Skip to main content
SpringerLink
Log in

Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols

  • Conference paper
  • First Online:
Security Protocols (Security Protocols 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2467))

Included in the following conference series:

Abstract

Many public-key-based key setup and key agreement protocols already exist and have been implemented for a variety of applications and environments. Several have been proposed for the IPsec protocol, and one, IKE [1], is the current standard. IKE has a number of deficiencies, the three most important being that the number of rounds is high, that it is vulnerable to denial-of-service attacks, and the complexity of its specification. (This complexity has led to interoperability problems, so much so that, several years after its initial adoption by the IETF, there are still completely non-interoperating implementations).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). Request for Comments (Proposed Standard) 2409, Internet Engineering Task Force (1998)

    Google Scholar 

  2. Karn, P., Simpson, W.: Photuris: Session-key management protocol. Request for Comments 2522, Internet Engineering Task Force (1999)

    Google Scholar 

  3. Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication. Request for Comments 2104, Internet Engineering Task Force (1997)

    Google Scholar 

  4. Sheffer, Y., Krawczyk, H., Aboba, B.: PIC, a pre-IKE credential provisioning protocol. Internet Draft, Internet Engineering Task Force (2001) Work in progress.

    Google Scholar 

  5. Arsenault, A., Farrell, S.: Securely available credentials-requirements. Request for Comments 3157, Internet Engineering Task Force (2001)

    Google Scholar 

  6. Gustafson, D., Just, M., Nystrom, M.: Securely available credentials-credential server framework. Internet Draft, Internet Engineering Task Force (2001) Work in progress.

    Google Scholar 

  7. Maughan, D., Schertler, M., Schneider, M., Turner, J.: Internet security association and key management protocol (ISAKMP). Request for Comments (Proposed Standard) 2408, Internet Engineering Task Force (1998)

    Google Scholar 

  8. Miller, S.P., Neuman, B.C., Schiller, J.I., Saltzer, J.H.: Kerberos Authentication and Authorization System. Technical report, MIT (1987)

    Google Scholar 

  9. Simpson, W.A.: IKE/ISAKMP Considered Harmful. USENIX;login: (1999)

    Google Scholar 

  10. Heberlein, L., Bishop, M.: Attack Class: Address Spoofing. In: Proceedings of the 19th National Information Systems Security Conference. (1996) 371–377

    Google Scholar 

  11. CERT: Advisory CA-96.21: TCP SYN Flooding. ftp://info.cert.org/pub/certadvisories/CA-96.21.tcpsynflooding (1996)

  12. Schuba, C., Krsul, I., Kuhn, M., Spafford, E., Sundaram, A., Zamboni, D.: Analysis of a denial of service attack on tcp. In: IEEE Security and Privacy Conference. (1997) 208–223

    Google Scholar 

  13. Kaufman, C., et al.: Code-preserving Simplifications and Improvements to IKE. Internet Draft, Internet Engineering Task Force (2001) Work in progress.

    Google Scholar 

  14. Hickman, K.: Secure Socket Library (SSL). http://home.netscape.com/security/techbriefs/ssl.html (1995)

  15. Dierks, T., Allen, C.: The TLS protocol version 1.0. Request for Comments (Proposed Standard) 2246, Internet Engineering Task Force (1999)

    Google Scholar 

  16. Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL protocol analyzer. In: Proc. of the 1999 IEEE Symposium on Security and Privacy. (1999) 216–231

    Google Scholar 

  17. Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Proc. of DARPA Information Survivability Conference and Exposition (DISCEX 2000), IEEE Computer Society Press (2000) 237–250

    Google Scholar 

  18. Krawczyk, H.: SKEME: A Versatile Secure Key Exchange Mechanism for Internet. In: Proc. of Network and Distributed System Security Symposium (NDSS). (1996)

    Google Scholar 

  19. Aziz, A., Patterson, M.: Simple Key Management for Internet Protocols (SKIP. In: Proc. of the 1995 INET conference. (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. AT&T Labs - Research, USA

    William Aiello, Steven M. Bellovin, Matt Blaze, John Ioannidis & Omer Reingold

  2. IBM T.J. Watson Research Center, USA

    Ran Canetti

  3. Columbia University in the City of New York, USA

    Angelos D. Keromytis

Authors
  1. William Aiello
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven M. Bellovin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Matt Blaze
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ran Canetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. John Ioannidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Angelos D. Keromytis
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Omer Reingold
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science Faculty of Engineering and Information Sciences, University of Hertfordshire, College Lane, Hatfield, Herts, AL10 9AB, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. Department of Computer Science, Vrije Universiteit, De Boelelaan 1081A, 1081, HV Amsterdam, The Netherlands

    Bruno Crispo

  3. Microsoft Research Limited, 7 J J Thomson Avenue, CB3 0FB, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aiello, W. et al. (2002). Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2001. Lecture Notes in Computer Science, vol 2467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45807-7_5

Download citation

  • DOI: https://doi.org/10.1007/3-540-45807-7_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44263-9

  • Online ISBN: 978-3-540-45807-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation