Abstract
Recently, people are paying more attention to formalizing and analyzing Denial of Service (DoS) attacks, but the known analysis models are either not precise enough or not readily used in an automatic way. In this paper, we make some improvements to the cost-based framework proposed by Meadows that aims to formalize DoS attacks. After improvement, the framework models intruders and protocols faithfully in CoreASM, and in a more accurate way in specification. Besides, the analysis can be performed automatically. In the improvements, a more flexible tolerance relation is defined so that the analysis result is in a broad form rather than merely binary as in previous works. Also, concrete values are used for representing the operational costs so as to make cost functions more precise and flexible in analysis.
In this paper, the JFKi protocol is automatically analyzed as an indication of the advantages of the improvements. It explores the vulnerability that was previously found manually. The discussion on the JFKi protocol shows some difficulties in designing and analyzing DoS-resistent protocols.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Keromytis, A.D., Reingold, O.: Just fast keying: key agreement in a hostile network. ACM Transactions on Information and System Security 7(2), 242–273 (2004)
Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer (2003)
Chen, L., Morrissey, P., Smart, N.P., Warinschi, B.: Security Notions and Generic Constructions for Client Puzzles. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 505–523. Springer, Heidelberg (2009)
Clarke, E.M., Emerson, E.A.: Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic. In: Engeler, E. (ed.) Logic of Programs 1979. LNCS, vol. 125, pp. 52–71. Springer, Heidelberg (1981)
Dai, W.: Crypto++ 5.2.1 benchmarks. Technical report (2009), http://www.cryptopp.com/benchmarks.html
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Eddy, W.: TCP SYN Flooding Attacks and Common Mitigations. Request for Comments: 4987 (2007), http://tools.ietf.org/html/rfc4987
Farahbod, R.: CoreASM language user manual. Technical report (2006), http://www.coreasm.org
Gong, L., Syverson, P.: Fail-stop protocols: an approach to designing secure protocols. In: Iyer, R.K., Morganti, M., Fuchs, W.K., Gligor, V. (eds.) Dependable Computing for Critical Applications 5, pp. 79–99. IEEE Computer Society (1998)
Groza, B., Minea, M.: Formal modelling and automatic detection of resource exhaustion attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 326–333 (2011)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). Request for comments (proposed standard) 2409, Internet Engineering Task Force (1998)
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)
Meadows, C.: A cost-based framework for analysis of denial of service in networks. Journal of Computer Security 9(1/2), 143–164 (2001)
Meadows, C.: A formal framework and evaluation method for network denial of service. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 4–13. Computer Society Press (June 1999)
Needham, R.M.: Denial of Service. In: The 1st ACM Conference on Computer and Communications Security, Fairfax, VA, pp. 151–153 (1993)
Peng, J., Liu, F., Zhao, Z., Huang, D., Xue, R.: ASM-SPV: a model checker for security protocols. In: 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 458–461 (2010)
Ramachandran, V.: Analyzing DoS-resistance of protocols using a cost-based framework. Technical Report DCS/TR-1239, Yale University (2002)
Smith, J., González Nieto, J.M., Boyd, C.: Modelling denial of service attacks on JFK with Meadows’s cost-based framework. In: 4th Australasian Information Security Workshop, pp. 125–134 (2006)
Smith, J., Tritilanunt, S., Boyd, C., Nieto, J.M.G., Foo, E.: Denial-of-Service resistance in key establishment. In: Wireless and Mobile Computing, vol. 2, pp. 59–71 (2007)
Stebila, D., Ustaoglu, B.: Towards Denial-of-Service-Resilient Key Agreement Protocols. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 389–406. Springer, Heidelberg (2009)
Tritilanunt, S.: Protocol engineering for protection against Denial-of-Service attacks. PhD thesis, Information Security Institute Queensland University of Technology (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yue, Q., Liu, F., Xue, R. (2012). Some Improvements to the Cost-Based Framework for Analyzing Denial of Service Attacks. In: Chen, L., Yung, M., Zhu, L. (eds) Trusted Systems. INTRUST 2011. Lecture Notes in Computer Science, vol 7222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32298-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-32298-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32297-6
Online ISBN: 978-3-642-32298-3
eBook Packages: Computer ScienceComputer Science (R0)