DR3DH: A DoS resistant extended triple Diffie–Hellman for mobile edge networks

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-04-24 DOI:10.1016/j.comnet.2025.111309

Ala Altaweel, Ahmed Bouridane

{"title":"DR3DH: A DoS resistant extended triple Diffie–Hellman for mobile edge networks","authors":"Ala Altaweel, Ahmed Bouridane","doi":"10.1016/j.comnet.2025.111309","DOIUrl":null,"url":null,"abstract":"<div><div>Mobile Edge Networks (MENs) are wireless networks that establish “close-to-end-users-clouds” to provide storage, computation, and communication services. MENs employ the Extended Triple Diffie–Hellman (X3DH) protocol to establish secret keys that provide end-to-end encryption among their nodes. X3DH relies on a cloud server that stores the public keys of the nodes to address the asynchronous scenarios when they operate offline. The cloud server in X3DH protocol represents a single point of failure (SPoF), as the exchange of secure keys is disrupted if the server fails or is compromised. Moreover, a malicious attacker, Eve, can launch various DoS attacks against the MEN nodes (e.g., packet dropping or packet modification) and wireless links (e.g., jamming) to disrupt the execution of X3DH during secure key exchange.</div><div>This paper proposes the DoS-Resistant-X3DH (DR3DH) protocol to resolve the SPoF of the cloud server in X3DH and to address packet dropping, packet modification, and jamming DoS attacks. DR3DH employs Reed–Solomon Erasure Coding to encode the X3DH public keys into fragments that are distributed into a set of storage nodes. These storage nodes, which are determined by an Integer Linear Programming (ILP) solver, are optimum. That is, they have lowest probabilities to launch packet dropping/modification attacks and lowest probabilities that the wireless links toward them are jammed. The authors evaluated DR3DH through trace-driven simulations in MATLAB using two mobility traces and a proof-of-concept implementation in Java. The authors also compared DR3DH with two approaches that employ Random and Greedy policies when selecting the storage nodes for keys fragments. The results demonstrate the resistance of DR3DH to DoS attacks, achieving a high success rate that outperforms the Random and Greedy approaches by between 13.6% and 83.0%. Additionally, the results confirm the feasibility of DR3DH under different mobility models and node speeds, as demonstrated by an evaluation in terms of (a) communication overhead (expected transmission count <span><math><mo>≤</mo></math></span>2.0 when 30% of nodes/links are compromised or jammed), (b) storage overhead (key fragments size <span><math><mo>≤</mo></math></span>1 KB), (c) ILP execution time (<span><math><mo>≤</mo></math></span>26 ms), and (d) total encoding and decoding time (<span><math><mo>≤</mo></math></span>9 ms).</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111309"},"PeriodicalIF":4.4000,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625002774","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Mobile Edge Networks (MENs) are wireless networks that establish “close-to-end-users-clouds” to provide storage, computation, and communication services. MENs employ the Extended Triple Diffie–Hellman (X3DH) protocol to establish secret keys that provide end-to-end encryption among their nodes. X3DH relies on a cloud server that stores the public keys of the nodes to address the asynchronous scenarios when they operate offline. The cloud server in X3DH protocol represents a single point of failure (SPoF), as the exchange of secure keys is disrupted if the server fails or is compromised. Moreover, a malicious attacker, Eve, can launch various DoS attacks against the MEN nodes (e.g., packet dropping or packet modification) and wireless links (e.g., jamming) to disrupt the execution of X3DH during secure key exchange.

This paper proposes the DoS-Resistant-X3DH (DR3DH) protocol to resolve the SPoF of the cloud server in X3DH and to address packet dropping, packet modification, and jamming DoS attacks. DR3DH employs Reed–Solomon Erasure Coding to encode the X3DH public keys into fragments that are distributed into a set of storage nodes. These storage nodes, which are determined by an Integer Linear Programming (ILP) solver, are optimum. That is, they have lowest probabilities to launch packet dropping/modification attacks and lowest probabilities that the wireless links toward them are jammed. The authors evaluated DR3DH through trace-driven simulations in MATLAB using two mobility traces and a proof-of-concept implementation in Java. The authors also compared DR3DH with two approaches that employ Random and Greedy policies when selecting the storage nodes for keys fragments. The results demonstrate the resistance of DR3DH to DoS attacks, achieving a high success rate that outperforms the Random and Greedy approaches by between 13.6% and 83.0%. Additionally, the results confirm the feasibility of DR3DH under different mobility models and node speeds, as demonstrated by an evaluation in terms of (a) communication overhead (expected transmission count

\leq

2.0 when 30% of nodes/links are compromised or jammed), (b) storage overhead (key fragments size

\leq

1 KB), (c) ILP execution time (

\leq

26 ms), and (d) total encoding and decoding time (

\leq

9 ms).

查看原文本刊更多论文

DR3DH：用于移动边缘网络的抗DoS扩展三重Diffie-Hellman

移动边缘网络（MENs）是建立“接近终端用户云”的无线网络，提供存储、计算和通信服务。men采用扩展三重Diffie-Hellman （X3DH）协议来建立密钥，在其节点之间提供端到端加密。X3DH依赖于存储节点公钥的云服务器来处理脱机操作时的异步场景。X3DH协议中的云服务器表示单点故障（SPoF），因为如果服务器出现故障或受到威胁，安全密钥的交换就会中断。此外，恶意攻击者Eve可以对MEN节点（例如丢包或修改包）和无线链路（例如干扰）发起各种DoS攻击，以在安全密钥交换期间中断X3DH的执行。为了解决X3DH环境下云服务器的SPoF问题，解决丢包、修改包、干扰DoS攻击等问题，提出了DR3DH协议。DR3DH采用Reed-Solomon Erasure Coding将X3DH公钥编码为片段，片段分布在一组存储节点中。这些存储节点由整数线性规划（ILP）求解器确定，是最优的。也就是说，它们发射丢包/修改攻击的概率最低，通往它们的无线链路被阻塞的概率也最低。作者通过在MATLAB中使用两个移动跟踪和Java中的概念验证实现的跟踪驱动仿真来评估DR3DH。在为密钥片段选择存储节点时，作者还将DR3DH与采用Random和Greedy策略的两种方法进行了比较。结果证明了DR3DH对DoS攻击的抵抗力，实现了高成功率，比Random和Greedy方法高出13.6%至83.0%。此外，结果证实了DR3DH在不同移动模型和节点速度下的可行性，通过以下方面的评估证明了这一点：(a)通信开销（当30%的节点/链路受到损害或阻塞时，预期传输计数≤2.0），(b)存储开销（密钥片段大小≤1 KB）， (c) ILP执行时间（≤26 ms）和(d)总编码和解码时间（≤9 ms）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.