~~NOTOC~~

====== Denial of service in public key protocols ======

Denial of service (DoS) means the prevention of authorized access to resources or delaying of time-critical operations". During the last couple of years, network denial of service attacks—which deny or degrade access to some network service—have become a problem on the Internet. The most publicized attacks have been against well-known web
sites such as Yahoo and Amazon. Pasi Eronen in his [[http://www.tml.tkk.fi/Opinnot/Tik-110.501/2000/papers/eronen.pdf|paper]] published by in 2000, presents a survey of the literature on this topic and provides his recommendations for mitigating denial of service treats on public key authentication protocols.


===== Resource consumption attacks =====

Pasi Eronon focuses on resource consumption attacks. Resource consumption attacks work by consuming some scarce, limited or non-renewable resources. Most of the widespread network DoS attacks have been of this type: for example, the TCP SYN flooding attacks and the distributed DoS attack on Yahoo, Amazon, and other popular web sites. The details of both of these attacks are discussed below.
Resource consumption attacks have become common because they are quite easy to mount, difficult to defend against, and hard to trace to their source. Furthermore, there are many types of resources which could be consumed. The paper describes the most common
resources used for denial of service attacks, which are : Memory, network bandwidth, computational resources, other (RAM, Disk, etc...)


===== Countermeasures against denial of service attacks =====

The paper focuses only on countermeasures relevant in designing and implementing communications protocols. Thus administrative countermeasures are beyond the scope of this paper.

Countermeasures against DoS attacks can be either preventive or reactive. Preventive countermeasures can help in this by making attacks easier to detect, or trace, and also by making
the system more resistant to attacks. 

The paper discusses possible countermeasures including detecting attacks, tracing attacks, using cookies to prevent spoofing, re-ordering computations and pricing.






===== Reference =====

**{{technotes:eronen.pdf|Denial of service in public key protocols (Pasi Eronen)}}**

{{tag>security reference}}


~~DISCUSSION~~