Portcullis: Protecting connection setup from denial-of-capability attacks

ACM SIGCOMM 2007: Conference on Computer Communications

Volumn , Issue , 2007, Pages 289-300

  Parno, Bryan ^a   Wendlandt, Dan ^a   Shi, Elaine ^a   Perrig, Adrian ^a   Maggs, Bruce ^a   Hu, Yih Chun ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Network capability; Per computation fairness

Indexed keywords

NETWORK CAPABILITY; PERCOMPUTATION FAIRNESS;

COMPUTATIONAL METHODS; INTERNET; LARGE SCALE SYSTEMS; NETWORK MANAGEMENT;

NETWORK SECURITY;

EID: 36949036429     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1282380.1282413     Document Type: Conference Paper

References (32)

1. M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately hard, memory-bound functions. In Proceedings of ISOC NDSS, February 2003.
2. Lisa Amini and Henning Schulzrinne. Issues with inferring Internet topological attributes. In Proceedings of the Internet Statistics and Metrics Analysis Workshop, October 2004.
3. Tom Anderson, Timothy Roscoe, and David Wetherall. Preventing Internet denial-of-service with capabilities. In Proceedings of Hotnets-II, November 2003.
4. Katerina Argyraki and David Cheriton. Network capabilities: The good, the bad and the ugly. In Proceedings of Workshop on Hot Topics in Networks (HotNets-IV), November 2005.
5. T. Aura, P. Nikander, and J. Leiwo. DoS-resistant authentication with client puzzles. In Proceedings of Security Protocols Workshop, 2001.
6. A. Broder and M. Mitzenmacher. Network applications of Bloom filters: A survey. Journal of Internet Mathematics, 1(4), 2005.
7. CAIDA. Skitter, http: //www.caida.org/tools/measurement/skitter/.
8. Richard Clayton, http://www.cl.cam.ac.uk/~rncl/ Accessed May, 2007.
9. Team Cymru. The team cymru ip to asn lookup page. http://www.cymru.com/ BGP/asnlookup.html.
10. Drew Dean and Adam Stubblefield. Using client puzzles to protect TLS. In Proceedings of USENIX Security Symposium, 2001.
11. C. Dwork, A. Goldberg, and M. Naor. On memory-bound functions for fighting spam. In Proceedings of CRYPTO, 2003.
12. C. Dwork and M. Naor. Pricing via processing or combatting junk mail. In Proceedings of CRYPTO, 1993.
13. P. Ferguson and D. Senie. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2267, January 1998.
14. V. Gligor. Guaranteeing access in spite of service-flooding attacks. In Proceedings of the Security Protocols Workshop, April 2003.
15. Helion Technology Limited. Fast SHA-1 hash core for ASIC. Cambridge, England. Available at http://www.heliontech.com/downloads/ shal_asic_fast_helioncore.pdf. November 2005.
16. Helion Technology Limited. Fast SHA-1 hash core for Xilinx FPGA. Cambridge, England. Available at http://www.heliontech.com/downloads/shal_ xilinx_fast_helioncore.pdf. November 2005.
17. A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of ISOC NDSS, 1999.
18. Jaeyeon Jung, Emil Sit, Hari Balakrishnan, and Robert Morris. DNS performance and the effectiveness of caching. Transactions on Networking, 10(5), 2002.
19. National Institute of Standards and Technology (NIST) Computer Systems Laboratory. Secure hash standard. 180-1, April 1995.
20. K. Lakshminarayanan, D. Adkins, A. Perrig, and I. Stoica. Taming IP Packet Flooding Attacks. In ACM HotNets-II, November 2003.
21. Ben Laurie and Richard Clayton. "Proof-of-work" proves not to work. In Proceedings of WEIS, May 2004.
22. S. Machiraju, M. Seshadri, and I. Stoica. A scalable and robust solution for bandwidth allocation. In International Workshop on QoS, May 2002.
23. Jeffrey Pang, James Hendricks, Aditya Akella, Bruce Maggs, Roberto De Prisco, and Srinivasan Seshan. Availability, usage, and deployment characteristics of the domain name system. In Proceedings of the Internet Measurement Conference, October 2004.
24. Lindsey Poole and Vivek S. Pai. ConfiDNS: Leveraging scale and history to improve DNS security. In Proceedings of USENIX WORLDS, November 2006.
25. Elaine Shi, Bryan Parno, Adrian Perrig, Yih-Chun Hu, and Bruce Maggs. FANFARE for the common flow. Technical Report CMU-CS-05-148, Carnegie Mellon, February 2005.
26. Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker. DDoS defense by offense. In Proceedings of ACM SIGCOMM, September 2006.
27. X. Wang and M. Reiter. Defending against denial-of-service attacks with puzzle auctions. In Proceedings of IEEE Symposium on Security and Privacy, May 2003.
28. X. Wang and M. Reiter. Mitigating bandwidth-exhaustion attacks using congestion puzzles. In ACM CCS, October 2004.
29. Brent Waters, Ari Juels, J. Alex Halderman, and Edward W. Felten. New client puzzle outsourcing techniques for DoS resistance. In Proceedings of ACM CCS, November 2004.
30. A. Yaar, A. Perrig, and D. Song. Pi: A path identification mechanism to defend against DDoS attacks. In Proceedings of IEEE Symposium on Security and Privacy, May 2003.
31. A. Yaar, A. Perrig, and D. Song. SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacks. In Proceedings of IEEE Symposium on Security and Privacy, May 2004.
32. X. Yang, D. Wetherall, and T. Anderson. A DoS-limiting network architecture. In Proceedings of ACM SIGCOMM, August 2005.