[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Resistance to swamping attacks via Kim Tom's idea
> From ipsec-request@neptune.hq.tis.com Mon Sep 23 05:57:48 1996
> From: Ron Rivest <rivest@theory.lcs.mit.edu>
> Date: Fri, 20 Sep 96 17:39:12 EDT
> To: ipsec@tis.com
> Subject: Resistance to swamping attacks via Kim Tom's idea
>
>
> Kim Toms (below) suggested a cryptographic function that is easier to
> verify than to compute. The sender of a packet P would have to compute
> a quantity f(P), such that the receiver would be able (VERY EASILY) check
> that this computation was proper. Here is a simple idea:
>
> Let k be a small integer (e.g. k=10)
> Let P be the packet data
> The sender of a packet must also send along a tag T such that:
> the low-order k bits of MD5(P || T) are all zero
> (Here || denotes concatenation.)
>
> MD5 acts like a "random" function, and the sender would have to check
> approximately 2^k values of T before finding one that works.
>
> The receiver has only one MD5 computation to perform, and so he is able
> to check packets 2^k times more efficiently than an attacker can generate
> them.
...than the attacker can generate *valid* packets.
The attacker can easily generate invalid packets, and the cost is
the same for the receiver.
In fact, a good spoof would be to send packets with arbitrary
values for the MD5 checksum. The cost to the sender is small
and fixed, and the cost to the receiver is a full check of the
data of each packet.
Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/
USC / Research Assistant Prof. http://www.isi.edu/lsam/