Skip to main content
SpringerLink
Log in

Towards Risk Evaluation of Denial-of-Service Vulnerabilities in Security Protocols

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Denial-of-Service (DoS) attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the “Value-at-Risk” (VaR) for the security protocols. The “Value-at-Risk” represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Perrig A, Szewczyk R, Wen V et al. SPINS: Security protocols for sensor networks. In Proc. the Seventh Annual International Conference on Mobile Computing and Networks (MobiCOM 2001), Rome, Italy, July 16–21, 2001, pp.189–199.

  2. Meadows C. Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communications, 2003, 21(1): 44–54.

    Article  Google Scholar 

  3. Mirkovic J, Reiher P L, Fahmy S, Thomas R K, Hussain A, Schwab S, Ko C. Measuring denial of service. In Proc. the 2nd ACM Workshop on Quality of Protection, Alexandria, USA, October 30, 2006, pp.53–58.

  4. Meadows C. A formal framework and evaluation method for network denial of service. In Proc. the 12th IEEE Computer Security Foundations Workshop (CSFW 1999), Mordano, Italy, June 28–30, 1999, pp.4–13.

  5. Meadows C. A cost-based framework for analysis of denial of service networks. Journal of Computer Security, 2001, 9(1): 143–164.

    Google Scholar 

  6. Holton G A. Value-at-Risk Theory and Practice. Elsevier, 2003.

  7. Bernstein P. Against the Gods: The Remarkable Story of Risk. John Wiley and Sons Inc, 1996.

  8. Kleban S, Clearwater S. Computation-at-risk: Assessing job portfolio management risk on clusters. In Proc. the 18th International Parallel and Distributed Processing Symposium IPDPS 2004), Santa Fe, USA, April 26–30, 2004, pp.254–260.

  9. Kleban S, Clearwater S. Computation-at-risk: Employing the grid for computational risk management. In Proc. 2004 IEEE International Conference on Cluster Computing (CLUSTER 2004), San Diego, USA, September 20–23, 2004, pp.347–352.

  10. Paulauskas N, Garsva E. Attacker skill level distribution estimation in the system mean time-to-compromise. In Proc. the 1st IEEE International Conference on Information Technology (IT 2008), Gdansk, Poland, May 19–21, 2008, pp.1–4.

  11. Bajaj L, Takai M, Ahuja R, Tang K, Bagrodia R, Gerla M. Glomosim: A scalable network simulation environment. Technical Report 990027, Computer Science Department, Univ. California at Los Angeles, 1999, pp.1–12.

  12. Aura T, Nikander P, Leiwo J. Dos-resistant authentication with client puzzles. In Revised Papers, 8th International Workshop on Security Protocols, London, UK, 2001, pp.170–177.

  13. Wei J, Chen Z et al. A new countermeasure for protecting authentication protocols against denial of service attack. Acta Electronia Sinica, 2005, 33(2): 288–293.

    Google Scholar 

  14. Schneier B. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition. John Wiley and Sons Inc, 1996.

  15. Hamdi M, Boudriga N. Computer and network security risk management: Theory, challenges, and countermeasures. International Journal of Communication Systems, 2005, 18(8): 763–793.

    Article  Google Scholar 

  16. Yang X, Wetherall D, Anderson T E. A dos-limiting network architecture. In Proc. the ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Philadelphia, USA, August 22–26, 2005, pp.241–252.

  17. Mirkovic J, Hussain A, Fahmy S, Reiher P L, Thomas R K. Accurately measuring denial of service in simulation and testbed experiments. IEEE Trans. Dependable Sec. Comput., 2009, 6(2): 81–95.

    Article  Google Scholar 

  18. Chen Y, Bargteil A, Bindel D, Katz R H, Kubiatowicz J. Quantifying network denial of service: A location service case study. In Proc. the 3rd Int. Conf. Information and Communications Security, Xian, China, Nov. 13–16, 2001, pp.340–351.

  19. Liang Z, Shi W. Pet: A personalized trust model with reputation and risk evaluation for P2P resource sharing. In Proc. the 38th Hawaii International Conference on System Sciences (HICSS 2005) Big Island, USA, January 3–6, 2005, pp.1–10.

  20. Smith J, Nieto J M G, Boyd C. Modelling denial of service attacks on JFK with meadows's cost-based framework. In Proc. the Fourth Australasian Symposium on Grid Computing and e-Research (AusGrid 2006) and the Fourth Australasian Information Security Workshop (Network Security(AISW 2006), Hobart, Tasmania, Australia, January 2006, pp.125–134.

  21. Cao Z, Guan Z, Chen Z, Hu J, Tang L. An economical model for the risk evaluation of DoS vulnerabilities in cryptography protocols. In Proc. the Third International Conference on Information Security Practice and Experience (ISPEC 2007), Hong Kong, China, May 7–9, 2007, pp.129–144.

Download references

Author information

Authors and Affiliations

  1. China Mobile Research Institute, Beijing, 100053, China

    Zhen Cao

  2. School of Electronics Engineering and Computer Science, Peking University, Beijing, 100871, China

    Zhi Guan, Zhong Chen (Member, IEEE,), Jian-Bin Hu & Li-Yong Tang

  3. Key Laboratory of High Confidence Software Technologies, Ministry of Education, Beijing, 100871, China

    Zhi Guan, Zhong Chen (Member, IEEE,), Jian-Bin Hu & Li-Yong Tang

Authors
  1. Zhen Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhi Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhong Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jian-Bin Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Li-Yong Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhong Chen.

Additional information

This work is partially supported by the National Natural Science Foundation of China under Grant No. 60873239.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cao, Z., Guan, Z., Chen, Z. et al. Towards Risk Evaluation of Denial-of-Service Vulnerabilities in Security Protocols. J. Comput. Sci. Technol. 25, 375–387 (2010). https://doi.org/10.1007/s11390-010-9330-4

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-010-9330-4

Keywords

Search

Navigation