Towards a Provably Secure DoS-Resilient Key Exchange Protocol with Perfect Forward Secrecy

Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al. (ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denial-of-service (DoS) attacks. Using Meadows’ cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in the Canetti-Krawczyk model under the Decisional Diffie-Hellman (DDH) assumption. We show that security of the JFK protocol, when reusing ephemeral Diffie-Hellman keys, appears to require the Gap Diffie-Hellman (GDH) assumption in the random oracle model. We propose a new variant of JFK that avoids the identified DoS vulnerability and provides perfect forward secrecy even under the DDH assumption, achieving the full security promised by the JFK protocol.

[1]  Xu Mei Internet Key Exchange , 2003 .

[2]  Ramarathnam Venkatesan,et al.  Speeding up Discrete Log and Factoring Based Schemes via Precomputations , 1998, EUROCRYPT.

[3]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[4]  Ari Juels,et al.  $evwu Dfw , 1998 .

[5]  Pekka Nikander,et al.  Stateless connections , 1997, ICICS.

[6]  Jason Smith,et al.  Modelling denial of service attacks on JFK with Meadows's cost-based framework , 2006, ACSW.

[7]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[8]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[9]  Fayez Al-Shraideh,et al.  Host Identity Protocol , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[10]  Keisuke Tanaka,et al.  Quantum Public-Key Cryptosystems , 2000, CRYPTO.

[11]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[12]  Phong Q. Nguyen,et al.  Distribution of Modular Sums and the Security of the Server Aided Exponentiation , 2001 .

[13]  ProtocolsLi GongSRI InternationalComputer Fail-Stop Protocols : An Approach to Designing Secure , 1994 .

[14]  Jacques Stern,et al.  The Hardness of the Hidden Subset Sum Problem and Its Cryptographic Implications , 1999, CRYPTO.

[15]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[16]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[17]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[18]  Angelos D. Keromytis,et al.  Just fast keying: Key agreement in a hostile internet , 2004, TSEC.

[19]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[20]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[21]  Colin Boyd,et al.  Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols , 2011, CT-RSA.

[22]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[23]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[24]  Colin Boyd,et al.  An integrated approach to cryptographic mitigation of denial-of-service attacks , 2011, ASIACCS '11.

[25]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[26]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[27]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[28]  Gene Tsudik,et al.  Improving secure server performance by re-balancing SSL/TLS handshakes , 2006, ASIACCS '06.

[29]  Douglas Stebila,et al.  Towards Denial-of-Service-Resilient Key Agreement Protocols , 2009, ACISP.

[30]  Hugo Krawczyk,et al.  Security Analysis of IKE's Signature-Based Key-Exchange Protocol , 2002, CRYPTO.

[31]  Pekka Nikander,et al.  Host Identity Protocol , 2005 .

[32]  Aggelos Kiayias,et al.  Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings , 2011, CT-RSA.

[33]  Hideki Imai,et al.  Modification of Internet Key Exchange Resistant against Denial-of-Service , 2000 .

[34]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[35]  Giuseppe Ateniese Verifiable encryption of digital signatures and applications , 2004, TSEC.