Abstract
Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al.(ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denial-of-service (DoS) attacks. Using Meadows’ cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in the Canetti-Krawczyk model under the Decisional Diffie-Hellman (DDH) assumption. We show that security of the JFK protocol, when re-using ephemeral Diffie-Hellman keys, appears to require the Gap Diffie-Hellman (GDH) assumption in the random oracle model. We propose a new variant of JFK that avoids the identified DoS vulnerability and provides perfect forward secrecy even under the DDH assumption, achieving the full security promised by the JFK protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Keromytis, A.D., Reingold, O.: Just Fast Keying: Key agreement in a hostile Internet. ACM Transactions on Information and System Security 7(2), 1–30 (2004)
Aura, T., Nikander, P.: Stateless Connections. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 87–97. Springer, Heidelberg (1997)
Aura, T., Nikander, P., Leiwo, J.: DOS-Resistant Authentication with Client Puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001)
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Boyko, V., Peinado, M., Venkatesan, R.: Speeding up Discrete Log and Factoring Based Schemes via Precomputations. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 221–235. Springer, Heidelberg (1998)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Canetti, R., Krawczyk, H.: Security Analysis of IKE’s Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)
Castelluccia, C., Mykletun, E., Tsudik, G.: Improving secure server performance by re-balancing SSL/TLS handshakes. In: Lin, F., Lee, D., Lin, B., Shieh, S., Jajodia, S. (eds.) ASIACCS 2006, pp. 26–34. ACM (2006)
Gong, L., Syverson, P.: Fail-Stop Protocols: An Approach to Designing Secure Protocols. In: Iyer, R.K., Morganti, M., Glogor, V., Fuchs, W.K. (eds.) Proc. Dependable Computing for Critical Applications, pp. 44–55. IEEE Computer Society (1998)
Harkins, D., Carrel, D., et al.: The Internet Key Exchange, IKE (1998), http://www.ietf.org/rfc/rfc2409
Juels, A., Brainard, J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: NDSS 1999, pp. 151–165. Internet Society (1999)
Kaufman, C.: Internet Key Exchange (IKEv2) protocol, RFC 4306 (December 2005)
Matsuura, K., Imai, H.: Modification of Internet Key Exchange resistant against Denial-of-Service. In: Pre-Proceeding of Internet Workshop (IWS) 2000, pp. 167–174 (February 2000)
Meadows, C.: A formal framework and evaluation method for network denial of service. In: CSFW 1999. IEEE (1999)
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.R.: Host Identity Protocol, RFC 5201 (April 2008)
Nguyen, P., Shparlinski, I., Stern, J.: Distribution of modular sums and the security of the server aided exponentiation. In: Proc. Workshop on Cryptography and Computational Number Theory (CCNT 1999), pp. 257–268. Birkhäuser (2001)
Nguyên, P.Q., Stern, J.: The Hardness of the Hidden Subset Sum Problem and Its Cryptographic Implications. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 31–46. Springer, Heidelberg (1999)
Okamoto, T., Tanaka, K., Uchiyama, S.: Quantum Public-Key Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 147–165. Springer, Heidelberg (2000)
Rangasamy, J., Stebila, D., Boyd, C., González Nieto, J.: An integrated approach to cryptographic mitigation of denial-of-service attacks. In: Sandhu, R., Wong, D.S. (eds.) ASIACCS 2011, pp. 114–123. ACM (2011)
Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical Report TR-684, MIT Laboratory for Computer Science (March 1996)
Smith, J., González Nieto, J., Boyd, C.: Modelling denial of service attacks on JFK with Meadows’s cost-based framework. In: Buyya, R., Ma, T., Safavi-Naini, R., Steketee, C., Susilo, W. (eds.) AISW-NetSec 2006. CRPIT, vol. 54, pp. 125–134. Australian Computer Society (2006)
Stebila, D., Ustaoglu, B.: Towards Denial-of-Service-Resilient Key Agreement Protocols. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 389–406. Springer, Heidelberg (2009)
Stebila, D., Kuppusamy, L., Rangasamy, J., Boyd, C., Gonzalez Nieto, J.: Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 284–301. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kuppusamy, L., Rangasamy, J., Stebila, D., Boyd, C., Gonzalez Nieto, J. (2011). Towards a Provably Secure DoS-Resilient Key Exchange Protocol with Perfect Forward Secrecy. In: Bernstein, D.J., Chatterjee, S. (eds) Progress in Cryptology – INDOCRYPT 2011. INDOCRYPT 2011. Lecture Notes in Computer Science, vol 7107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25578-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-25578-6_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25577-9
Online ISBN: 978-3-642-25578-6
eBook Packages: Computer ScienceComputer Science (R0)