Abstract
We describe a secure transformation of stateful connections or parts of them into stateless ones by attaching the state information to the messages. Secret-key cryptography is used for protection of integrity and confidentiality of the state data and the connections. The stateless protocols created in this way are more robust against denial of service resulting from high loads and resource exhausting attacks than their stateful counterparts. In particular, stateless authentication resists attacks that leave connections in a half-open state.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
Tuomas Aura and Pekka Nikander. Stateless connections. Technical Report A46, Helsinki University of Technology, Digital Systems laboratory, May 1997.
TCP SYN flooding and IP spoofing attack. CERT Advisory CA-96.21, CERT, November 1996.
UDP port denial-of-service attack. CERT Advisory CA-96.01, CERT, August 1996.
D. Harkins and D. Carrel. The resolution of ISAKMP with Oakley. Internet draft, IETF IPSEC Working Group, June 1996.
Recommendation x.509 (11/93) — the directory: Authentication framework. ITU, November 1993.
P. Janson, G. Tsudik, and M. Yung. Scalability and flexibility in authentication services: The Krypto-Knight approach. In IEEE INFOCOM'97, Tokyo, April 1997.
David M. Kristol and Lou Montulli. HTTP state management mechanism. Internet draft, IETF HTTP Working group, July 1996.
Louis Perrochon. Gateways in globalen Informations-systemen. PhD thesis, ETH Zürich, 1996. Diss. ETH Nr. 11708.
Brent Welch, Mary Baker, Fred Douglis, John Hartman, Mendel Rosenblum, and John Ousterhout. Sprite position statement: Use distributed state for failure recovery. In Proc. 2nd Workshop on Workstation Operating Systems WWOS-II, pages 130–133, September 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag
About this paper
Cite this paper
Aura, T., Nikander, P. (1997). Stateless connections. In: Han, Y., Okamoto, T., Qing, S. (eds) Information and Communications Security. ICICS 1997. Lecture Notes in Computer Science, vol 1334. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028465
Download citation
DOI: https://doi.org/10.1007/BFb0028465
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63696-0
Online ISBN: 978-3-540-69628-5
eBook Packages: Springer Book Archive