期刊文献+

Towards Risk Evaluation of Denial-of-Service Vulnerabilities in Security Protocols 被引量:1

Towards Risk Evaluation of Denial-of-Service Vulnerabilities in Security Protocols
原文传递
导出
摘要 Denial-of-Service (DOS) attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the "Value-at-Risk" (VaR) for the security protocols. Tile "Value-at-Risk" represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols. Denial-of-Service (DOS) attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the "Value-at-Risk" (VaR) for the security protocols. Tile "Value-at-Risk" represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols.
出处 《Journal of Computer Science & Technology》 SCIE EI CSCD 2010年第2期375-386,F0003,共13页 计算机科学技术学报(英文版)
基金 supported by the National Natural Science Foundation of China under Grant No.60873239.
关键词 risk evaluation Denial-of-Service (DOS) Value-at-Risk (VaR) risk evaluation, Denial-of-Service (DOS), Value-at-Risk (VaR)
  • 相关文献

参考文献1

二级参考文献12

  • 1CCITT Recommendation X.509.The Directory-Authentication Framework.CCITT[S].1988.
  • 2Michael Burrows,Martin Abadi,Roger Needham.A logic of authentication[J].ACM Transactions on Computer Systems,1990,8(1):18-36.
  • 3Colin Anson,Chris Mitchell.Security Defects in the CCITT Recommendation X.509 :The Directory Authentication Framework[J].Computer Communication Review,1990,20(2):30-34.
  • 4Phil Karn,W A Simpson.Photuris:session-key management protocol.RFC 2522[S].IETF Network Working Group,1999.
  • 5Dan Harkins,Dave Carrel.The Internet key exchange (IKE).RFC 2409[S].IETF Network Working Group,1998.
  • 6C Dwork,M Naor.Pricing via processing or combatting junk mail[A].Proc.CRYPTO'92[C].Berlin:Springer,1992.139-147.
  • 7Tuomas Aura,Pekka Nikander,Jussipekka Leiwo.DOS-resistant authentication with client puzzles[A].Proc.of Security Protocols Workshop[C].Berlin:Springer,2000.170-177.
  • 8K Matsuura,H Imai.Modification of internet key exchange resistant against denial-of-Service[A].Pre-Proc.of Internet Workshop 2000 (IWS2000)[C].NSW,Australia,2000.167-174.
  • 9C Meadows.A formal framework and evaluation method for network denial of service[A].Proc.of the 12th IEEE.Computer Security Foundations Workshop[C].Mordano,Italy,1999.4-13.
  • 10W A Simpson.IKE/ISAKMP Considered Dangerous[DB/OL].Internet Draft,draft-simpson-danger-isakmp-01.txt,1999.

共引文献10

同被引文献9

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部