Password authentication with insecure communication
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Just fast keying: Key agreement in a hostile internet
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
Countering DoS attacks with stateless multipath overlays
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On Compromising Password-Based Authentication over HTTPS
AINA '06 Proceedings of the 20th International Conference on Advanced Information Networking and Applications - Volume 01
A Practical Password-Based Two-Server Authentication and Key Exchange System
IEEE Transactions on Dependable and Secure Computing
The methodology and an application to fight against Unicode attacks
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Tracers placement for IP traceback against DDoS attacks
Proceedings of the 2006 international conference on Wireless communications and mobile computing
Protecting TCP services from denial of service attacks
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
| Hi-index | 0.00 |
SSL (Secure Sockets Layer) protocol and IPSec (Internet Protocol Security) are widely used for identity authentication and communication protection. However, both protocols suffer from intrusion and single-point of compromising as well as DDoS (distributed denial of service) attacks. An innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System is proposed to achieve the following goals: (1) An intrusion-resilient authentication protocol will be able to protect credential information by distributing shared secret to multiple computers and thus eliminates the single point of compromising. (2) This protocol can readily detect the use of partial credential as a user/computer and indicate which part of secret is exposed; consequently, the compromised computer can be recovered. (3) Even when an insider compromised all related servers, the credential is only valid for a short period of time and will be self healed in next period. (4) A DDoS resistant protocol must be stateless and efficient as well as stop botnet attacks and "low and slow" attacks. (5) This authentication protocol only takes a single round trip time, which is faster than any other authentication protocols and is important to the performance of critical applications in a multi-continent network. It is difficult to prove the capabilities of IDAS by actually implementing a full scale botnet due to financial constraint. Instead, simulation results are reported in this paper to show that this IDAS protocol can resist DDoS attacks even when thousands of attackers, which is about the same size as the current botnet, are bombarding it. A user will not even sense the extra delay due to the DDoS attacks; thus, the collateral damage is eliminated.