An economical model for the risk evaluation of DoS vulnerabilities in cryptography protocols

Authors:
Zhen Cao;Zhi Guan;Zhong Chen;Jianbin Hu;Liyong Tang
Affiliations:
School of Electronics Engineering and Computer Science, Peking University, Beijing, China;School of Electronics Engineering and Computer Science, Peking University, Beijing, China;School of Electronics Engineering and Computer Science, Peking University, Beijing, China;School of Electronics Engineering and Computer Science, Peking University, Beijing, China;School of Electronics Engineering and Computer Science, Peking University, Beijing, China
Venue:
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Year:
2007

Citing 10
Cited 0

A cost-based framework for analysis of denial of service in networks

Journal of Computer Security
Applied Cryptography: Protocols, Algorithms, and Source Code in C

Applied Cryptography: Protocols, Algorithms, and Source Code in C
Quantifying Network Denial of Service: A Location Service Case Study

ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Casper: A Compiler for the Analysis of Security Protocols

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Formal Framework and Evaluation Method for Network Denial of Service

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Computer and network security risk management: theory, challenges, and countermeasures: Research Articles

International Journal of Communication Systems
Computation-at-risk: employing the grid for computational risk management

CLUSTER '04 Proceedings of the 2004 IEEE International Conference on Cluster Computing
Modelling denial of service attacks on JFK with Meadows's cost-based framework

ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Measuring denial Of service

Proceedings of the 2nd ACM workshop on Quality of protection
Formal methods for cryptographic protocol analysis: emerging issues and trends

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Denial of Service (DoS) attacks are a virulent type of attack on the availability of networks' intended services and resources. Defense against DoS attacks has been built into the cryptography protocols intended for authentication and establishment of communications. However the cryptography protocols have their own vulnerability to DoS. Consequently it is desirable to provide a methodology to evaluate the cryptography protocols' resistance to DoS attacks. In this paper, we propose an economical model for the risk evaluation of Denial of Service vulnerabilities in cryptographical protocols. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the Value at Risk (VaR) for the cryptography protocols. The Value at Risk does the very job answering the question that how much computing resources are expected to lose with a given level of confidence. The proposed model can help the common users to have a better knowledge of the protocols they are using, and in the meantime help designers to examine their designs and get clues to improve them. We validate the applicability and effectiveness of our risk evaluation model by applying it to analyze two related protocols.