Denial of service attacks and defenses in decentralized trust management

Jiangtao Li, Ninghui Li, Xiao Feng Wang, Ting Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

Original languageEnglish
Title of host publication2006 Securecomm and Workshops
DOIs
Publication statusPublished - 1 Dec 2006
Externally publishedYes
Event2006 Securecomm and Workshops - Baltimore, MD, United States
Duration: 28 Aug 20061 Sep 2006

Other

Other2006 Securecomm and Workshops
CountryUnited States
CityBaltimore, MD
Period28/8/061/9/06

Fingerprint

Servers
management
threat
Network protocols
Electronic document identification systems
game theory
Game theory
Denial-of-service attack
Access control
resources
Authentication
Gravitation
Bandwidth
language

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Communication

Cite this

Denial of service attacks and defenses in decentralized trust management. / Li, Jiangtao; Li, Ninghui; Wang, Xiao Feng; Yu, Ting.

2006 Securecomm and Workshops. 2006. 4198805.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Li, J, Li, N, Wang, XF & Yu, T 2006, Denial of service attacks and defenses in decentralized trust management. in 2006 Securecomm and Workshops., 4198805, 2006 Securecomm and Workshops, Baltimore, MD, United States, 28/8/06. https://doi.org/10.1109/SECCOMW.2006.359545
Li, Jiangtao ; Li, Ninghui ; Wang, Xiao Feng ; Yu, Ting. / Denial of service attacks and defenses in decentralized trust management. 2006 Securecomm and Workshops. 2006.
@inproceedings{497af7ba3dad498fb396aa712da383ad,
title = "Denial of service attacks and defenses in decentralized trust management",
abstract = "Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.",
author = "Jiangtao Li and Ninghui Li and Wang, {Xiao Feng} and Ting Yu",
year = "2006",
month = "12",
day = "1",
doi = "10.1109/SECCOMW.2006.359545",
language = "English",
isbn = "1424404231",
booktitle = "2006 Securecomm and Workshops",

}

TY - GEN

T1 - Denial of service attacks and defenses in decentralized trust management

AU - Li, Jiangtao

AU - Li, Ninghui

AU - Wang, Xiao Feng

AU - Yu, Ting

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

AB - Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

UR - http://www.scopus.com/inward/record.url?scp=50049121996&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50049121996&partnerID=8YFLogxK

U2 - 10.1109/SECCOMW.2006.359545

DO - 10.1109/SECCOMW.2006.359545

M3 - Conference contribution

SN - 1424404231

SN - 9781424404230

BT - 2006 Securecomm and Workshops

ER -