Mitigating denial of service attacks with password puzzles

International Conference on Information Technology: Coding and Computing, ITCC

Volumn 2, Issue , 2005, Pages 621-626

  Ma, Miao ^a  

^a INSTITUTE FOR INFOCOMM RESEARCH   (Singapore)

Author keywords

[No Author keywords available]

Indexed keywords

GAME THEORY; INTERNET; NETWORK PROTOCOLS; QUALITY OF SERVICE;

CLIENT PUZZLES; DISTRIBUTED DENIL-OF-SERVICE (DDOS); PASSWORD PUZZLES;

COMPUTER SOFTWARE;

EID: 24744468386     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/itcc.2005.200     Document Type: Conference Paper

References (33)

1. S. Savage, D. Wetherall, A. Karlin and T. Andersen, "Practical network support for IP traceback," Proceedings of ACM SIGCOMM, 2000, Stockholm, Sweden, pp. 295-306.
2. D. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," Proceedings of IEEE INFOCOM, 2001, pp. 878-886.
3. D. Dean, M. Franklin and A. Stubblefield, "An algebraic approach to IP traceback," Networks and Distributed System Security Symposium (NDSS) 2001, pp. 3-12.
4. Hal Burch and Bill Cheswick, "Tracing anonymous packets to their approximate source," 14th Systems Administration Conference, New Orleans, U.S.A., Dec. 2000, pp. 313-322.
5. Robert Stone, "CenterTrack: an IP overlay network for tracking DoS floods," 9th USENIX Security Symposium, August 2000.
6. Steven M. Bellovin, "ICMP Traceback messages," Internet Draft, March 2001.
7. Allison Mankin, Dan Massey, Chien-Lung Wu, S. Felix Wu and Lixia Zhang, "On design and evaluation of "intention-driven" ICMP traceback," 10th International Conference on Computer Communications and Networks (ICCCN) 2001, pp. 159-165.
8. A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent and W. T. Strayer, "Hash-based IP traceback," Proceedings of ACM SIGCOMM, San Diego, California, U.S.A., Aug. 27-31, 2001, pp. 3-14.
9. J. Li, M. Sung, J. Xu and L. Li, "Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation," IEEE symposium on security and privacy (S&P) 2004, Berkeley, California, U.S.A, pp. 115-129.
10. D. Senie, "Network ingress filtering: defeating Denial of Service attacks which employ IP source address spoofing," RFC 2827, 5 2000.
11. J. Li, J. Mirkovic, M. Wang, P. Reiher and Lixia Zhang, "SAVE: souve address validity enforcement protocol," Proceedings of IEEEINFOCOM, 2002, pp.1557-1566.
12. A. Keromytis, V. Misra and D. Rubenstein, "SOS: securre overlay sevices," Proceedings of ACM SIGCOMM, Aug. 2002, pp. 61-72.
13. D. Andersen, "Mayday: distributed filtering for Internet services," Proceedings of USITS, 2003.
14. A. Yaar, A. Perrig and D. Song, "Pi: a path identification mechanism to defend against DDoS attacks," IEEE symposium on security and privacy (S&P) 2003, Berkeley, California, U.S.A., pp. 93-107.
15. A. Perrig, D. Song and A. Yaar, "StackPi: a new defensive mechnamism against IP spoofing and DDoS attacks," Technical Report CMU-CS-02-208, Carnegie Mellon University, February 2003.
16. C. Jin, H. Wang and K. G. Shin, "Hop-count filtering: an effective defense against spoofed DDoS traffic," 10th ACM Conference on Computer and Communications Security (CCS) 2003, October 27-31, 2003, Washington, DC, USA, pp.30-41.
17. Y. Kim, W. Ch. Lau, M. C. Chuah, H. J. Chao. "PacketScore: Statistics-based overload control against distributed denialof-service attacks", Proceedings of IEEE INFOCOM 2004.
18. A. Yaar, A. Perrig and D. Song, "SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks." IEEE symposium on security and privacy (S&P) 2004, Berkeley, California, U.S.A, pp. 130-143.
19. M. Collins and M. K. Reiter, "An empirical analysis of target-resident DoS filters," IEEE symposium on security and privacy (S&P) 2004, Berkeley, California, U.S.A, pp. 103-114.
20. A. Juels and J. Brainard, "Client puzzles: a cryptographic countermeasure against connection depletion attacks," Networks and Distributed System Security Symposium (NDSS) 1999.
21. X. F. Wang and M. K. Reiter, "Defending against denialof-service attacks with puzzle auctions," IEEE symposium on security and privacy (S&P) 2003, Berkeley, California, U.S.A., pp. 78-92.
22. B. Waters, A. Juels, J. A. Halderman and E. W. Felten, "New client puzzle outsourcing techniques for DoS resistance," 11th ACM Conference on Computer and Communications Security (CCS) 2004, Washington DC, U.S.A., pp. 246-256.
23. W. Feng, "The case for TCP/IP puzzles," Proceedings of ACM SIGCOMM Future Directions in Network Architecture (FDNA-03) 2003.
24. K. Lakshminarayanan, D. Adkins, A. Perrig and I. Stoica, "Taming IP packet flooding attacks," HotNets-II. ACM Press, 2003.
25. I. Stoica, D. Adkins, S. Zhuang, S. Shenker and S. Surana, "Internet indirection infrastructure," Proceedings of ACM SIGCOMM, Aug. 2002, pp. 73-86.
26. X. F. Wang and M. K. Reiter, "Mitigating bandwidth-exhaustion attacks using congestion puzzles" 11th ACM Conference on Computer and Communications Security (CCS) 2004, Washington DC, U.S.A., pp. 257-267.
27. W. Feng, E. Kaiser, Wu. Feng and A. Luu, "The design and implementation of network puzzles," Proceedings of IEEE IN FOCOM 2005.
28. M. Abadi, M. Burrow, M. Manasse and T. Wobber, "Moderately hard, momery-bound functions," Networks and Distributed System Security Symposium (NDSS), 2003.
29. V. D. Gligor, "Guaranteeing access in spite of service-flooding attacks," Proceedings of Security Protocols workshop, 2003.
30. L. Lamport, "Password authentication with insecure communication," Communications of the ACM 24(11), Nov. 1981, pp. 770-772.
31. N. Haller, "The S/KEY one-time password system," Symposium on Network and Distributed Systems Security (NDSS), 1994.
32. R. Hauser, T. Przygienda and G. Tsudik, "Reducing the cost of security in link-state routing," Symposium on Network and Distributed Systems Security (NDSS), 1997, pp. 93-99.
33. T. Anderson, T. Roscoe and D. Wetherall, "Preventing Internet denial-of-service with capabilites," HotNets-II. ACM Press, 2003.