Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

Resolution of ISAKMP/Oakley key-agreement protocol resistant against denial-of-service attack

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Matsuura, K. ; Inst. of Ind. Sci., Tokyo Univ., Japan ; Imai, H.

Key-agreement protocols will play an important role as an entrance to secure communication over the Internet. Specifically, ISAKMP (Internet Security Association and Key Management Protocol)/Oakley key-agreement is currently a leading approach for communication between two parties. The basic idea of ISAKMP/Oakley is an authenticated Diffie-Hellman (DH) key-agreement protocol. This authentication owes a lot to public key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-of-Service (DoS) attacks. In search of resistance against DoS attacks, the paper first describes a basic idea on the protection mechanism for authenticated DH key-agreement protocols against DoS attacks. The paper then proposes a DoS-resistant version of three-pass ISAKMP/Oakley's Phase 1 where DoS attacks impose expensive computation on the attackers themselves. The DoS resistance is evaluated in terms of: (1) the computational cost caused by bogus requests and (2) a server-blocking probability

Published in:

Internet Workshop, 1999. IWS 99

Date of Conference:

1999