Denial of service attacks and defenses in decentralized trust management

Jiangtao Li*, Ninghui Li, Xiao Feng Wang, Ting Yu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

Original languageEnglish
Title of host publication2006 Securecomm and Workshops
DOIs
Publication statusPublished - 2006
Externally publishedYes
Event2006 Securecomm and Workshops - Baltimore, MD, United States
Duration: 28 Aug 20061 Sept 2006

Publication series

Name2006 Securecomm and Workshops

Conference

Conference2006 Securecomm and Workshops
Country/TerritoryUnited States
CityBaltimore, MD
Period28/08/061/09/06

Fingerprint

Dive into the research topics of 'Denial of service attacks and defenses in decentralized trust management'. Together they form a unique fingerprint.

Cite this