Abstract | ||
---|---|---|
Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A well-known countermeasure against DoS attacks are client puzzles. The victimized server demands from the clients to commit computing resources before it processes their requests. To get service, a client must solve a cryptographic puzzle and submit the right solution. Existing client puzzle schemes have some drawbacks. They are either parallelizable, coarse-grained or can be used only interactively. In case of interactive client puzzles where the server poses the challenge an attacker might mount a counterattack on the clients by injecting fake packets containing bogus puzzle parameters. In this paper we introduce a novel scheme for client puzzles which relies on the computation of square roots modulo a prime. Modular square root puzzles are non-parallelizable, i.e., the solution cannot be obtained faster than scheduled by distributing the puzzle to multiple machines or CPU cores, and they can be employed both interactively and non-interactively. Our puzzles provide polynomial granularity and compact solution and verification functions. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 GBit networks. In addition, we show how to raise the efficiency of our puzzle scheme by introducing a bandwidth-based cost factor for the client. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1109/ARES.2011.27 | ARES |
Keywords | Field | DocType |
cryptographic protocols,public key cryptography,DoS attacks,authentication handshakes,bandwidth-based cost factor,bogus puzzle parameters,computing resources,cryptographic puzzle,denial of service attacks,modular square root puzzles,noninteractive client puzzles,nonparallelizable client puzzles,polynomial granularity,public key cryptography,server demands,Denial of Service (DoS),authentication,client puzzles,computational puzzles,network protocols | Authentication,Denial-of-service attack,Cryptographic protocol,Computer science,Cryptography,Computer security,Server,Public-key cryptography,Benchmark (computing),Communications protocol | Conference |
Citations | PageRank | References |
7 | 0.49 | 21 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yves Igor Jerschow | 1 | 33 | 3.68 |
Martin Mauve | 2 | 1840 | 153.45 |