Denial-of-service resilience password-based group key agreement for wireless networks
Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks
Toward non-parallelizable client puzzles
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Proceedings of the 14th Communications and Networking Symposium
| Hi-index | 0.00 |
The client puzzles have been proposed as an important mechanism in defending against distributed denial-ofservice (DDoS) attacks. In this paper we propose a new IP layer client puzzles scheme, password puzzles (PP). In this scheme a puzzle issuer, on the behalf of a receiver, responds to requests with puzzles that a sender must solve before sending in any packet to a receiver. We design two new puzzle types, hash-chain-reversal puzzles and multiple-hash-chains-reversal puzzles, with which a sender is expected to reverse one (multiple) hash chain(s) and send in packets with valid passwords (i.e., solutions of puzzles) to the receiver. Our design achieves three main properties. First, the PP scheme is able to generate puzzles with different difficulties flexibly for various clients. Second, a puzzle issuer is able to generate puzzles at a per-flow and per-packet basis. Third, the PP scheme is able to converge to be a "non-puzzle" protocol.