Title
Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)
Abstract
SSL (Secure Sockets Layer) protocol and IPSec (Internet Protocol Security) are widely used for identity authentication and communication protection. However, both protocols suffer from intrusion and single-point of compromising as well as DDoS (distributed denial of service) attacks. An innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System is proposed to achieve the following goals: (1) An intrusion-resilient authentication protocol will be able to protect credential information by distributing shared secret to multiple computers and thus eliminates the single point of compromising. (2) This protocol can readily detect the use of partial credential as a user/computer and indicate which part of secret is exposed; consequently, the compromised computer can be recovered. (3) Even when an insider compromised all related servers, the credential is only valid for a short period of time and will be self healed in next period. (4) A DDoS resistant protocol must be stateless and efficient as well as stop botnet attacks and "low and slow" attacks. (5) This authentication protocol only takes a single round trip time, which is faster than any other authentication protocols and is important to the performance of critical applications in a multi-continent network. It is difficult to prove the capabilities of IDAS by actually implementing a full scale botnet due to financial constraint. Instead, simulation results are reported in this paper to show that this IDAS protocol can resist DDoS attacks even when thousands of attackers, which is about the same size as the current botnet, are bombarding it. A user will not even sense the extra delay due to the DDoS attacks; thus, the collateral damage is eliminated.
Year
Venue
Keywords
2008
SpringSim
authentication protocol,botnet attack,current botnet,ddos-resistant authentication system,ddos attack,intrusion-resilient authentication protocol,identity authentication,ddos resistant protocol,full scale botnet,idas protocol,credential information,discrete event simulation,computer network,secure socket layer,authentication,computer network defense,intrusion,ddos,round trip time,network security,distributed denial of service,internet protocol
Field
DocType
ISBN
Wide Mouth Frog protocol,IPsec,Challenge-Handshake Authentication Protocol,Computer science,Computer security,Botnet,Otway–Rees protocol,Computer network,SSLIOP,Authentication protocol,Application layer DDoS attack
Conference
1-56555-319-5
Citations 
PageRank 
References 
0
0.34
19
Authors
2
Name
Order
Citations
PageRank
Chwan-Hwa John Wu1646.90
Tong Liu24712.77