双主体安全协议的DoS动态防御

A Dynamic Defense Against Denial of Service in Two-Party Security Protocols

1(School of Electronics Engineering and Computer Science, Peking University, Beijing 100871) 2(Communication, Navigation and Command Automation Institute of the Air Force Equipment Academy, Beijing 100085)

摘要: 拒绝服务(DoS)攻击是一种阻碍授权用户正常获得服务的主动攻击，大量安全协议存在着不同程度的DoS隐患.提出了一种会话标识和工作量证明相结合的DoS认证方法，对其进行了形式化的分析，给出了DoS认证的设计原则，可用于双主体安全协议的改进.改进后的安全协议可动态调整DoS防御的强度，且其安全性不低于原协议.
- 安全协议 /
- 拒绝服务(DoS) /
- 工作量证明 /
- 会话标识
Abstract: Denial of service (DoS) is a kind of active attack that aims to prevent authorized user to access services, DoS vulnerabilities with different degrees exist in various of security protocols. A new counter measure based on session identifier and proof of work is presented, and then it is analyzed in a formal way proposed by Meadows originally. In addition, some useful principles are provided in designing network DoS resistant protocols. By using this counter measure, two-party security protocols can be designed or modified against DoS attack in a dynamic way and its security properties will not be lost.
- security protocol /
- denial of service /
- proof of work /
- session identifier