Just fast keying: Key agreement in a hostile internet

ACM Transactions on Information and System Security

Volumn 7, Issue 2, 2004, Pages 242-273

  Aiello, William ^a   Bellovin, Steven M ^a   Blaze, Matt ^a   Canetti, Ran ^b   Ioannidis, John ^a   Keromytis, Angelos D ^c,d   Reingold, Omer ^a  

^a AT AND T LABS RESEARCH   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

^c Och Spine at New York Presbyterian Hospitals   (United States)

^d 515 CS Building ^*  (United States)

Author keywords

Cryptography; Denial of service attacks

Indexed keywords

DENIAL OF SERVICE ATTACKS; INTERNET PROTOCOL (IP); KEY EXCHANGE PROTOCOLS;

DATA PRIVACY; INTERNET; NETWORK PROTOCOLS; PUBLIC KEY CRYPTOGRAPHY; SOFTWARE ENGINEERING;

SECURITY OF DATA;

EID: 3142632089     PISSN: 10949224     EISSN: None     Source Type: Journal    
DOI: 10.1145/996943.996946     Document Type: Review

References (45)

1. AIELLO, W., BELLOVIN, S. M., BLAZE, M., CANETTI, R., IOANNIDIS, J., KEROMYTIS, A. D., AND REINGOLD, O. 2003. Efficient, DoS-resistant, secure key exchange for internet protocols. In Proceedings of the ACM Computer and Communications Security (CCS) Conference. 48-58.
2. ARSENAULT, A. AND FARRELL, S. 2001. Securely available credentials - requirements. Request for Comments 3157, Internet Engineering Task Force (Aug.).
3. AURA, T. AND NIKANDER, P. 1997. Stateless connections. In Proceedings of the International Conference on Information and Communications Security (ICICS '97), Lecture Notes in Computer Science, vol. 1334. Springer, Berlin, 87-97.
4. AURA, T., NIKANDER, P., AND LEIWO, J. 2000. DOS-resistant authentication with client puzzles. In Proceedings of the Eighth International Workshop on Security Protocols.
5. AZIZ, A. 1996. SKIP extension for perfect forward secrecy (PFS). Internet Draft, Internet Engineering Task Force (Aug.).
6. AZIZ, A. AND PATTERSON, M. 1995. Simple key management for internet protocols (SKIP). In Proceedings of the 1995 INET Conference.
7. BELLARE, M. AND ROGAWAY, P. 1993. Entity authentication and key distribution. In Proceedings of the Crypto Conference.
8. CANETTI, R. AND KRAWCZYK, H. 2001. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of the Eurocrypt Conference.
9. CANETTI, R. AND KRAWCZYK, H. 2002a. Security analysis of IKE's signature-based key-exchange protocol. In Proceedings of the Crypto Conference.
10. CANETTI, R. AND KRAWCZYK, H. 2002b. Universally composable notions of key exchange and secure channels. In Proceedings of the EuroCrypt Conference.
11. CERT. 1996. Advisory CA-96.21: TCP SYN Flooding. Available at ftp://info.cert.org/pub/cert_advisories/CA-96.21.tcp_syn_flooding.
12. DIERKS, T. AND ALLEN, C. 1999. The TLS Protocol Version 1.0. Request for Comments (Proposed Standard) 2246, Internet Engineering Task Force (Jan.).
13. DIFFIE, W., VAN OORSCHOT, P., AND WIENER, M. 1992a. Authentication and authenticated key exchanges. Des. Codes Cryptogr. 2, 2, 107-125.
14. FERGUSON, N. AND SCHNEIER, B. 1999. A Cryptographic Evaluation of IPSec. Available at http://www.counterpane.com/ipsec.html.
15. GONG, L. 1995. Efficient network authentication protocols: lower bounds and optimal implementations. Distrib. Comput. 9, 3, 131-145.
16. GÜNTHER, C. G. 1989. An identity-based key-exchange protocol. In Proceedings of the EuroCrypt Conference. 29-37.
17. GUSTAFSON, D., JUST, M., AND NYSTROM, M. 2001. Securely available credentials - Credential server framework. Internet Draft, Internet Engineering Task Force (Aug.). Work in progress.
18. HARKINS, D. AND CARREL, D. 1998. The internet key exchange (IKE). Request for Comments (Proposed Standard) 2409, Internet Engineering Task Force (Nov.).
19. HARKINS, D., KAUFMAN, C., KENT, S., KIVINEN, T., AND PERLMAN, R. 2002. Proposal for the IKEv2 protocol. Internet Draft, Internet Engineering Task Force (April). Work in progress.
20. HEBERLEIN, L. AND BISHOF, M. 1996. Attack class: Address spoofing. In Proceedings of the 19th National Information Systems Security Conference. 371-377.
