Research Article
Denial of Service Attacks and Defenses in Decentralized Trust Management
@INPROCEEDINGS{10.1109/SECCOMW.2006.359545, author={Jiangtao Li and Ninghui Li and XiaoFeng Wang and Ting Yu}, title={Denial of Service Attacks and Defenses in Decentralized Trust Management}, proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2007}, month={5}, keywords={}, doi={10.1109/SECCOMW.2006.359545} }- Jiangtao Li
Ninghui Li
XiaoFeng Wang
Ting Yu
Year: 2007
Denial of Service Attacks and Defenses in Decentralized Trust Management
SECURECOMM
IEEE
DOI: 10.1109/SECCOMW.2006.359545
Abstract
Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth denial-of-service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers