Denial-of-service resilience password-based group key agreement for wireless networks
Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks
Counteract SYN flooding using second chance packet filtering
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
Network denial-of-service attacks, which exhaust the server resources, have become a serious security threat to the Internet. Public key infrastructure (PKI) has long been introduced in various authentication protocols to verify the identities of the communicating parties. Although the use of PKI can present difficulty to the denial-of-service attackers, the underlying problem has not been resolved completely, because the use of public-key infrastructure involves computationally expensive operations such as modular exponentiation. An improper deployment of the public-key operations in a protocol allows the attacker to exhaust the server's resources. This paper presents a public-key based authentication and key establishment protocol integrated with a sophisticated client puzzle, which together provides a good solution for network denial-of-service attacks, and various other common attacks. The joint establishment of session keys by both the client and the server protects the session after the mutual authentication. The basic strategy to protect against denial of service is to impose an adjustable cost on the attacker while launching the attacks. The proposed client puzzle protocol can also be integrated with other network protocols to protect against denial-of-service attacks.