Survey of closed queueing networks with blocking
ACM Computing Surveys (CSUR)
Open, Closed, and Mixed Networks of Queues with Different Classes of Customers
Journal of the ACM (JACM)
Secure communications over insecure channels
Communications of the ACM
Efficient, DoS-resistant, secure key exchange for internet protocols
Proceedings of the 9th ACM conference on Computer and communications security
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
Enhancing the Resistence of a Provably Secure Key Agreement Protocol to a Denial-of-Service Attack
ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Towards Network Denial of Service Resistant Protocols
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Protecting Key Exchange and Management Protocols Against Resource Clogging Attacks
CMS '99 Proceedings of the IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security
Proofs of Work and Bread Pudding Protocols
CMS '99 Proceedings of the IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security
A Formal Framework and Evaluation Method for Network Denial of Service
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Scalability and Flexibility in Authentication Services: The KryptoKnight Approach
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Just fast keying: Key agreement in a hostile internet
ACM Transactions on Information and System Security (TISSEC)
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Analyzing security protocols with secrecy types and logic programs
Journal of the ACM (JACM)
Leap-Frog Packet Linking and Diverse Key Distributions for Improved Integrity in Network Broadcasts
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Distributed Denial of Service Attacks and Anonymous Group Authentication on the Internet
ICITA '05 Proceedings of the Third International Conference on Information Technology and Applications (ICITA'05) Volume 2 - Volume 02
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
IEEE Transactions on Dependable and Secure Computing
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Bound analysis of closed queueing networks with workload burstiness
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Testing a Collaborative DDoS Defense In a Red Team/Blue Team Exercise
IEEE Transactions on Computers
Reducing delay and enhancing DoS resistance in multicast authentication through multigrade security
IEEE Transactions on Information Forensics and Security
Exposing WPA2 security protocol vulnerabilities
International Journal of Information and Computer Security
Hi-index | 0.00 |
Denial of Service (DoS)/Distributed DoS (DDoS) attack is an eminent threat to an Authentication Server (AS), which is used to guard access to firewalls, virtual private networks and resources connected by wired/wireless networks. In this paper, a new protocol called Identity-Based Privacy-Protected Access Control Filter (IPACF) is proposed to counter DoS/DDoS attacks. The IPACF is stateless for both user and AS since a user and responder must authenticate each other. The value and identity for authentication are changed in every frame. Thus, the privacy of both user and server is protected. The performance of the implementation is reported in this paper. In order to counter more DoS/DDoS attacks that issue fake requests, parallel processing technique is used to implement the AS. The performance comparison of dual server and single server is also reported. To study the capability of IPACF when facing massive DDoS attacks, simulations using OPNET for a network consisting of 1000 nodes with 10 Gbps pipe to the AS are carried out. The simulations show that the performance of AS has very little degradation in terms of packet latency and CPU utilisation for users. Queueing models are used to compare simulations and agreement between models and simulations is acceptable.