Abstract
Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.
Similar content being viewed by others
References
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust-Management System, Version 2. IETF RFC 2704 (1999). www.ietf.org/rfc/rfc2704.txt
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Washington, DC (1996). www.crypto.com/papers/policymaker.pdf
Clarke D., Elien J.E., Ellison C., Fredette M., Morcos A., Rivest R.L.: Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. 9(4), 285–322 (2001)
DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 105–113. IEEE Computer Society Press, Washington, DC (2002)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory. IETF RFC 2693 (1999)
Gunter C.A., Jim T.: Policy-directed certificate retrieval. Softw. Pract. Exp. 30(15), 1609–1640 (2000)
Jim, T.: SD3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 106–115. IEEE Computer Society Press, Washington, DC (2001)
Li N., Grosof B.N., Feigenbaum J.: Delegation Logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Washington, DC (2002)
Li N., Winsborough W.H., Mitchell J.C.: Distributed credential chain discovery in trust management. J. Comput. Secur. 11(1), 35–86 (2003)
Rivest, R.L., Lampson, B.: SDSI—A Simple Distributed Security Infrastructure (1996). theory.lcs.mit.edu/~rivest/sdsi11.html
Dean, D., Stubblefield, A.: Using client puzzles to protect tls. In: Proceedings of the 10th USENIX Security Symposium. USENIX (2001)
Server’s benchmarks. www.sun.com/servers/coolthreads/t1000/benchmarks.jsp
Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, vol. I, pp. 88–102. IEEE Press, New York (2000)
Winslett M., Yu T., Seamons K.E., Hess A., Jacobson J., Jarvis R., Smith B., Yu L.: Negotiating trust on the web. IEEE Internet Comput. 6(6), 30–37 (2002)
Yu T., Winslett M., Seamons K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1–42 (2003)
Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.E.: Adaptive trust negotiation and access control. In: Proceedings of the tenth ACM symposium on Access control models and technologies (SACMT), pp. 139–146 (2005)
Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K.E., Smith, B.: Advanced client/server authentication in TLS. In: Network and Distributed System Security Symposium, pp. 203–214 (2002)
Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. USENIX Security (2003)
Meadows C.: A cost-based framework for analysis of denial of service networks. J. Comput. Secur. 9, 143–164 (2001)
Aura, T., Nikander, P., Leiwo, J.: Dos-resistant authentication with client puzzles. In: Proceedings of the Cambridge Security Protocols Workshop 2000. Lecture Notes in Computer Science, Springer, Heidelberg (2000)
Juels, A., Brainard, J.: Client puzzles: A cryptographic defense against connection depletion attacks. In: Proceedings of the 1999 Network and Distributed System Security Symposium (1999)
Wang, X., Reiter, M.: Defending against denial-of-service attacks with puzzle auction. In: IEEE Symposium on Security and Privacy (2003)
Wang, X., Reiter, M.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: Proceedings of the 11th ACM conference on Computer and Communication Security (2004)
Keromytis, A.D.: The KeyNote trust-management system
Crypto benchmarks. www.eskimo.com/~weidai/benchmarks.html
Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: Proceedings of the 5th International Working Conference on Dependable Computing for Critical Applications (1995)
Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 2–14. IEEE Computer Society Press, Washington, DC (2000). www.hrl.il.ibm.com/TrustEstablishment/paper.pdf
Dierks, T., Allen, C.: The TLS Protocol Version 1.0 (1999). www.ietf.org/rfc/rfc2246.txt
Fudenberg D., Tirole J.: Game Theory. MIT Press, Cambridge (1991)
Author information
Authors and Affiliations
Corresponding author
Additional information
A preliminary version of this paper was presented at the Second IEEE International Conference on Security and Privacy in Communication Networks, Baltimore, MD, USA, August 2006.
Rights and permissions
About this article
Cite this article
Li, J., Li, N., Wang, X. et al. Denial of service attacks and defenses in decentralized trust management. Int. J. Inf. Secur. 8, 89–101 (2009). https://doi.org/10.1007/s10207-008-0068-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-008-0068-8