New client puzzle outsourcing techniques for DoS resistance

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2004, Pages 246-256

  Waters, Brent ^a   Juels, Ari ^b   Halderman, J Alex ^a   Felten, Edward W ^a  

^a PRINCETON UNIVERSITY   (United States)

^b RSA   (United States)

Author keywords

Client Puzzles; Denial of Service; DoS

Indexed keywords

CLIENT SERVER COMPUTER SYSTEMS; COMPUTER CRIME; ELECTRONIC COMMERCE; GATEWAYS (COMPUTER NETWORKS); INFORMATION SERVICES; NETWORK PROTOCOLS; SERVERS; TELECOMMUNICATION TRAFFIC;

CLIENT PUZZLES; DATA SOURCES; DENIAL OF SERVICE (DOS) ATTACKS; IP; TCP;

CRYPTOGRAPHY;

EID: 14844300104     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1030083.1030117     Document Type: Conference Paper

References (37)

1. M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately hard, memory-bound functions. In NDSS '03, pages 107-121. Internet Society, 2003.
2. D. Adkins, K. Lakshminarayanan, A. Perrig, and I. Stoica. Taming IP packet flooding attacks. In HotNets-II. ACM Press, 2003.
3. M. Adler. Tradeoffs in probabilistic packet marking for IP traceback. In STOC '02, pages 407-418. ACM Press, 2002.
4. D. G. Andersen. Mayday: Distributed filtering for Internet services. In USENIX Symposium on Internet Technologies and Systems (USITS), 2003.
5. T. Anderson, T. Roscoe, and D. Wetherall. Preventing Internet denial-of-service with capabilities. In HotNets-II. ACM Press, 2003.
6. T. Aura, P. Nikander, and J. Leiwo. DoS-resistant authentication with client puzzles. In 8th International Workshop on Security Protocols, pages 170-181. Springer-Verlag, 2000.
7. A. Back. Hashcash - a denial-of-service countermeasure, 2002. Original system developed in 1997. Manuscript. Referenced 2004 at http://www.hashcash. org/hashcash.pdf.
8. P. Barford, J. Kline, D. Plonka, and A. Ron. A signal analysis of network traffic anomalies. In Internet Measurement Workshop, 2002.
9. S. Bellovin, M. Leech, and T. Taylor. ICMP traceback messages, 2003. Internet Draft.
10. D. Boneh and M. Franklin. Identity based encryption from the Weil pairing. SIAM J. of Computing, 32(3):586-615, 2003.
11. Wei Dai. Crypto 5.1 benchmarks. Web site at http://www.eskimo.com/weidai/ benchmarks.html.
12. D. Dean, M. Franklin, and A. Stubblefield. An algebraic approach to IP traceback. Information and System Security, 5(2):99-137, 2002.
13. D. Dean and A. Stubblefield. Using client puzzles to protect TLS. In 10th USENIX Security Symposium, pages 1-8, 2001.
14. W. Diffie and M.E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22:644-654, 1976.
15. C. Dwork, A. Goldberg, and M. Naor. On memory-bound functions for fighting spam. In D. Boneh, editor, CRYPTO '03, pages 426-444. Springer-Verlag, 2003.
16. C. Dwork and M. Naor. Pricing via processing or combatting junk mail. In Ernest F. Brickell, editor, CRYPTO '92, pages 139-147. Springer-Verlag, 1992.
17. M.K. Franklin and D. Malkhi. Auditable metering with lightweight security. In R. Hirschfeld, editor, Financial Cryptography '97, pages 151-160. Springer-Verlag, 1997.
18. E. Gabber, M. Jakobsson, Y. Matias, and A. Mayer. Curbing junk e-mail via secure classification. In R. Hirschfeld, editor, Financial Cryptography '98. Springer-Verlag, 1998.
19. Virgil D. Gligor. Guaranteeing access in spite of service-flooding attacks. In Security Protocols Workshop, 2003.
20. D. Goldschlag and S. Stubblebine. Publicly verifiable lotteries: Applications of delaying functions. In R. Hirschfeld, editor, Financial Cryptography '98. Springer-Verlag, 1998.
21. A. Hussain, J. Heidemann, and C. Papdopolous. A framework for classifying denial-of-service attacks. In ACM SIGCOMM, 2003.
22. M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Communications and Multimedia Security, pages 258-272. Kluwer Academic, 1999.
23. A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the 1999 ISOC Network and Distributed System Security Symposium, pages 151-165, 1999.
24. A. D. Keromytis, V. Misra, and D. Rubenstein. SOS: Secure overlay services. In ACM SIGCOMM, pages 61-72. ACM Press, 2002.
25. R. Mahajan, S.M. Bellovin, S. Floyd, J. Ioannidis, V. Paxons, and S. Shenker. Controlling high bandwidth aggregates in the network. ACM Computer Communication Review, 32(3):62-73, 2002.
26. R. Merkle. Secure communications over insecure channels. Communications of the ACM, 21(8):294-299, April 1978.
27. The Netfilter/Iptables Project. Web site at http://www.netfilter.org.
28. The GNU MP Project. Web site at http://www.gnu.org/software/gmp/gmp.html.
29. R.L. Rivest, A. Shamir, and D. Wagner. Time-lock puzzles and timed-release crypto. Technical Report MIT/LCS/TR-684, MIT, 1996.
30. S Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical network support for IP traceback. In ACM SIGCOMM 2000, pages 295-306, 2000.
31. C.-P. Schnorr and M. Jakobsson. Security of discrete log cryptosystems in the random oracle and generic model. In The Mathematics of Public-Key Cryptography. The Fields Institute, 1999.
32. IP Security Protocol Charter. Web site at http://www.ietf.org/html. charters/ipsec-charter.html.
33. D. X. Song and A. Perrig. Advanced and authenticated marking schemes for IP traceback. In IEEE INFOCOM, pages 878-886, 2001.
34. R. Stone. CenterTrack: An IP overlay network for tracking DoS floods. In USENIX Security '00, 2000.
35. L. von Ahn, M. Blum, N.J. Hopper, and J. Langford. CAPTCHA: Using hard AI problems for security. In E. Biham, editor, Eurocrypt '03, pages 294-311. Springer-Verlag, 2003.
36. X. Wang and M. K. Reiter. Defending against denial-of-service attacks with puzzle auctions. In IEEE Symposium on Security and Privacy, pages 78-92, 2003.
37. A. Yaar, A. Perrig, and D. Song. Pi: A path identification mechanism to defend against DDoS attacks. In IEEE Symposium on Security and Privacy, pages 93-109, 2003.