21. HIROSE, S. AND MATSUURA, K. 1999. Enhancing the resistance of a provably secure key agreement protocol to a denial-of-service attack. In Proceedings Second International Conference on Information and Communication Security (ICICS '99). 169-182.
22. HOFFMAN, P. 2002. Features of proposed successors to IKE. Internet Draft, Internet Engineering Task Force (April). Work in progress.
23. IEEE. 1993. Entity Authentication Mechanisms - Part 3: Entity Authentication Using Asymmetric Techniques. Tech. Rep. ISO/IEC IS 9798-3, ISO/IEC.
24. JAKOBSSON, M. AND JUELS, A. 1999. Proofs of work and bread pudding protocols. In Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security.
25. JANSON, P., TSUDIK, G., AND YUNG, M. 1997. Scalability and flexibility in authentication services: The KryptoKnight approach. In Proceedings of the IEEE INFOCOM. 725-736.
26. JUELS, A. AND BRAINARD, J. 1999. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS '99). 151-165.
27. KARN, P. AND SIMPSON, W. 1999. Photuris: Session-key management protocol. Request for Comments 2522, Internet Engineering Task Force (Mar.).
28. KAUFMAN, C. ET AL. 2001. Code-preserving Simplifications and Improvements to IKE. Internet Draft, Internet Engineering Task Force (July). Work in progress.
29. KAUFMAN, C. AND PERLMAN, R. 2000. Analysis of IKE. In IEEE Trans. Netw. Comput. (Nov.).
30. KRAWCZYK, H. 1996. SKEME: A versatile secure key exchange mechanism for internet. In Proceedings of Network and Distributed System Security Symposium (NDSS).
31. KRAWCZYK, H. 2002. Invited Talk. SIGMA: the SIGn-and-MAc approach to authenticated Diffie-Hellman and its use in the IKE protocols. In. Proceedings of the Crypto Conference.
32. KRAWCZYK, H., BELLARE, M., AND CANETTI, R. 1997. HMAC: keyed-hashing for message authentication. Request for Comments 2104, Internet Engineering Task Force (Feb.).
33. LEIWO, J., NIKANDER, P., AND AURA, T. 2000. Towards network denial of service resistant protocols. In Proceedings of the 15th International Information Security Conference (IFIP/SEC).
34. MATSUURA, K. AND IMAI, H. 1999. Resolution of ISAKMP/Oakley key-agreement protocol resistant against denial-of-service attack. In Proceedings of Internet Workshop (IWS '99). 17-24.
35. MATSUURA, K. AND IMAI, H. 2000. Modified aggressive mode of Internet key exchange resistant against denial-of-service attacks. IEICE Trans. Inf. Syst. E83-D, 5 (May), 972-979.
36. MAUGHAN, D., SCHERTLER, M., SCHNEIDER, M., AND TURNER, J. 1998. Internet security association and key management protocol (ISAKMP). Request for Comments (Proposed Standard) 2408, Internet Engineering Task Force (Nov.).
37. MEADOWS, C. 1999a. Analysis of the Internet key exchange protocol using the NRL protocol analyzer. In Proceedings of the IEEE Symposium on Security and Privacy. 216-231.
38. MEADOWS, C. 1999b. A formal framework and evaluation method for network denial of service. In Proceedings of the 12th IEEE Computer Security Foundations Workshop. 4-13.
39. MEADOWS, C. 2000. Open issues in formal methods for cryptographic protocol analysis. In Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX 2000). IEEE Computer Society Press, 237-250.
40. MILLER, S. P., NEUMAN, B. C., SCHILLER, J. I., AND SALTZER, J. H. 1987. Kerberos Authentication and Authorization System. Tech. Rep., MIT (Dec.).
41. MOSKOWITZ, R. 2001. The Host Identity Payload. Internet Draft, Internet Engineering Task Force (July). Work in progress.
42. OPPLIGER, R. 1999. Protecting key exchange and management protocols against resource clogging attacks. In Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security (CMS '99). 163-175.
43. SCHUBA, C., KRSUL, I., KUHN, M., SPAFFORD, E., SUNDARAM, A., AND ZAMBONI, D. 1997. Analysis of a denial of service attack on TCP. In IEEE Security and Privacy Conference, Oakland. 208-223.
44. SHEFFER, Y., KRAWCZYK, H., AND ABOBA, B. 2001. PIC, a pre-IKE credential provisioning protocol. Internet Draft, Internet Engineering Task Force (Nov.). Work in progress.
45. SIMPSON, W. A. 1999. IKE/ISAKMP Considered Harmful. USENIX; login: (Dec.).