Denial of service attacks and defenses in decentralized trust management

Jiangtao Li, Ninghui Li, XiaoFeng F. Wang, Ting Yu

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

Original languageEnglish
Pages (from-to)89-101
Number of pages13
JournalInternational Journal of Information Security
Volume8
Issue number2
DOIs
Publication statusPublished - 1 Jan 2009
Externally publishedYes

Fingerprint

Servers
Network protocols
Electronic document identification systems
Game theory
Denial-of-service attack
Access control
Authentication
Gravitation
Bandwidth

Keywords

  • Access control
  • Denial of service
  • Game theory
  • Trust management
  • Trust negotiation

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Denial of service attacks and defenses in decentralized trust management. / Li, Jiangtao; Li, Ninghui; Wang, XiaoFeng F.; Yu, Ting.

In: International Journal of Information Security, Vol. 8, No. 2, 01.01.2009, p. 89-101.

Research output: Contribution to journalArticle

Li, Jiangtao ; Li, Ninghui ; Wang, XiaoFeng F. ; Yu, Ting. / Denial of service attacks and defenses in decentralized trust management. In: International Journal of Information Security. 2009 ; Vol. 8, No. 2. pp. 89-101.
@article{7a7efbc8dc634cfbb2c624a379278d60,
title = "Denial of service attacks and defenses in decentralized trust management",
abstract = "Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.",
keywords = "Access control, Denial of service, Game theory, Trust management, Trust negotiation",
author = "Jiangtao Li and Ninghui Li and Wang, {XiaoFeng F.} and Ting Yu",
year = "2009",
month = "1",
day = "1",
doi = "10.1007/s10207-008-0068-8",
language = "English",
volume = "8",
pages = "89--101",
journal = "International Journal of Information Security",
issn = "1615-5262",
publisher = "Springer Verlag",
number = "2",

}

TY - JOUR

T1 - Denial of service attacks and defenses in decentralized trust management

AU - Li, Jiangtao

AU - Li, Ninghui

AU - Wang, XiaoFeng F.

AU - Yu, Ting

PY - 2009/1/1

Y1 - 2009/1/1

N2 - Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

AB - Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

KW - Access control

KW - Denial of service

KW - Game theory

KW - Trust management

KW - Trust negotiation

UR - http://www.scopus.com/inward/record.url?scp=60849112554&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=60849112554&partnerID=8YFLogxK

U2 - 10.1007/s10207-008-0068-8

DO - 10.1007/s10207-008-0068-8

M3 - Article

VL - 8

SP - 89

EP - 101

JO - International Journal of Information Security

JF - International Journal of Information Security

SN - 1615-5262

IS - 2

ER -