Impact of Denial-of-Service in security protocols

Abstract

Denial-of-Service (DOS) attacks are unavoidable in networked systems. These attacks have their impact on security protocols. As defence against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the “Risk-Factor” (RF) for the security protocols. The “Risk-Factor” represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement.