[go: up one dir, main page]

WO2007123685A3 - System and method for protecting communication devices from denial of service attacks - Google Patents

System and method for protecting communication devices from denial of service attacks Download PDF

Info

Publication number
WO2007123685A3
WO2007123685A3 PCT/US2007/007916 US2007007916W WO2007123685A3 WO 2007123685 A3 WO2007123685 A3 WO 2007123685A3 US 2007007916 W US2007007916 W US 2007007916W WO 2007123685 A3 WO2007123685 A3 WO 2007123685A3
Authority
WO
WIPO (PCT)
Prior art keywords
denial
communication devices
network
network access
access filter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2007/007916
Other languages
French (fr)
Other versions
WO2007123685A2 (en
Inventor
Chwan-Hwa Wu
J David Irwin
Chung-Ching Huang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Auburn University
Original Assignee
Auburn University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Auburn University filed Critical Auburn University
Publication of WO2007123685A2 publication Critical patent/WO2007123685A2/en
Anticipated expiration legal-status Critical
Publication of WO2007123685A3 publication Critical patent/WO2007123685A3/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.
PCT/US2007/007916 2006-03-30 2007-03-30 System and method for protecting communication devices from denial of service attacks Ceased WO2007123685A2 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US78762506P 2006-03-30 2006-03-30
US60/787,625 2006-03-30
US79281706P 2006-04-17 2006-04-17
US60/792,817 2006-04-17
US79960606P 2006-05-11 2006-05-11
US60/799,606 2006-05-11

Publications (2)

Publication Number Publication Date
WO2007123685A2 WO2007123685A2 (en) 2007-11-01
WO2007123685A3 true WO2007123685A3 (en) 2008-10-09

Family

ID=38625466

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/007916 Ceased WO2007123685A2 (en) 2006-03-30 2007-03-30 System and method for protecting communication devices from denial of service attacks

Country Status (1)

Country Link
WO (1) WO2007123685A2 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290281B1 (en) * 2002-06-27 2007-10-30 Cisco Technology, Inc. Method and apparatus for cryptographically blocking network denial of service attacks based on payload size

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290281B1 (en) * 2002-06-27 2007-10-30 Cisco Technology, Inc. Method and apparatus for cryptographically blocking network denial of service attacks based on payload size

Also Published As

Publication number Publication date
WO2007123685A2 (en) 2007-11-01

Similar Documents

Publication Publication Date Title
DK2608486T3 (en) Computer-implemented system and method for providing users with secure access to application servers
US7739724B2 (en) Techniques for authenticated posture reporting and associated enforcement of network access
US20190114441A1 (en) Systems and methods for front-end and back-end data security protocols
WO2018157247A1 (en) System and method for securing communications with remote security devices
CN109937419A (en) The initial method for the equipment that security function is strengthened and the firmware update of equipment
WO2007062882A3 (en) Method and apparatus for delivering keying information
CN103944890A (en) Virtual interaction system and method based on client/server mode
EP2016701A4 (en) Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks
US20110107410A1 (en) Methods, systems, and computer program products for controlling server access using an authentication server
WO2007078332A3 (en) Sim authentication for access to a computer/media network
CN101488951A (en) Method, equipment and communication network for preventing from address resolution protocol attack
Kravets et al. Mobile security solution for enterprise network
US20170289159A1 (en) Security support for free wi-fi and sponsored connectivity for paid wi-fi
ATE454000T1 (en) AUTHENTICATION PROCEDURE
WO2009065154A3 (en) Method of and apparatus for protecting private data entry within secure web sessions
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
BRPI0416233A (en) method and apparatus for wireless authentication
CN101068255A (en) User identification method and device in safety shell protocol application
Echeverria et al. Authentication and authorization for IoT devices in disadvantaged environments
CN102333068B (en) SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method
CN109522689B (en) Multi-factor body-building authentication method in mobile office environment
US8667106B2 (en) Apparatus for blocking malware originating inside and outside an operating system
Rahimi et al. Analysis of the security of VPN configurations in industrial control environments
Sagarin et al. The path of least resistance
WO2007123685A3 (en) System and method for protecting communication devices from denial of service attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07754435

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07754435

Country of ref document: EP

Kind code of ref document: A2