K. Matsuura and H. Imai. ``Resolution of ISAKMP/Oakley Key-Agreement Protocol Resistant against Denial-of-Service Attack''. Proc. of Internet Workshop'99 (IWS'99), IEEE Press, pp. 17-24, 1999. (Full text (gzipped PS))
(Abstract) Key-agreement protocol will play an important role as an entrance to secure communication over the Internet. Specifically, ISAKMP(Internet Security Association and Key Management Protocol)/Oakley key-agreement is currently a leading approach for communication between two parties. Basic idea of ISAKMP/Oakley is an authenticated Diffie-Hellman (DH) key-agreement protocol. This authentication owes a lot to public-key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-of-Service (DoS) attacks. In search of resistance against DoS attacks, this paper first describes a basic idea on the protection mechanism for authenticated DH key-agreement protocols against DoS attacks. The paper then proposes a DoS-resistant version of three-pass ISAKMP/Oakley where DoS attacks impose expensive computation on the attackers themselves.
(Keywords) key agreement, ISAKMP/Oakley, Diffie-Hellman, Denial-of-Service.

Back to the list in the area (English)

Back to the list in the area (Japanese)