Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Secure communications over insecure channels
Communications of the ACM
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
Tradeoffs in probabilistic packet marking for IP traceback
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Auditable Metering with Lightweight Security
FC '97 Proceedings of the First International Conference on Financial Cryptography
Curbing Junk E-Mail via Secure Classification
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Publicly Verifiable Lotteries: Applications of Delaying Functions
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Proofs of Work and Bread Pudding Protocols
CMS '99 Proceedings of the IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Time-lock Puzzles and Timed-release Crypto
Time-lock Puzzles and Timed-release Crypto
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
Modelling denial of service attacks on JFK with Meadows's cost-based framework
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Mitigating attacks on open functionality in SMS-capable cellular networks
Proceedings of the 12th annual international conference on Mobile computing and networking
Design and implementation of a secure wide-area object middleware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Harvesting verifiable challenges from oblivious online sources
Proceedings of the 14th ACM conference on Computer and communications security
Mitigating DoS attacks against broadcast authentication in wireless sensor networks
ACM Transactions on Sensor Networks (TOSN)
Noninvasive Methods for Host Certification
ACM Transactions on Information and System Security (TISSEC)
On attack causality in internet-connected cellular networks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
mod_kaPoW: mitigating DoS with transparent proof-of-work
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Mitigating application-level denial of service attacks on Web servers: A client-transparent approach
ACM Transactions on the Web (TWEB)
SpringSim '07 Proceedings of the 2007 spring simulation multiconference - Volume 3
Using rhythmic nonces for puzzle-based DoS resistance
Proceedings of the 2nd ACM workshop on Computer security architectures
Mitigating attacks on open functionality in SMS-capable cellular networks
IEEE/ACM Transactions on Networking (TON)
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Signaling-Oriented DoS Attacks in UMTS Networks
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Towards Denial-of-Service-Resilient Key Agreement Protocols
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
International Journal of Information and Computer Security
Security Notions and Generic Constructions for Client Puzzles
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
ACM Transactions on Computer Systems (TOCS)
Toward non-parallelizable client puzzles
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
Combating spam and denial-of-service attacks with trusted puzzle solvers
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
An (almost) constant-effort solution-verification proof-of-work protocol based on Merkle trees
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Low-cost client puzzles based on modular exponentiation
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
On the use of financial data as a random beacon
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Eperio: mitigating technical complexity in cryptographic election verification
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
DoS attacks exploiting signaling in UMTS and IMS
Computer Communications
Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Receipt-mode trust negotiation: efficient authorization through outsourced interactions
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
A novel client-based approach for signing and checking web forms by using XML against DoS attacks
Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
Reconstructing hash reversal based proof of work schemes
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Telex: anticensorship in the network infrastructure
SEC'11 Proceedings of the 20th USENIX conference on Security
A middleware system for protecting against application level denial of service attacks
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
On the performance and analysis of DNS security extensions
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Game theoretic resistance to denial of service attacks using hidden difficulty puzzles
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Efficient memory bound puzzles using pattern databases
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Secure client puzzles based on random beacons
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
Practical client puzzles in the standard model
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
| Hi-index | 0.00 |
We explore new techniques for the use of cryptographic puzzles as a countermeasure to Denial-of-Service (DoS) attacks. We propose simple new techniques that permit the out-sourcing of puzzles; their distribution via a robust external service that we call a bastion. Many servers can rely on puzzles distributed by a single bastion. We show how a bastion, somewhat surprisingly, need not know which servers rely on its services. Indeed, in one of our constructions, a bastion may consist merely of a publicly accessible random data source, rather than a special purpose server. Our out-sourcing techniques help eliminate puzzle distribution as a point of compromise. Our design has three main advantages over prior approaches. First, it is more resistant to DoS attacks aimed at the puzzle mechanism itself, withstanding over 80% more attack traffic than previous methods in our experiments. Second, our scheme is cheap enough to apply at the IP level, though it also works at higher levels of the protocol stack. Third, our method allows clients to solve puzzles offline, reducing the need for users to wait while their computers solve puzzles. We present a prototype implementation of our approach, and we describe experiments that validate our performance claims.