An integrated approach to cryptographic mitigation of denial-of-service attacks

Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011

Volumn , Issue , 2011, Pages 114-123

  Rangasamy, Jothi ^a   Stebila, Douglas ^a   Boyd, Colin ^a   Nieto, Juan González ^a  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Bernstein's signatures; Client puzzles; Denial of service; Secure Sockets Layer (SSL)

Indexed keywords

AUTHENTICATION; CRYPTOGRAPHY; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; NETWORK PROTOCOLS; NETWORK SECURITY;

BERNSTEIN SIGNATURE; CLIENT AUTHENTICATION; CLIENT PUZZLES; CRYPTOGRAPHICS; DENIAL OF SERVICE; DENIALOF- SERVICE ATTACKS; INTEGRATED APPROACH; SECURE SOCKET LAYER; SECURE SOCKETS LAYERS; SPECIAL CLASS;

DENIAL-OF-SERVICE ATTACK;

EID: 79955993934     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1966913.1966929     Document Type: Conference Paper

References (30)

1. ACME Labs. http load, March 2006. URL: http://www.acme.com/software/ httpload/.
2. T. Aura and P. Nikander. Stateless connections. In Y. Han, T. Okamoto, and S. Qing, editors, Proceedings of the First International Conference on Information and Communications Security (ICICS) 1997, volume 1334 of LNCS, pages 87-97. Springer, 1997. (Pubitemid 127148037)
3. T. Aura, P. Nikander, and J. Leiwo. DoS-resistant authentication with client puzzles. In B. Christianson, B. Crispo, J. A. Malcolm, and M. Roe, editors, Security Protocols: 8th International Workshop, volume 2133 of LNCS, pages 170-177. Springer, 2000. (Pubitemid 33347515)
4. A. Back. Hashcash: A denial-of-service countermeasure. 2002. URL: http://www.hashcash.org/papers/hashcash.pdf.
5. D. J. Bernstein. A secure public-key signature system with extremely fast verification, August 2000. URL: http://cr.yp.to/papers.html#sigs.
6. D. J. Bernstein. Proving tight security for Rabin-Williams signatures. In N. Smart, editor, Advances in Cryptology-Proc. EUROCRYPT 2008, volume 4965 of LNCS, pages 70-87. Springer, 2008. (Pubitemid 351762824)
7. C. Castelluccia, E. Mykletun, and G. Tsudik. Improving secure server performance by re-balancing SSL/TLS handshakes. In Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pages 26-34. ACM, 2006. (Pubitemid 46644723)
8. CERT. Denial of service attacks. URL: http://www.cert.org/techtips/ denialofservice.html 3 May 2010.
9. L. Chen, P. Morrissey, N. P. Smart, and B. Warinschi. Security notions and generic constructions for client puzzles. In M. Matsui, editor, Advances in Cryptology - Proc. ASIACRYPT 2009, volume 5912 of LNCS, pages 505-523. Springer, 2009.
10. C. Coarfa, P. Druschel, and D. Wallach. Performance analysis of TLS web servers. ACM Transactions on Computer Systems, 24(1):39-69, 2006.
11. D. Dean and A. Stubblefield. Using client puzzles to protect TLS. In Proc. 10th USENIX Security Symposium, 2001.
12. W. Feng, E. Kaiser, and A. Luu. Design and implementation of network puzzles. In INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, volume 4, pages 2372-2382. IEEE, 2005.
13. S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen message attacks. SIAM Journal on Computing, 17(2):281-308, April 1988.
14. A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proc. Internet Society Network and Distributed System Security Symposium (NDSS) 1999, pages 151-165. Internet Society, 1999.
15. P. Karn and W. A. Simpson. Photuris: Session-key management protocol, March 1999. RFC 2522. URL: http://www.ietf.org/rfc/rfc2522.txt.
16. C. Kaufman. Internet Key Exchange (IKEv2) protocol, December 2005. RFC 4306. URL: http://www.ietf.org/rfc/rfc4306.txt.
17. V. Laurens, A. El-Saddik, and A. Nayak. Requirements for client puzzles to defeat the denial of service and the distributed denial of service attacks. International Arab Journal of Information Technology, 3(4):326{333, 2006.
18. C. Meadows. A formal framework and evaluation method for network denial of service. In Proc. 12th IEEE Computer Security Foundations Workshop (CSFW) 1999, page 4. IEEE, 1999.
19. C. Meadows. A cost-based framework for analysis of denial of service networks. Journal of Computer Security, 9(1/2):143{164, 2001. (Pubitemid 32286900)
20. D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage. Inferring internet denial-of-service activity. ACM Transactions on Computer Systems (TOCS), 24(2):115-139, 2006.
21. S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2009. URL: http://www.bitcoin.org/bitcoin.pdf.
22. J. Smith, J. González Nieto, and C. Boyd. Modelling denial of service attacks on JFK with Meadows's cost-based framework. In Proceedings of the 2006 Australasian Workshops on Grid Computing and e-research, volume 54, pages 125-134. Australian Computer Society, Inc., 2006.
23. J. Smith, S. Tritilanunt, C. Boyd, J. González Nieto, and E. Foo. Denial of service resistance in key establishment. International Journal of Wireless and Mobile Computing, 2(1):59-71, 2007.
24. D. Stebila, L. Kuppusamy, J. Rangasamy, C. Boyd, and J. González Nieto. Stronger difficulty notions for client puzzles and denial-of-service- resistant protocols. In A. Kiayias, editor, Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference, volume 6558 of LNCS, pages 284-301. Springer, 2011. URL: http://eprint.iacr.org/2010/649.pdf.
25. D. Stebila and B. Ustaoglu. Towards denial of service resilient key agreement protocols. In C. Boyd and J. González Nieto, editors, Proceedings of the 14th Australasian Conference on Information Security and Privacy (ACISP) 2009, volume 5594 of LNCS, pages 389-406. Springer, 2009.
26. S. Tritilanunt, C. Boyd, E. Foo, and J. González Nieto. Toward non-parallelizable client puzzles. In F. Bao, S. Ling, T. Okamoto, H. Wang, and C. Xing, editors, Cryptology and Network Security (CANS) 2007, volume 4856 of LNCS, pages 247-264. Springer, 2007.
27. X. Wang and M. K. Reiter. Defending against denial-of-service attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (SP'03), pages 78-92. IEEE Press, 2003.
28. H. Williams. A modification of the RSA public-key encryption procedure. IEEE Transactions on Information Theory, 26(6):726-729, 1980. (Pubitemid 11460687)
29. E. A. Young and T. J. Hudson. The OpenSSL project, 2007. URL: http://www.openssl.org.
30. Zona Research. The need for speed II. April, 2001. URL: http://www.keynote.com/downloads/ZonaNeedForSpeed.pdf.