Abstract
Many public-key-based key setup and key agreement protocols already exist and have been implemented for a variety of applications and environments. Several have been proposed for the IPsec protocol, and one, IKE [1], is the current standard. IKE has a number of deficiencies, the three most important being that the number of rounds is high, that it is vulnerable to denial-of-service attacks, and the complexity of its specification. (This complexity has led to interoperability problems, so much so that, several years after its initial adoption by the IETF, there are still completely non-interoperating implementations).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). Request for Comments (Proposed Standard) 2409, Internet Engineering Task Force (1998)
Karn, P., Simpson, W.: Photuris: Session-key management protocol. Request for Comments 2522, Internet Engineering Task Force (1999)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication. Request for Comments 2104, Internet Engineering Task Force (1997)
Sheffer, Y., Krawczyk, H., Aboba, B.: PIC, a pre-IKE credential provisioning protocol. Internet Draft, Internet Engineering Task Force (2001) Work in progress.
Arsenault, A., Farrell, S.: Securely available credentials-requirements. Request for Comments 3157, Internet Engineering Task Force (2001)
Gustafson, D., Just, M., Nystrom, M.: Securely available credentials-credential server framework. Internet Draft, Internet Engineering Task Force (2001) Work in progress.
Maughan, D., Schertler, M., Schneider, M., Turner, J.: Internet security association and key management protocol (ISAKMP). Request for Comments (Proposed Standard) 2408, Internet Engineering Task Force (1998)
Miller, S.P., Neuman, B.C., Schiller, J.I., Saltzer, J.H.: Kerberos Authentication and Authorization System. Technical report, MIT (1987)
Simpson, W.A.: IKE/ISAKMP Considered Harmful. USENIX;login: (1999)
Heberlein, L., Bishop, M.: Attack Class: Address Spoofing. In: Proceedings of the 19th National Information Systems Security Conference. (1996) 371–377
CERT: Advisory CA-96.21: TCP SYN Flooding. ftp://info.cert.org/pub/certadvisories/CA-96.21.tcpsynflooding (1996)
Schuba, C., Krsul, I., Kuhn, M., Spafford, E., Sundaram, A., Zamboni, D.: Analysis of a denial of service attack on tcp. In: IEEE Security and Privacy Conference. (1997) 208–223
Kaufman, C., et al.: Code-preserving Simplifications and Improvements to IKE. Internet Draft, Internet Engineering Task Force (2001) Work in progress.
Hickman, K.: Secure Socket Library (SSL). http://home.netscape.com/security/techbriefs/ssl.html (1995)
Dierks, T., Allen, C.: The TLS protocol version 1.0. Request for Comments (Proposed Standard) 2246, Internet Engineering Task Force (1999)
Meadows, C.: Analysis of the Internet Key Exchange protocol using the NRL protocol analyzer. In: Proc. of the 1999 IEEE Symposium on Security and Privacy. (1999) 216–231
Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Proc. of DARPA Information Survivability Conference and Exposition (DISCEX 2000), IEEE Computer Society Press (2000) 237–250
Krawczyk, H.: SKEME: A Versatile Secure Key Exchange Mechanism for Internet. In: Proc. of Network and Distributed System Security Symposium (NDSS). (1996)
Aziz, A., Patterson, M.: Simple Key Management for Internet Protocols (SKIP. In: Proc. of the 1995 INET conference. (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aiello, W. et al. (2002). Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2001. Lecture Notes in Computer Science, vol 2467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45807-7_5
Download citation
DOI: https://doi.org/10.1007/3-540-45807-7_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44263-9
Online ISBN: 978-3-540-45807-4
eBook Packages: Springer Book Archive