A guided tour puzzle for denial of service prevention

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2009, Pages 279-288

  Abliz, Mehmud ^a   Znati, Taieb ^a,b  

^a University of Pittsburgh   (United States)

^b UNIVERSITY OF PITTSBURGH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL POWER; COMPUTATIONAL RESOURCES; DEFENSE MECHANISM; DENIAL OF SERVICE; DENIAL OF SERVICE ATTACKS; LARGE DISPARITY; MINIMUM INTERFERENCE; MULTIPLE SERVERS; TOUR GUIDE;

COMPUTER CRIME; TRANSMISSION CONTROL PROTOCOL;

SECURITY OF DATA;

EID: 77950803546     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2009.33     Document Type: Conference Paper

References (33)

1. C. Dwork and M. Naor, "Pricing via processing or combatting junk mail," in CRYPTO '92, Santa Barbara, CA, 1992, pp. 139-147.
2. A. Juels and J. Brainard, "Client puzzles: A cryptographic countermeasure against connection depletion attacks," in the 1999 Network and Distributed System Security Symposium (NDSS '99), San Diego, CA, 1999, pp. 151-165.
3. W. Feng, E. Kaiser, and A. Luu, "The design and implementation of network puzzles," in IEEE INFOCOM '05, vol.4, Miami, FL, 2005, pp. 2372-2382.
4. T. Aura, P. Nikander, and J. Leiwo, "DoS-resistant authentication with client puzzles," in 8th International Workshop on Security Protocols, vol.2133, 2000, pp. 170-181.
5. D. Dean and A. Stubblefield, "Using client puzzles to protect TLS," in 10th USENIX Security Symposium, Washington DC, 2001, pp. 1-8.
6. X. Wang and M. K. Reiter, "Defending against denial-of-service attacks with puzzle auctions," in IEEE Symposium on Security and Privacy, Washington DC, 2003, pp. 78-92.
7. "Fast sha-1 hash core for asic," Helion Technology Limited, 2005. [Online]. Available: http://www.heliontech.com/downloads/sha1-asic-fast- helioncore.pdf
8. B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. Maggs, and Y. Hu, "Portcullis: Protecting connection setup from denial-of-capability attacks," in ACM SIGCOMM '07, Kyoto, Japan, 2007, pp. 289-300.
9. S. Tritilanunt, C. Boyd, E. Foo, and J. M. González, "Toward non-parallelizable client puzzles," in 6h International Conference on Cryptology and Network Security, vol.4856, Singapore, 2007, pp. 247-264.
10. Secure Hash Standard, National Institute of Standards and Technology (NIST) Std., 1995.
11. B. Mulvey, "Evaluation of hash functions," 2006. [Online]. Available: http://bretm.home.comcast.net/~bretm/hash/
12. B. H. Bloom, "Space/time trade-offs in hash coding with allowable errors," Communications of the ACM, vol.13(7), pp. 422-426, 1970.
13. "Planet-lab scalable sensing service," Scalable Sensing Service. [Online]. Available: http://networking.hpl.hp.com/s-cube/
14. "About planet lab," Planet Lab. [Online]. Available: http://www.planet-lab.org/about
15. X. Yang, D. Wetherall, and T. Anderson, "A DoS-limiting network architecture," in ACM SIGCOMM '05, Philadelphia, 2005, pp. 241-252.
16. A. Yaar, A. Perrig, and D. Song, "SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacks," in IEEE Symposium on Security and Privacy, 2004, pp. 130-143.
17. D. G. Andersen, "Mayday: Distributed filtering for Internet service," in 4th USENIX Symposium on Internet Technologies and Systems, Seattle, WA, 2003.
18. R. Thomas, B. Mark, T. Johnson, and J. Croall, "Netbouncer: Client-legitimacy-based high-performance DDoS filtering," in 3rd DARPA Information Survivability Conference and Exposition, 2003, pp. 14-25.
19. S. M. Bellovin, M. Leech, and T. Taylor, "ICMP traceback messages," IETF Draft, 2003.
20. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical network support for IP traceback," in ACM SIGCOMM '00, vol.30(4), Stockholm, Sweden, 2000, pp. 295-306.
21. R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling high bandwidth aggregates in the network," ACM Computer Communication Review, vol.32(3), pp. 62-73, 2002.
22. G. Price, "A general attack model on hash-based client puzzles," in 9th IMA Conference on Cryptography and Coding, vol.2898, Cirencester, UK, 2003, pp. 319-331.
23. B. Waters, A. Juels, J. A. Halderman, and E. W. Felten, "New client puzzle outsourcing techniques for dos resistance," in 11th ACM CCS, 2004, pp. 246-256.
24. X. Wang and M. K. Reiter, "Mitigating bandwidth-exhaustion attacks using congestion puzzles," in 11th ACM Conference on Computer and Communications Security, Washington DC, 2004, pp. 257-267.
25. W. Feng, "The case for TCP/IP puzzles," in ACM SIGCOMM Future Directions in Network Architecture (FDNA '03), Karlsruhe, Germany, 2003.
26. R. L. Rivest, A. Shamir, and D. A. Wagner, "Time-lock puzzles and timed-release crypto," MIT, Cambridge, Massachusetts, Tech. Rep., 1996.
27. M. Ma, "Mitigating denial of service attacks with password puzzles," in International Conference on Information Technology: Coding and Computing (ITCC '05), vol.2, Las Vegas, 2005, pp. 621-626.
28. B. Groza and D. Petrica, "On chained cryptographic puzzles," in 3rd Romanian-Hungarian Joint Symposium on Applied Computational Intelligence (SACI '06), Timisoara, Romania, 2006.
29. T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd ed. MIT Press and McGraw-Hill, 2001, ch. 35.
30. M. J. Coster, A. Joux, B. A. Lamacchia, A. M. Odlyzko, C. Schnorr, and J. Stern, "Improved low-density subset sum algorithms," Computational Complexity, vol.2(2), 1992.
31. A. K. Lenstra, H. W. Lenstra, and L. Lovász, "Factoring polynomials with rational coefficients," Mathematische Annalen, vol.261(4), pp. 515-534, 1982.
32. M. Abadi, M. Burrows, M. Manasse, and T. Wobber, "Moderately hard, memory-bound functions," in 10th Annual Network and Distributed System Security Symposium (NDSS '03), San Diego, CA, 2003, pp. 25-39.
33. C. Dwork, A. Goldberg, and M. Naor, "On memory-bound functions for fighting spam," in CRYPTO '03, 2003, pp. 426-444.