Resolution of ISAKMP/Oakley key-agreement protocol resistant against denial-of-service attack

Key-agreement protocols will play an important role as an entrance to secure communication over the Internet. Specifically, ISAKMP (Internet Security Association and Key Management Protocol)/Oakley key-agreement is currently a leading approach for communication between two parties. The basic idea of ISAKMP/Oakley is an authenticated Diffie-Hellman (DH) key-agreement protocol. This authentication owes a lot to public key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-of-Service (DoS) attacks. In search of resistance against DoS attacks, the paper first describes a basic idea on the protection mechanism for authenticated DH key-agreement protocols against DoS attacks. The paper then proposes a DoS-resistant version of three-pass ISAKMP/Oakley´s Phase 1 where DoS attacks impose expensive computation on the attackers themselves. The DoS resistance is evaluated in terms of: (1) the computational cost caused by bogus requests and (2) a server-blocking probability