Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols OR: Just Fast Keying (JFK) Angelos D. Keromytis Columbia University 2:00pm, Wednesday, April 2, Room 2311 Many public-key-based key setup and key agreement protocols already exist and have been implemented for a variety of applications and environments. Several have been proposed for the IPsec protocol, and one, IKE, is the current standard. IKE has a number of deficiencies, the three most important being that the number of rounds is high, that it is vulnerable to denial-of-service attacks, and the complexity of its specification. (This complexity has led to interoperability problems, so much so that, several years after its initial adoption by the IETF, there are still completely non-interoperating implementations.) While it may be possible to ``patch'' the protocol to fix some of these problems, we would prefer to replace IKE with something better. With that in mind, we set out to engineer a new key exchange protocol specifically for Internet security applications. With a view toward its possible role as a successor to IKE, we call our new protocol ``JFK,'' which stands for ``Just Fast Keying.'' We discuss the design of the protocol, with its interlocking features and mechanisms to mitigating the various threats. Joint work with Bill Aiello, Steve Bellovin, Matt Blaze, Ran Canetti, John Ioann idis, and Omer Reingold. Angelos D. Keromytis is an assistant professor in the Computer Science department, at Columbia University. He has been involved in the development of the IP Security standards since 1995 and has been the author and co-author of a number of implementations (his ISAKMP implementation is part of the NIST reference IPsec implementation). His past research focused on security for programmable infrastructures (active networks), trust management systems and applications, and scalable access control mechanisms. Currently, he is working on protecting end services from distributed denial of service through use of overlay services and trust management techniques for access control.