WO2007123685A3 - System and method for protecting communication devices from denial of service attacks - Google Patents

System and method for protecting communication devices from denial of service attacks Download PDF

Info

Publication number
WO2007123685A3
WO2007123685A3 PCT/US2007/007916 US2007007916W WO2007123685A3 WO 2007123685 A3 WO2007123685 A3 WO 2007123685A3 US 2007007916 W US2007007916 W US 2007007916W WO 2007123685 A3 WO2007123685 A3 WO 2007123685A3
Authority
WO
WIPO (PCT)
Prior art keywords
denial
communication devices
network
network access
access filter
Prior art date
Application number
PCT/US2007/007916
Other languages
French (fr)
Other versions
WO2007123685A2 (en
Inventor
Chwan-Hwa Wu
J David Irwin
Chung-Ching Huang
Original Assignee
Univ Auburn
Chwan-Hwa Wu
J David Irwin
Chung-Ching Huang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Auburn, Chwan-Hwa Wu, J David Irwin, Chung-Ching Huang filed Critical Univ Auburn
Publication of WO2007123685A2 publication Critical patent/WO2007123685A2/en
Publication of WO2007123685A3 publication Critical patent/WO2007123685A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.
PCT/US2007/007916 2006-03-30 2007-03-30 System and method for protecting communication devices from denial of service attacks WO2007123685A2 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US78762506P 2006-03-30 2006-03-30
US60/787,625 2006-03-30
US79281706P 2006-04-17 2006-04-17
US60/792,817 2006-04-17
US79960606P 2006-05-11 2006-05-11
US60/799,606 2006-05-11

Publications (2)

Publication Number Publication Date
WO2007123685A2 WO2007123685A2 (en) 2007-11-01
WO2007123685A3 true WO2007123685A3 (en) 2008-10-09

Family

ID=38625466

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/007916 WO2007123685A2 (en) 2006-03-30 2007-03-30 System and method for protecting communication devices from denial of service attacks

Country Status (1)

Country Link
WO (1) WO2007123685A2 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290281B1 (en) * 2002-06-27 2007-10-30 Cisco Technology, Inc. Method and apparatus for cryptographically blocking network denial of service attacks based on payload size

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290281B1 (en) * 2002-06-27 2007-10-30 Cisco Technology, Inc. Method and apparatus for cryptographically blocking network denial of service attacks based on payload size

Also Published As

Publication number Publication date
WO2007123685A2 (en) 2007-11-01

Similar Documents

Publication Publication Date Title
CN102047262B (en) Authentication for distributed secure content management system
DK2608486T3 (en) Computer-implemented system and method for providing users with secure access to application servers
US20190114441A1 (en) Systems and methods for front-end and back-end data security protocols
WO2018157247A1 (en) System and method for securing communications with remote security devices
WO2007078332A3 (en) Sim authentication for access to a computer/media network
WO2007062882A3 (en) Method and apparatus for delivering keying information
CN103944890A (en) Virtual interaction system and method based on client/server mode
WO2008076163A3 (en) Techniques for managing security in next generation communication networks
ATE454000T1 (en) AUTHENTICATION PROCEDURE
EP2016701A4 (en) Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks
WO2008070330A3 (en) Apparatus and methods for authenticating voice and data devices on the same port
CN101488951A (en) Method, equipment and communication network for preventing from address resolution protocol attack
US20170289159A1 (en) Security support for free wi-fi and sponsored connectivity for paid wi-fi
US20060265486A1 (en) One-core, a solution to the malware problems of the internet
Kravets et al. Mobile security solution for enterprise network
WO2009065154A3 (en) Method of and apparatus for protecting private data entry within secure web sessions
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
CN101068255A (en) User identification method and device in safety shell protocol application
BRPI0416233A (en) method and apparatus for wireless authentication
CN106465109A (en) Cellular network authentication
Echeverria et al. Authentication and authorization for IoT devices in disadvantaged environments
Rahimi et al. Analysis of the security of VPN configurations in industrial control environments
Süß et al. Cloud security and security challenges revisited
CN105430022B (en) A kind of data input control method and terminal device
WO2007123685A3 (en) System and method for protecting communication devices from denial of service attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07754435

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07754435

Country of ref document: EP

Kind code of ref document: A2