Denial of service resilience is an important practical consideration for key agreement protocols in any hostile environment such as the Internet. There are well-known models that consider the security of key agreement protocols, but denial of service resilience is not considered as part of these models. Many protocols have been argued to be denial-of-service-resilient, only to be subsequently broken or shown ineffective. In this work we propose a formal definition of denial of service resilience, a model for secure authenticated key agreement, and show how security and denial of service resilience can be considered in a common framework, with a particular focus on client puzzles. The model accommodates a variety of techniques for achieving denial of service resilience, and we describe one such technique by exhibiting a denial-of-service-resilient secure authenticated key agreement protocol. Our approach addresses the correct integration of denial of service countermeasures with the key agreement protocol to prevent hijacking attacks that would otherwise render the countermeasures irrelevant. 1

We develop a formal model of the Host Identity Protocol (HIP) based on Timed Coloured Petri Nets (Timed CPNs) and use a simulation approach provided in CPN Tools to achieve a formal analysis. We aim to examine unbalanced computation that leads to resource exhaustion attacks in key exchange protocols comparing among a legitimate initiator, four types of adversary who attempt to deny the service at different stages of the protocol execution, and a responder. By adopting the key idea of Meadows’ cost-based framework and refining the definition of operational costs during the protocol execution, our simulation provides an accurate cost estimate of protocol execution comparing between those principals. Under four defined attack strategies, however, Meadows’ cost-based framework generates a different outcome compared with the simulation approach from Timed CPNs. Analysis of our experimental results reveals a limitation of Meadows ’ cost-based framework for addressing DoS threats.

We develop a formal model of the Host Identity Protocol (HIP) based on Timed Coloured Petri Nets (Timed CPNs) and use a simulation approach provided in CPN Tools to achieve a formal analysis. We aim to examine unbalanced computation that leads to resource exhaustion attacks in key exchange protocols comparing among a legitimate initiator, four types of adversary who attempt to deny the service at different stages of the protocol execution, and a responder. By adopting the key idea of Meadows’ cost-based framework and refining the definition of operational costs during the protocol execution, our simulation provides an accurate cost estimate of protocol execution comparing between those principals. Under four defined attack strategies, however, Meadows’ cost-based framework generates a different outcome compared with the simulation approach from Timed CPNs. Analysis of our experimental results reveals a limitation of Meadows ’ cost-based framework for addressing DoS threats.

Many common protocols: TCP, IPSec, etc., are vulnerable to denial of service attacks, where adversaries maliciously consume significant resources of honest principals, leading to resource exhaustion. We propose a set of cost-based rules that formalize DoS attacks by resource exhaustion and can automate their detection. Our classification separates excessive but legal protocol use (e.g., flooding) from illegal protocol manipulation that causes participants to waste computation time without reaching the protocol goals. We also distinguish simple intruder intervention leading to wasteful execution from DoS attacks proper, which can be repeatedly initiated. Our rules can highlight attacks that are undetectable by the targeted honest agents, or by all protocol participants. We have successfully tested an implementation of the methodology in a validation platform on relevant protocol examples, in what to the best of our knowledge is the first formal automated analysis of DoS attacks.

Abstract. In [17, 18] we presented a pairing based DAA protocol in the asymmetric setting, along with a “security proof”. Jiangtao Li has pointed out to us an attack against this published protocol, thus our prior work should not be considered sound. In this paper we give a repaired version, along with a highly detailed security proof. A full paper will be made available shortly. However in the meantime we present this paper for the community to check and comment on. 1

and guessing attacks