Using Admissible Interference to Detect Denial of Service Vulnerabilities

Meadows recently proposed a formal cost-based framework for analysis of denial of service. It was showed how some principles that have already been used to make cryptographic protocols more resistant to denial of service by trading off the cost to defender against the cost to the attacker can be formalized. The first contribution of this paper is to introduce a new security property called impassivity which intends to capture the ability of a protocol to achieve these goals in the framework of a generic value-passing process algebra called Security Process Algebra (SPPA) extended with local function calls, cryptographic primitives and special semantic features in order to cope with cryptographic protocols. More specifically, impassivity is defined as an information flow property founded on bisimulation-based nondeterministic admissible interference. A sound and complete proof method for impassivity is also provided. The method extends previous results presented by the authors on bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols. The method is illustrated throughout the paper on the TCP/IP connection protocol. A more substantial application to the 1KP secure electronic payment protocol is given in appendix.

[1]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[2]  G. Boudol,et al.  Notes on Algebraic Calculi of Processes , 1989, Logics and Models of Concurrent Systems.

[3]  Virgil D. Gligor,et al.  A formal specification and verification method for the prevention of denial of service , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[4]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[5]  Jonathan K. Millen,et al.  A resource allocation model for denial of service , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  R.,et al.  A CLASSIFICATION OF SECURITY PROPERTIES FOR PROCESS ALGEBRAS 1 , 1994 .

[7]  ProtocolsLi GongSRI InternationalComputer Fail-Stop Protocols : An Approach to Designing Secure , 1994 .

[8]  Mihir Bellare,et al.  iKP - A Family of Secure Electronic Payment Protocols , 1995, USENIX Workshop on Electronic Commerce.

[9]  Paul Syverson,et al.  Fail-Stop Protocols: An Approach to Designing Secure Protocols (Preprint) , 1995 .

[10]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[11]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[13]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[14]  Martín Abadi,et al.  A Bisimulation Method for Cryptographic Protocols , 1998, Nord. J. Comput..

[15]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[16]  Roberto Gorrieri,et al.  CVS: a compiler for the analysis of cryptographic protocols , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[17]  Fabio Martinelli,et al.  A Uniform Approach for the Definition of Security Properties , 1999, World Congress on Formal Methods.

[18]  Rocco De Nicola,et al.  Proof techniques for cryptographic processes , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[19]  Paul J Criscuolo,et al.  Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319 , 2000 .

[20]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[21]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[22]  P. J. Criscuolo Distributed Denial of Service Tools, Trin00, Tribe Flood Network, Tribe Flood Network 2000 and Stacheldraht. , 2000 .

[23]  John Mullins Nondeterministic Admissible Interference , 2000, J. Univers. Comput. Sci..

[24]  Catherine A. Meadows,et al.  A Cost-Based Framework for Analysis of Denial of Service Networks , 2001, J. Comput. Secur..

[25]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[26]  V. Cortier Cortier Observational equivalence and trace equivalence in an extension of Spi − calculus . Application to cryptographic protocols analysis , 2002 .

[27]  John Mullins,et al.  Bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols , 2003, Inf. Softw. Technol..

[28]  Stéphane Lafrance Symbolic Approach to the Analysis of Security Protocols , 2004, J. Univers. Comput. Sci..

[29]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .