Corpus ID: 18151070

Deamplification of DoS Attacks via Puzzles

@inproceedings{Beal2004DeamplificationOD,
  title={Deamplification of DoS Attacks via Puzzles},
  author={Jacob Beal},
  year={2004}
}
Puzzles have been proposed as a mechanism to deamplify denial of service attacks against a server’s memory and processing resources. For example, HIP implements a cookie puzzle mechanism to protect the server from wasting resources performing Diffie-Hellman exponentiation in response to spurious requests. We examine cookie puzzle mechanisms of this type. We find that careful attention is needed in server implementation to ensure that an attacker does not retain opportunities to amplify the… Expand

Figures and Tables from this paper

Examining the DoS Resistance of HIP
TLDR
An enhanced approach to DoS resistance of the Host Identity Protocol is proposed by employing a time-lock puzzle instead of a hash-based scheme and the effect of coordinated attacks will be removed and the throughput from legitimate users will return to the desirable level. Expand
Mitigation of Unsolicited Traffic across Domains with Host Identities and Puzzles
TLDR
The analytical investigation indicates that this mechanism may be used to effectively throttle spam by selecting a reasonably complex puzzle. Expand
Using Coloured Petri Nets to Simulate DoS-resistant Protocols
TLDR
This work develops a formal framework based on Timed Coloured Petri Nets (Timed CPNs) and uses a simulation approach provided in CPN Tools to achieve a formal analysis and provides an accurate cost estimate of protocol execution compar- ing among principals, as well as the percentage of successful connections from legitimate users under four strategies of DoS attack. Expand
ForCES protocol design analysis for protection against DoS attacks
  • S. Lakkavalli, H. Khosravi
  • Computer Science
  • Proceedings. 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969)
  • 2004
TLDR
The design issues along with the experimental results are discussed and the separation scheme consists of separating the congestion aware, control and data transport connections such as TCP connections and gives higher priority for control. Expand
Secure Networking for Virtual Machines in the Cloud
TLDR
The proposed scheme is a viable alternative to mitigate some of the privacy issues related to multi-tenancy within a single data center and to secure communications between two clouds in the case of a hybrid cloud. Expand
Automatic detection of DoS vulnerabilities of cryptographic protocols
TLDR
The system for computer-aided DoS protocol resistance analysis, which employs the Petri nets formalism and Spin model-checker, is presented. Expand
A Consolidated Namespace for Network Applications, Developers, Administrators and Users
TLDR
A Consolidated Namespace for Network Applications, Developers, Administrators and Users by Miika Komu is published. Expand
Security approaches for radio frequency identification systems
In this thesis, I explore the challenges related to the security of the Electronic Product Code (EPC) class of Radio Frequency Identification (RFID) tags and associated data. RFID systems can be usedExpand

References

SHOWING 1-10 OF 15 REFERENCES
Using Client Puzzles to Protect TLS
TLDR
Measurements of CPU load and latency when the modified library is used to protect a secure webserver show that client puzzles are a viable method for protecting SSL servers from SSL based denial-of-service attacks. Expand
DOS-Resistant Authentication with Client Puzzles
TLDR
It is shown how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent denial of service by server resource exhaustion. Expand
A taxonomy of DDoS attack and DDoS defense mechanisms
TLDR
This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space. Expand
Efficient, DoS-resistant, secure key exchange for internet protocols
TLDR
JFK is described, a new key exchange protocol primarily designed for use in the IP Security Architecture, which is simple, efficient, and secure; a proof of the latter property is sketched. Expand
Persistent dropping: an efficient control of traffic aggregates
TLDR
A new drop strategy called persistent dropping is proposed to regulate the arrival of SYN packets and achieves three important goals: it allows routers and end-servers to quickly converge to their control targets without sacrificing fairness, it minimizes the portion of client delay that is attributed to the applied controls, and it is both easily implementable and computationally tractable. Expand
Dynamic perfect hashing: upper and lower bounds
TLDR
An Omega (log n) lower bound is proved for the amortized worst-case time complexity of any deterministic algorithm in a class of algorithms encompassing realistic hashing-based schemes. Expand
Host Identity Protocol Architecture Internet Draft, Internet Engineering Task Force Work in progress, version 6. http://www.ietf.org/internet-drafts/ draft-moskowitz-hip-arch-06
  • Host Identity Protocol Architecture Internet Draft, Internet Engineering Task Force Work in progress, version 6. http://www.ietf.org/internet-drafts/ draft-moskowitz-hip-arch-06
  • 2004
Host Identity Protocol, Internet Draft, Internet Engineering Task Force Work in progress. http://www.ietf.org/internet-drafts/ draft-ietf-hip-base-00
  • Host Identity Protocol, Internet Draft, Internet Engineering Task Force Work in progress. http://www.ietf.org/internet-drafts/ draft-ietf-hip-base-00
  • 2004
Internet Key Exchange (IKEv2) Protocol. Internet Draft, Internet Engineering Task Force Work in progress, version 17
  • Internet Key Exchange (IKEv2) Protocol. Internet Draft, Internet Engineering Task Force Work in progress, version 17
  • 2004
TCP SYN Flooding
...
1
2
...