A Guided Tour Puzzle for Denial of Service Prevention

@article{Abliz2009AGT,
  title={A Guided Tour Puzzle for Denial of Service Prevention},
  author={Mehmud Abliz and Taieb Znati},
  journal={2009 Annual Computer Security Applications Conference},
  year={2009},
  pages={279-288}
}
  • M. Abliz, T. Znati
  • Published 7 December 2009
  • Computer Science
  • 2009 Annual Computer Security Applications Conference
Various cryptographic puzzle schemes are proposed as a defense mechanism against denial of service attack. But, all these puzzle schemes face a dilemma when there is a large disparity between the computational power of attackers and legitimate clients: increasing the difficulty of puzzles might unnecessarily restrict legitimate clients too much, and lower difficulty puzzles cannot sufficiently block attackers with large computational resources. In this paper, we introduce guided tour puzzle, a… 

Figures and Tables from this paper

Non-Interactive VDF Client Puzzle for DoS Mitigation

TLDR
This work presents different methods to generate verifiable client puzzles to prevent puzzle forgery and attacks from the client side, and exhibits a transformation of the client puzzle into a DoS-resistant protocol.

Cryptographic puzzles and DoS resilience, revisited

TLDR
New security definitions for puzzle difficulty are distinguished and formalized which properly define two distinct flavors of puzzle security which are optimality and fairness and in addition, properly define the relation between solving one puzzle versus solving multiple ones.

Revisiting Difficulty Notions for Client Puzzles and DoS Resilience

TLDR
New security definitions for puzzle difficulty are distinguished and formalized and it is shown that the better characterization of hardness for puzzles and DoS resilience allows establishing formal bounds on the effectiveness of client puzzles which confirm previous empirical observations.

DNA-based client puzzle for WLAN association protocol against connection request flooding

TLDR
By asking to solve an easy and cost-effective puzzle in OROD puzzle, legitimate users do not suffer from resource exhaustion during puzzle solving, even when under severe DoS attack (high puzzle difficulty).

The Moderately Hard DoS-Resistant Authentication Protocol on Client Puzzles

TLDR
A simple solution as well as an applied authentication protocol was proposed to resist DoS attacks against an authentication protocol and may even render some clients unable to obtain the puzzle solution within the lifetime, resulting in a lack of service from the server.

Foundations, Properties, and Security Applications of Puzzles: A Survey

TLDR
The term puzzle is redefined by collecting and integrating the scattered notions used in different works, to cover all the existing applications, and a comprehensive study of the most important puzzle construction schemes available in the literature is provided.

Foundations, Properties, and Security Applications of Puzzles

TLDR
The term puzzle is redefined by collecting and integrating the scattered notions used in different works, to cover all the existing applications, and a comprehensive study of the most important puzzle construction schemes available in the literature is provided.

IP Layer Client Puzzles: A Cryptographic Defense against DDoS Attack

TLDR
This chapter shows that chained puzzle protocol reduces the network and insfrastructure overhead because the servers do not have to generate puzzles on a per-packet basis and proposes a solution based on the general principle that under attack legitimate clients should be willing to experience some degradation in their performance in order to obtain the requested service.

A Novel WLAN Client Puzzle against DoS Attack Based on Pattern Matching

TLDR
This paper addresses this common DoS attack and proposes a lightweight puzzle, based on pattern-matching, that adequately resists resource-depletion attacks in terms of both puzzle generation and solution verification.

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack

TLDR
A solution based on letter envelop protocol and proof-of-work protocol which forces the users to solve a puzzle before completing the association process with AP is proposed which is resistant against spoofed puzzle solutions attack.

References

SHOWING 1-10 OF 33 REFERENCES

Mitigating denial of service attacks with password puzzles

  • M. Ma
  • Computer Science
    International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II
  • 2005
TLDR
A new IP layer client puzzles scheme, password puzzles (PP), in which a puzzle issuer responds to requests with puzzles that a sender must solve before sending in any packet to a receiver.

Defending against denial-of-service attacks with puzzle auctions

TLDR
This paper proposes a new puzzle mechanism called the puzzle auction that enables each client to "bid" for resources by tuning the difficulty of the puzzles it solves, and to adapt its bidding strategy in response to apparent attacks.

Toward Non-parallelizable Client Puzzles

TLDR
After showing that obvious ideas based on hash chains have significant problems, a new puzzle based on the subset sum problem is proposed, and this is the first example that satisfies all the desirable properties for a client puzzle.

Mitigating bandwidth-exhaustion attacks using congestion puzzles

TLDR
CP is the first designed for the bandwidth-exhaustion attacks that are common at the network (IP) layer and is demonstrated through analysis and simulation that CP can effectively defend networks from flooding attacks without relying on the formulation of attack signatures to filter traffic.

On Chained Cryptographic Puzzles

TLDR
The concept of chained cryptographic puzzle is introduced and two kinds of chained puzzle constructions are defined: linearly chained puzzles and randomly chained puzzles.

Using Client Puzzles to Protect TLS

TLDR
Measurements of CPU load and latency when the modified library is used to protect a secure webserver show that client puzzles are a viable method for protecting SSL servers from SSL based denial-of-service attacks.

DOS-Resistant Authentication with Client Puzzles

TLDR
It is shown how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent denial of service by server resource exhaustion.

A General Attack Model on Hash-Based Client Puzzles

TLDR
This paper presents a general attack model against hash-based client puzzles that works against many published protocols, and draws two requirements of client puzzle protocols that would overcome this attack.

The case for TCP/IP puzzles

  • W. Feng
  • Computer Science
    FDNA '03
  • 2003
TLDR
This paper argues that client puzzles must be placed within the slim waistline of the TCP/IP protocol stack in order to truly provide protection against distributed denial-of-service (DDoS) attacks.

Mayday: Distributed Filtering for Internet Services

  • D. Andersen
  • Computer Science
    USENIX Symposium on Internet Technologies and Systems
  • 2003
TLDR
Mayday generalizes earlier work on Secure Overlay Services by separating the overlay routing and the filtering, and providing a more powerful set of choices for each, and supports mechanisms that achieve better security or better performance than earlier systems.