NetCash: a design for practical electronic currency on the Internet
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Protecting web servers from distributed denial of service attacks
Proceedings of the 10th international conference on World Wide Web
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
A scalable content-addressable network
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
TCP congestion control with a misbehaving receiver
ACM SIGCOMM Computer Communication Review
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Authorization and Charging in Public WLANs Using FreeBSD and 802.1x
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
A Study of the Relative Costs of Network Security Protocols
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Offline Micropayments without Trusted Hardware
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
A Payment Scheme Using Vouchers
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Requirements for network payment: the NetCheque perspective
COMPCON '95 Proceedings of the 40th IEEE Computer Society International Conference
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Analyzing Distributed Denial of Service Tools: The Shaft Case
LISA '00 Proceedings of the 14th USENIX conference on System administration
EasyVPN: IPsec Remote Access Made Easy
LISA '03 Proceedings of the 17th USENIX conference on System administration
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
On the performance of TCP splicing for URL-aware redirection
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
VarietyCash: a multi-purpose electronic payment system
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
NetCents: a lightweight protocol for secure micropayments
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
NetBill security and transaction protocol
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
iKP: a family of secure electronic payment protocols
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
A set of protocols for micropayments in distributed systems
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
The millicent protocols for electronic commerce
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Fileteller: paying and getting paid for file storage
FC'02 Proceedings of the 6th international conference on Financial cryptography
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
Guaranteeing access in spite of distributed service-flooding attacks
Proceedings of the 11th international conference on Security Protocols
A lightweight, robust P2P system to handle flash crowds
IEEE Journal on Selected Areas in Communications
Quantifying Resistance to the Sybil Attack
Financial Cryptography and Data Security
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Proceedings of the 16th ACM conference on Computer and communications security
A survey on the design, applications, and enhancements of application-layer overlay networks
ACM Computing Surveys (CSUR)
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis
IEEE/ACM Transactions on Networking (TON)
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Spread Identity: A new dynamic address remapping mechanism for anonymity and DDoS defense
Journal of Computer Security
Hi-index | 0.00 |
We present WebSOS, a novel overlay-based architecture that provides guaranteed access to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits two key characteristics of the web environment: its design around a human-centric interface, and the extensibility inherent in many browsers through downloadable ''applets.'' We guarantee access to a web server for a large number of previously unknown users, without requiring pre-existing trust relationships between users and the system, by using reverse Graphic Turing Tests. Furthermore, our system makes it easy for service providers to charge users, providing incentives to a commercial offering of the service. Users can dynamically decide whether to use the WebSOS overlay, based on the prevailing network conditions. Our prototype requires no modifications to either servers or browsers, and makes use of Graphical Turing Tests, web proxies, and client authentication using the SSL/TLS protocol, all readily supported by modern browsers. We then extend this system with a credential-based micropayment scheme that combines access control and payment authorization in one operation. Turing tests ensure that malicious code, such as a worm, cannot abuse a user's micropayment wallet. We use the WebSOS prototype to conduct a performance evaluation over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency using both a chord-based approach and our shortcut extension. Our evaluation shows the latency increase by a factor of 7 and 2 respectively, confirming our simulation results.