DOS-Resistant Authentication with Client Puzzles
Revised Papers from the 8th International Workshop on Security Protocols
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Moderately hard, memory-bound functions
ACM Transactions on Internet Technology (TOIT)
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Wireless client puzzles in IEEE 802.11 networks: security by wireless
WiSec '08 Proceedings of the first ACM conference on Wireless network security
A multi-layer framework for puzzle-based denial-of-service defense
International Journal of Information Security
BAP: Broadcast Authentication Using Cryptographic Puzzles
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
CLL: A Cryptographic Link Layer for Local Area Networks
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Counter-Flooding: DoS Protection for Public Key Handshakes in LANs
ICNS '09 Proceedings of the 2009 Fifth International Conference on Networking and Services
Security Notions and Generic Constructions for Client Puzzles
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Toward non-parallelizable client puzzles
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
| Hi-index | 0.00 |
Denial of Service (DoS) attacks pose a fast-growing threat to network services in the Internet, but also corporate Intranets and public local area networks like Wi-Fi hotspots may be affected. Especially protocols that perform authentication and key exchange relying on expensive public key cryptography are likely to be preferred targets. A well-known countermeasure against resource depletion attacks are client puzzles.Most existing client puzzle schemes are interactive. Upon receiving a request the server constructs a puzzle and asks the client to solve this challenge before processing its request. But the packet with the puzzle parameters sent from server to client lacks authentication. The attacker might mount a counterattack on the clients by injecting faked packets with bogus puzzle parameters bearing the server's sender address. A client receiving a plethora of bogus challenges may become overloaded and probably will not be able to solve the genuine challenge issued by the authentic server. Thus, its request remains unanswered. In this paper we introduce a secure client puzzle architecture that overcomes the described authentication issue. In our scheme client puzzles are employed noninteractively and constructed by the client from a periodically changing, secure random beacon. A special beacon server broadcasts beacon messages which can be easily verified by matching their hash values against a list of beacon fingerprints that has been obtained in advance. We develop sophisticated techniques to provide a robust beacon service. This involves synchronization aspects and especially the secure deployment of beacon fingerprints.