Abstract
Denial of Service (DoS) attacks are a virulent type of attack on the availability of networks’ intended services and resources. Defense against DoS attacks has been built into the cryptography protocols intended for authentication and establishment of communications. However the cryptography protocols have their own vulnerability to DoS. Consequently it is desirable to provide a methodology to evaluate the cryptography protocols’ resistance to DoS attacks. In this paper, we propose an economical model for the risk evaluation of Denial of Service vulnerabilities in cryptographical protocols. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the Value at Risk (VaR) for the cryptography protocols. The Value at Risk does the very job answering the question that how much computing resources are expected to lose with a given level of confidence. The proposed model can help the common users to have a better knowledge of the protocols they are using, and in the meantime help designers to examine their designs and get clues to improve them. We validate the applicability and effectiveness of our risk evaluation model by applying it to analyze two related protocols.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communications 21(1), 44–54 (2003)
Meadows, C.: A formal framework and evaluation method for network denial of service. In: Proceedings of The 12th Computer Security Foundations Workshop, pp. 4–13 (1999)
Meadows, C.: A cost-based framework for analysis of denial of service networks. Journal of Computer Security 9(1), 143–164 (2001)
Holton, G.A.: Value-at-Risk Theory and Practice. Elsevier, Amsterdam (2003)
Bernstein, P.: Against the gods: The remarkable story of risk. John Wiley and Sons, Chichester (1996)
Basel-Committee: Consultative document: The new basel capital accord (2001), http://www.bis.org/publ/bcbsca03.pdf
Kleban, S., Clearwater, S.: Computation-at-risk: Assessing job portfolio management risk on clusters. In: Proceedings of the 18th International Parallel and Distributed Processing Symposium, pp. 254–260. IEEE Computer Society Press, Los Alamitos (2004)
Kleban, S., Clearwater, S.: Computation-at-risk: Employing the grid for computational risk management. In: Proceedings of the 18th IEEE International Conference on Cluster Computing, pp. 347–352. IEEE Computer Society Press, Los Alamitos (2004)
Lowe, G.: Casper: a compiler for the analysis of security protocols. In: Proceedings of 10th IEEE Computer Security Foundations Workshop, June 1997, pp. 18–30. IEEE Computer Society Press, Los Alamitos (1997)
Millen, J.K.: Capsl: Common authentication protocol specification language. Technical Report MP 97B48, The MITRE Corporation (1997), http://www.csl.sri.com/users/millen/capsl/
CCITT-Committee: Ccitt recommendation x.509: The directory authentication framework (1988), http://www.lsv.ens-cachan.fr/spore/ccittx509_3.html
Wei, J., et al.: A new countermeasure for protecting authentication protocols against denial of service attack. Acta Electronia Sinica 33(2), 288–293 (2005)
OpenSSL: The open source toolkit for ssl/tls, http://www.openssl.org
Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. John Wiley and Sons, Chichester (1996)
Hamdi, M., Boudriga, N.: Computer and network security risk management: Theory, challenges, and countermeasures. International Journal of Communication Systems 18(8), 763–793 (2005)
Mirkovic, J., et al.: Measuring denial of service. In: Proceedings of the 2006 Quality of Protection Workshop, ACM Press, New York (2006)
Mirkovic, J., Fahmy, S., Reiher, P.: Measuring impact of dos attacks. In: Proceedings of the DETER Community Workshop on Cyber Security Experimentation (June 2006)
Chen, Y., et al.: Quantifying network denial of service: A location service case study. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 340–351. Springer, Heidelberg (2001)
Smith, J., Gonzalez-Nieto, J.M., Boyd, C.: Modelling denial of service attacks on jfk with meadows’s cost-based framework. In: Proceedings of the Fourth Australasian Information Security Workshop, Australian Computer Society, Inc. (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Cao, Z., Guan, Z., Chen, Z., Hu, J., Tang, L. (2007). An Economical Model for the Risk Evaluation of DoS Vulnerabilities in Cryptography Protocols. In: Dawson, E., Wong, D.S. (eds) Information Security Practice and Experience. ISPEC 2007. Lecture Notes in Computer Science, vol 4464. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72163-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-72163-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72159-8
Online ISBN: 978-3-540-72163-5
eBook Packages: Computer ScienceComputer Science (R0)