Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Secure communications over insecure channels
Communications of the ACM
Defeating Distributed Denial of Service Attacks
IT Professional
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
DOS-Resistant Authentication with Client Puzzles
Revised Papers from the 8th International Workshop on Security Protocols
Auditable Metering with Lightweight Security
FC '97 Proceedings of the First International Conference on Financial Cryptography
Publicly Verifiable Lotteries: Applications of Delaying Functions
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Weakly Secret Bit Commitment: Applications to Lotteries and Fair Exchange
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Analyzing Distributed Denial of Service Tools: The Shaft Case
LISA '00 Proceedings of the 14th USENIX conference on System administration
Defensive programming: using an annotation toolkit to build DoS-resistant software
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Resisting SYN flood DoS attacks with a SYN cache
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Timed release of standard digital signatures
FC'02 Proceedings of the 6th international conference on Financial cryptography
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
Taming IP packet flooding attacks
ACM SIGCOMM Computer Communication Review
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Mitigating bandwidth-exhaustion attacks using congestion puzzles
Proceedings of the 11th ACM conference on Computer and communications security
The dual receiver cryptosystem and its applications
Proceedings of the 11th ACM conference on Computer and communications security
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Obfuscated databases and group privacy
Proceedings of the 12th ACM conference on Computer and communications security
Modelling denial of service attacks on JFK with Meadows's cost-based framework
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Stateful DDoS attacks and targeted filtering
Journal of Network and Computer Applications
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
An end-middle-end approach to connection establishment
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Harvesting verifiable challenges from oblivious online sources
Proceedings of the 14th ACM conference on Computer and communications security
SpringSim '07 Proceedings of the 2007 spring simulation multiconference - Volume 3
Using rhythmic nonces for puzzle-based DoS resistance
Proceedings of the 2nd ACM workshop on Computer security architectures
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Signaling-Oriented DoS Attacks in UMTS Networks
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Towards Denial-of-Service-Resilient Key Agreement Protocols
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
International Journal of Information and Computer Security
Future Generation Computer Systems
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
DoS-resistant ID-based password authentication scheme using smart cards
Journal of Systems and Software
Toward non-parallelizable client puzzles
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
An (almost) constant-effort solution-verification proof-of-work protocol based on Merkle trees
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Security analysis of enterprise network based on stochastic game nets model
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Low-cost client puzzles based on modular exponentiation
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
DoS attacks exploiting signaling in UMTS and IMS
Computer Communications
An integrated approach to cryptographic mitigation of denial-of-service attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Reconstructing hash reversal based proof of work schemes
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Guaranteeing access in spite of distributed service-flooding attacks
Proceedings of the 11th international conference on Security Protocols
A middleware system for protecting against application level denial of service attacks
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
A dynamic path identification mechanism to defend against DDoS attacks
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Strengthening password-based authentication protocols against online dictionary attacks
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Game theoretic resistance to denial of service attacks using hidden difficulty puzzles
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Efficient memory bound puzzles using pattern databases
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
An incrementally deployable path address scheme
Journal of Parallel and Distributed Computing
Adaptive selective verification: an efficient adaptive countermeasure to thwart DoS attacks
IEEE/ACM Transactions on Networking (TON)
SybilControl: practical sybil defense with computational puzzles
Proceedings of the seventh ACM workshop on Scalable trusted computing
Modeling and security analysis of enterprise network using attack–defense stochastic game Petri nets
Security and Communication Networks
Capability-Based Defenses Against DoS Attacks in Multi-path MANET Communications
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Although client puzzles represent a promising approach to defend against certain classes of denial-of-service attacks, several questions stand in the way oftheir deployment in practice: e.g., how to set the puzzledifficulty in the presence of an adversary with unknowncomputing power, and how to integrate the approachwith existing mechanisms. In this paper, we attempt toaddress these questions with a new puzzle mechanismcalled the puzzle auction. Our mechanism enables eachclient to "bid" for resources by tuning the difficulty ofthe puzzles it solves, and to adapt its bidding strategyin response to apparent attacks. We analyze the effectiveness of our auction mechanism and further demonstrate it using an implementation within the TCP protocol stack of the Linux kernel. Our implementationhas several appealing properties. It effectively defendsagainst SYN ooding attacks, is fully compatible withTCP, and even provides a degree of interoperabilitywith clients with unmodified kernels: Even without apuzzle-solving kernel, a client still can connect to a puzzle auction server under attack (albeit less effectivelythan those with puzzle-solving kernels, and at the costof additional server expense).