WO2007123685A3 - System and method for protecting communication devices from denial of service attacks - Google Patents
System and method for protecting communication devices from denial of service attacks Download PDFInfo
- Publication number
- WO2007123685A3 WO2007123685A3 PCT/US2007/007916 US2007007916W WO2007123685A3 WO 2007123685 A3 WO2007123685 A3 WO 2007123685A3 US 2007007916 W US2007007916 W US 2007007916W WO 2007123685 A3 WO2007123685 A3 WO 2007123685A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- denial
- communication devices
- network
- network access
- access filter
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US78762506P | 2006-03-30 | 2006-03-30 | |
US60/787,625 | 2006-03-30 | ||
US79281706P | 2006-04-17 | 2006-04-17 | |
US60/792,817 | 2006-04-17 | ||
US79960606P | 2006-05-11 | 2006-05-11 | |
US60/799,606 | 2006-05-11 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007123685A2 WO2007123685A2 (en) | 2007-11-01 |
WO2007123685A3 true WO2007123685A3 (en) | 2008-10-09 |
Family
ID=38625466
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/007916 WO2007123685A2 (en) | 2006-03-30 | 2007-03-30 | System and method for protecting communication devices from denial of service attacks |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2007123685A2 (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7290281B1 (en) * | 2002-06-27 | 2007-10-30 | Cisco Technology, Inc. | Method and apparatus for cryptographically blocking network denial of service attacks based on payload size |
-
2007
- 2007-03-30 WO PCT/US2007/007916 patent/WO2007123685A2/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7290281B1 (en) * | 2002-06-27 | 2007-10-30 | Cisco Technology, Inc. | Method and apparatus for cryptographically blocking network denial of service attacks based on payload size |
Also Published As
Publication number | Publication date |
---|---|
WO2007123685A2 (en) | 2007-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102047262B (en) | Authentication for distributed secure content management system | |
DK2608486T3 (en) | Computer-implemented system and method for providing users with secure access to application servers | |
US20190114441A1 (en) | Systems and methods for front-end and back-end data security protocols | |
WO2018157247A1 (en) | System and method for securing communications with remote security devices | |
WO2007078332A3 (en) | Sim authentication for access to a computer/media network | |
WO2007062882A3 (en) | Method and apparatus for delivering keying information | |
CN103944890A (en) | Virtual interaction system and method based on client/server mode | |
WO2008076163A3 (en) | Techniques for managing security in next generation communication networks | |
ATE454000T1 (en) | AUTHENTICATION PROCEDURE | |
EP2016701A4 (en) | Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks | |
WO2008070330A3 (en) | Apparatus and methods for authenticating voice and data devices on the same port | |
CN101488951A (en) | Method, equipment and communication network for preventing from address resolution protocol attack | |
US20170289159A1 (en) | Security support for free wi-fi and sponsored connectivity for paid wi-fi | |
US20060265486A1 (en) | One-core, a solution to the malware problems of the internet | |
Kravets et al. | Mobile security solution for enterprise network | |
WO2009065154A3 (en) | Method of and apparatus for protecting private data entry within secure web sessions | |
CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
CN101068255A (en) | User identification method and device in safety shell protocol application | |
BRPI0416233A (en) | method and apparatus for wireless authentication | |
CN106465109A (en) | Cellular network authentication | |
Echeverria et al. | Authentication and authorization for IoT devices in disadvantaged environments | |
Rahimi et al. | Analysis of the security of VPN configurations in industrial control environments | |
Süß et al. | Cloud security and security challenges revisited | |
CN105430022B (en) | A kind of data input control method and terminal device | |
WO2007123685A3 (en) | System and method for protecting communication devices from denial of service attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07754435 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07754435 Country of ref document: EP Kind code of ref document: A2 |