- K. Matsuura and H. Imai. ``Modification of Internet Key Exchange Resistant against Denial-of-Service''. Pre-Proc. of Internet Workshop 2000 (IWS2000), pp.167-174, Feb. 2000. (Full text (gzipped PS))
- (Abstract) The first phase of Internet Key Exchange (IKE) is an authenticated version of Diffie-Hellman (DH) key-agreement. Since the authentication is computationally expensive, computational burden caused by malicious requests may exhaust the CPU resource of the target. Attackers can also abuse inappropriate use of Cookies and exhaust the memory resource of the target.
- In search of resistance against these Denial-of-Service (DoS) attacks, this paper modifies three-pass IKE Phase 1. The DoS-resistance is evaluated in terms of the computational cost and the memory cost caused by bogus requests.
- (Keywords) Internet Key Exchange, Denial-of-Service, Cookie.
Back to the list in the area (English)
Back to the list in the area (Japanese)