- K. Matsuura. ``Evaluation of DoS Resistance in Relation to Performance Dynamics''. The 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan. Jan. 2000. (Full text (gzipped PS))
- (Abstract) In key-agreement protocols, we have a trade-off between security and availability; if authenticated for reasons of security, the protocol would be more vulnerable to a Denial-of-Service (DoS) attack composed of quite a large number of bogus requests which cost an honest responder a lot. DoS-protection strategies such as network ingress filtering and falling-together (FT) mechanism can make the protocol better but we should estimate the availability or server-blocking probability to see how well the trade-off is solved. This paper gives an estimation in a situation where the responder's computational performance depends on the number of on-going processes. The results show that optimized implementation of the FT mechanism can improve the DoS resistance more significantly than other heuristics such as memory increase, connection timeout, and packet discarding.
- (Keywords) Denial-of-Service attack; key agreement; ingress filter; falling-together mechanism; server-blocking probability; connection timeout.
Back to the list in the area (English)
Back to the list in the area (Japanese)