Deamplification of DoS Attacks via Puzzles

نویسنده

  • Jacob Beal
چکیده

Puzzles have been proposed as a mechanism to deamplify denial of service attacks against a server’s memory and processing resources. For example, HIP implements a cookie puzzle mechanism to protect the server from wasting resources performing Diffie-Hellman exponentiation in response to spurious requests. We examine cookie puzzle mechanisms of this type. We find that careful attention is needed in server implementation to ensure that an attacker does not retain opportunities to amplify the attack despite the puzzle mechanism, and present a design which addresses these issues. We compare vulnerability to bandwidth and processing attacks, determining when one dominates the other. Finally, we quantify the deamplification of DoS attacks provided by a cookie puzzle mechanism and determine the best setting for puzzle difficulty under a steady-state attack.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Threshold Puzzles: The Evolution of DOS-resistant Authentication

Client puzzles have been proposed to add DOS resistance to authentication protocols. Due to the parallel design of puzzles, the technology is vulnerable to the socalled strong attacks. This paper advocates the need for time management of solved puzzle instances and introduces the “threshold puzzle” and “strong attack” concepts.

متن کامل

Mitigating Distributed Service Flooding Attacks with Guided Tour Puzzles

Various cryptographic puzzle schemes have been proposed as defenses against Denial of Service (DoS) attacks. However, these schemes have two common shortcomings that diminish their effectiveness as a DoS mitigation solution. First, the DoS-resilience that these schemes provide is minimized when there is a large disparity between the computational power of malicious and legitimate clients. Secon...

متن کامل

Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols (full version)

Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requiring a client to solve some moderately hard problem before being granted access to a resource. However, recent client puzzle difficulty definitions (Stebila and Ustaoglu, 2009; Chen et al., 2009) do not ensure that solving n puzzles is n times harder than solving one puzzle. Motivated by examples of puz...

متن کامل

Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols

Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requiring a client to solve some moderately hard problem before being granted access to a resource. However, recent client puzzle difficulty definitions (Stebila and Ustaoglu, 2009; Chen et al., 2009) do not ensure that solving n puzzles is n times harder than solving one puzzle. Motivated by examples of puz...

متن کامل

Mitigating Network-Based Denial-of-Service Attacks with Client Puzzles

Over the past few years, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have become more of a threat than ever. These attacks are aimed at denying or degrading service for a legitimate user by any means necessary. The need to propose and research novel methods to mitigate them has become a critical research issue in network security. Recently, client puzzle protocols h...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2004