Efficient, DoS Resistant, Secure Key Exchange for Internet Protocols

William Aiello, Steven M. Bellovin, Matt Blaze,Ran Canetti, John Ioannidis, Angelos D. Keromytis,Omer Reingold, ACM CCS 2002.

Summary of Contributions:

The authors present two protocols (JFKr and JFKi) for key setup and key agreement between two parties (called initiator and responder), intended for use in the IPSec architecture. Their protocols address three specific limitations of previous proposals, viz., efficiency (in terms of rounds), resistance to memory and CPU exhaustion DoS attacks, and simplicity of design. JFKi provides identity protection for an initiator against active attacks (malicious responder). JFKr provides identity protection for the responder against active adversaries (initiators). JFKr also protects both entities from passive eavesdroppers.

By keeping their protocols simple, the authors make many explicit performance vs. security tradeoffs. The protocols sacrifice perfect forward secrecy in favor of computational efficiency and allow users to reuse exponents in Diffie-Hellman key exchanges. They also avoid support for multiple authentication mechanisms such as shared secrets, tokens, cross-certification of PKIs, and do not support negotiations and instead rely on ukases. They also disallow rekeying in JFK.

Since their protocols are based on other protocols (JFKi is based on ISO 9798-3, and JFKr on SIGMA) that were already analyzed and proven secure, the authors can rely on this and focus on the specific properties they want to provide such as anti-DoS and identity protection. Both variants take two round-trips (or four messages), and provide the same level of DoS protection (using cookies) and replay attack protection (using session specific nonces). JFKr provides repudiability on key exchange and is vulnerable to man-in-the middle attacks, whereas JFKi authentication is non-repudiable since each party signs the other party's identity along with the nonce information.

Voting:

Strong reject: 0
Weak Reject: 0
Weak Accept: 8
Strong Accept: 7