Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Communications of the ACM
Integrating authentication in public key distribution system
Information Processing Letters
Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem
Designs, Codes and Cryptography - Special issue dedicated to Gustavus J. Simmons
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Towards Network Denial of Service Resistant Protocols
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Extended Password Key Exchange Protocols Immune to Dictionary Attacks
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Denial-of-service resilience password-based group key agreement for wireless networks
Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks
A dynamic key management solution to access hierarchy
International Journal of Network Management
Formal modelling and automatic detection of resource exhaustion attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
| Hi-index | 0.00 |
Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource-exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose-Matsuura protocol to reduce the computation cost. Both the Hirose-Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed.