Skip to main content
SpringerLink
Log in

Denial of service attacks and defenses in decentralized trust management

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust-Management System, Version 2. IETF RFC 2704 (1999). www.ietf.org/rfc/rfc2704.txt

  2. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Washington, DC (1996). www.crypto.com/papers/policymaker.pdf

  3. Clarke D., Elien J.E., Ellison C., Fredette M., Morcos A., Rivest R.L.: Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. 9(4), 285–322 (2001)

    Google Scholar 

  4. DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 105–113. IEEE Computer Society Press, Washington, DC (2002)

  5. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory. IETF RFC 2693 (1999)

  6. Gunter C.A., Jim T.: Policy-directed certificate retrieval. Softw. Pract. Exp. 30(15), 1609–1640 (2000)

    Article  MATH  Google Scholar 

  7. Jim, T.: SD3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 106–115. IEEE Computer Society Press, Washington, DC (2001)

  8. Li N., Grosof B.N., Feigenbaum J.: Delegation Logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)

    Article  Google Scholar 

  9. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Washington, DC (2002)

  10. Li N., Winsborough W.H., Mitchell J.C.: Distributed credential chain discovery in trust management. J. Comput. Secur. 11(1), 35–86 (2003)

    Google Scholar 

  11. Rivest, R.L., Lampson, B.: SDSI—A Simple Distributed Security Infrastructure (1996). theory.lcs.mit.edu/~rivest/sdsi11.html

  12. Dean, D., Stubblefield, A.: Using client puzzles to protect tls. In: Proceedings of the 10th USENIX Security Symposium. USENIX (2001)

  13. Server’s benchmarks. www.sun.com/servers/coolthreads/t1000/benchmarks.jsp

  14. Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, vol. I, pp. 88–102. IEEE Press, New York (2000)

  15. Winslett M., Yu T., Seamons K.E., Hess A., Jacobson J., Jarvis R., Smith B., Yu L.: Negotiating trust on the web. IEEE Internet Comput. 6(6), 30–37 (2002)

    Article  Google Scholar 

  16. Yu T., Winslett M., Seamons K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1–42 (2003)

    Article  MATH  Google Scholar 

  17. Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.E.: Adaptive trust negotiation and access control. In: Proceedings of the tenth ACM symposium on Access control models and technologies (SACMT), pp. 139–146 (2005)

  18. Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K.E., Smith, B.: Advanced client/server authentication in TLS. In: Network and Distributed System Security Symposium, pp. 203–214 (2002)

  19. Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. USENIX Security (2003)

  20. Meadows C.: A cost-based framework for analysis of denial of service networks. J. Comput. Secur. 9, 143–164 (2001)

    Google Scholar 

  21. Aura, T., Nikander, P., Leiwo, J.: Dos-resistant authentication with client puzzles. In: Proceedings of the Cambridge Security Protocols Workshop 2000. Lecture Notes in Computer Science, Springer, Heidelberg (2000)

  22. Juels, A., Brainard, J.: Client puzzles: A cryptographic defense against connection depletion attacks. In: Proceedings of the 1999 Network and Distributed System Security Symposium (1999)

  23. Wang, X., Reiter, M.: Defending against denial-of-service attacks with puzzle auction. In: IEEE Symposium on Security and Privacy (2003)

  24. Wang, X., Reiter, M.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: Proceedings of the 11th ACM conference on Computer and Communication Security (2004)

  25. Keromytis, A.D.: The KeyNote trust-management system

  26. Crypto benchmarks. www.eskimo.com/~weidai/benchmarks.html

  27. Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: Proceedings of the 5th International Working Conference on Dependable Computing for Critical Applications (1995)

  28. Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 2–14. IEEE Computer Society Press, Washington, DC (2000). www.hrl.il.ibm.com/TrustEstablishment/paper.pdf

  29. Dierks, T., Allen, C.: The TLS Protocol Version 1.0 (1999). www.ietf.org/rfc/rfc2246.txt

  30. Fudenberg D., Tirole J.: Game Theory. MIT Press, Cambridge (1991)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Intel Corporation, Santa Clara, CA, USA

    Jiangtao Li

  2. Department of Computer Science, Purdue University, West Lafayette, IN, USA

    Ninghui Li

  3. School of Informatics, Indiana University, Bloomington, IN, USA

    XiaoFeng Wang

  4. Department of Computer Science, North Carolina State University, Raleigh, NC, USA

    Ting Yu

Authors
  1. Jiangtao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ninghui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. XiaoFeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ting Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiangtao Li.

Additional information

A preliminary version of this paper was presented at the Second IEEE International Conference on Security and Privacy in Communication Networks, Baltimore, MD, USA, August 2006.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, J., Li, N., Wang, X. et al. Denial of service attacks and defenses in decentralized trust management. Int. J. Inf. Secur. 8, 89–101 (2009). https://doi.org/10.1007/s10207-008-0068-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-008-0068-8

Keywords

Search

Navigation