of Science Thesis, Department of Electrical and Computer Engineering, Queen’s University, Ontario, Canada (1996)

    Google Scholar 

  9. Feng, W., Luu, A., Feng, W.: Scalable, Fine-grained Control of Network Puzzles. Technical report 03-015, OGI CSE (2003)

    Google Scholar 

  10. Han, Y.: Automated Security Analysis of Internet Protocols using Coloured Petri Net Specification. Master of Science Thesis, Department of Electrical and Computer Engineering, Queen’s University, Ontario, Canada (1996)

    Google Scholar 

  11. Jakobsson, M., Juels, A.: Proofs of work and bread pudding protocols. In: the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security (CMS 1999) (September 1999)

    Google Scholar 

  12. Juels, A., Brainard, J.: Client Puzzles: A Cryptographic Defense Against Connection Depletion Attacks. In: The 1999 Network and Distributed System Security Symposium (NDSS 1999), San Diego, California, USA, February 1999, pp. 151–165 (1999)

    Google Scholar 

  13. Mao, W.: Time-Lock Puzzle with Examinable Evidence of Unlocking Time. In: Proceedings of the 7th International Workshop on Security Protocols, pp. 95–102. Springer, London (2000)

    Google Scholar 

  14. Moskowitz, R.: The Host Identity Protocol (HIP). Internet Draft, Internet Engineering Task Force (June 2006), http://www.ietf.org/internet-drafts/draft-ietf-hip-base-06.txt

  15. Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock Puzzles and Timed-release Crypto. Technical Report TR-684, Massachusetts Institute of Technology, Cambridge, MA, USA (March 10, 1996)

    Google Scholar 

  16. Simpson, W.A.: IKE/ISAKMP Considered Harmful. USENIX 24(6) (December 1999)

    Google Scholar 

  17. Smith, J., González Nieto, J.M., Boyd, C.: Modelling Denial of Service Attacks on JFK with Meadows’s Cost-Based Framework. In: Fourth Australasian Information Security Workshop (AISW-NetSec 2006), vol. 54, pp. 125–134 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Institute, Queensland University of Technology, GPO Box 2434, Brisbane, QLD 4001, Australia

    Suratose Tritilanunt, Colin Boyd, Ernest Foo & Juan Manuel González Nieto

Authors
  1. Suratose Tritilanunt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Colin Boyd
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ernest Foo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Juan Manuel González Nieto
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STARLab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. School of Computer Science and Information Technology, RMIT University, Bld 10.10, 376-392 Swanston Street, 3001, Melbourne, VIC, Australia

    Zahir Tari

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tritilanunt, S., Boyd, C., Foo, E., Nieto, J.M.G. (2006). Examining the DoS Resistance of HIP. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_85

Download citation

  • DOI: https://doi.org/10.1007/11915034_85

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-48269-7

  • Online ISBN: 978-3-540-48272-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation