Modified Aggressive Mode of Internet Key Exchange Resistant against Denial-of-Service Attacks

Hideki IMAI

IEICE TRANSACTIONS on Information and Systems   Vol.E83-D    No.5    pp.972-979
Publication Date: 2000/05/25
Online ISSN: 
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Issue on Next Generation Internet Technologies and Their Applications)
Internet,  security,  IKE,  Denial-of-Service,  Cookie,  

Full Text: PDF(409.8KB)>>
Buy this Article

Internet Key Exchange (IKE) is very important as an entrance to secure communication over the Internet. The first phase of IKE is based on Diffie-Hellman (DH) key-agreement protocol. Since DH protocol on its own is vulnerable to man-in-the-middle (MIM) attack, IKE provides authentication to protect the protocol from MIM. This authentication owes a lot to public-key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-of-Service (DoS) attacks; computational burden caused by malicious requests may exhaust the CPU resource of the target. DoS attackers can also abuse inappropriate use of Cookies in IKE; as an anti-clogging token, Cookie must eliminate the responder's state during initial exchanges of the protocol while IKE Cookies do not. Thus a large number of malicious requests may exhaust the memory resource of the target. In search of resistance against those DoS attacks, this paper first reviews DoS-resistance of the current version of IKE and basic ideas on DoS-protection. The paper then proposes a DoS-resistant version of three-pass IKE Phase 1 where attackers are discouraged by heavy stateful computation they must do before the attack really burdens the target. DoS-resistance is evaluated in terms of the computational cost and the memory cost caused by bogus requests. The result shows that the proposed version gives the largest ratio of the attacker's cost to the responder's cost.

open access publishing via