Abstract
Denial-of-service (DoS) attack is one of the most malicious Internet-based attacks. Introduction of cryptographic authentication protocols into Internet environment does not help alleviate the impact of denial-of-service attacks, but rather increases the vulnerability to the attack because of the heavy computation associated with cryptographic operation. Nevertheless, many Internet security protocols including SSL/TLS protocol do not consider this aspect. We consider this overlooked issue in authentication protocol design, and propose an effective countermeasure applicable to authentication protocols like SSL/TLS protocol which adopt public-key based encryption to authenticate the server to the client.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
T. Aura, P. Nikander, J. Leiwo, “DOS-resistant authentication with client puzzles”, Proc. Security Protocols Workshop 2000, Lecture Notes in Computer Science, Cambridge, UK, April 2000, Springer-Verlag 2001.
T. Aura and P. Nikander, “Stateless connections”, International Conference on Information and Communications Security ICICS’97, Lecture Notes in Computer Science 1334, Springer-Verlag, 1997, pp. 87–97.
TR-INS-001313, Generic Criteria for Version 0.1 Wireless Access Communications Systems (WACS), Bellcore, Revision 1, June 1994.
CERT, “Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks”, (Available from http://www.cert.org/advisories/index.html)
C. Dwork and M. Naor, “Pricing via processing or combatting junk mail”, In Advances in Cryptology-Proc. CRYPTO’ 98, volume 740 of LNCS, pages 139–147, Santa Barbara, CA USA, August 1992. Springer-Verlag.
Stephen Frede, “Attack Scenarios”, Security Systems & Technologies, September 1999,pp.4–11.
JTC, Text Modification to JTC(AIR)/94.02.07-119R6, September 15, 1994.
A. Juels and J. Brainard, “Client puzzles: A cryptographic counter-measure against connection depletion attacks”, Proc. 1999 Network and Distributed System Security Symposium (NDSS), Internet Society, March 1999, pp. 151–165.
P. Janson, G. Tsudik, and M. Yung, “Scalability and flexibility in authentication services: The KryptoKnight approach”, IEEE INFOCOM’97, Tokyo, April 1997.
P. Karn and W. A. Simpson. Photuris: Session-key management protocol. RFC 2522, IETF Network Working Group, March 1999.
H. Krawczyk, “SKEME: A Versatile Secure Key Exchange Mechanism for Internet”, Proc. of the Internet Society Symposium on Network and Distributed System Security, February 1996.
S. St.Laurent, cookies, McGraw-Hill, 1998.
J. Leiwo, P. Nikander, T. Aura, “Towards network denial of service resistant protocols”, Proc. Sixteenth Annual Working Conference on Information Security (SEC2000), IFTP Series, Vol. 175, Beijing, China, August 2000, Kluwer Academic Publishers.
H. Orman. The oakley key determination protocol. RFC2412. The Internet Society, November 1998.
L. C. Paulson, “Inductive Analysis of the Internet Protocol TLS”, ACM Transactions on Computer and System Security 2 3, 1999, pp. 332–351.
T. Dierks and C. Allen, The TLS Protocol, [RFC 22246], January 1999.
V. M.-Schonberger, “The Internet and Privacy Legislation: cookies for a Treat?”. Available from http://www.wvjot.wvu.edu/wvjolt/current/issue1/article
C. L. Schuba et al., “Analysis of a denial of service attack on TCP”, Proc. 1997 IEEE Symposium on Security and Privacy, May 1997, IEEE Computer Society Press. pp. 208–223.
D. Wagner and B. Schneier, “Analysis of the SSL 3.0 Protocol”, The Second USENTX Workshop on Electronic Commerce Proceedings, USENTX Press, November 1996, pp. 29–40.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, D., Kim, J., Boyd, C., Dawson, E. (2001). Cryptographic Salt: A Countermeasure against Denial-of-Service Attacks. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_27
Download citation
DOI: https://doi.org/10.1007/3-540-47719-5_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42300-3
Online ISBN: 978-3-540-47719-8
eBook Packages: Springer Book Archive