Skip to main content
SpringerLink
Log in
Book cover

Network Security pp 229–249Cite as

Efficient Trapdoor-Based Client Puzzle Against DoS Attacks

  • Chapter
  • First Online:

Abstract

It is well known that authentication, integrity, and confidentiality are the most important principles of network security. However, recent reports about a number of prominent Internet service providers that broke down because of malicious attacks [2, 3, 32,32] urge people to realize that all security principles must be based on service availability. “Availability” in this context refers to a service that can be accessed within a reasonable amount of waiting time after a legitimate client sends a request.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    In this context, “cost” means computational cost, such as CPU processing time or/and memory space.

  2. 2.

    A subtraction operation can be viewed as an addition in a computer system.

References

  1. Digital signature standard (DSS). In Federal Information Processing Standards Publication 186. National Institute of Standards and Technology (NIST), 1994.

    Google Scholar 

  2. The New York Times, 12 September, 1996.

    Google Scholar 

  3. R. Aguilar, and J. Kornblum. New York Times site hacked. CNET NEWS.COM, 8 November, 1996.

    Google Scholar 

  4. T. Aura, P. Nikander, and J. Leiwo. Dos-resistant authentication with client puzzles. Security Protocols, 8th International Workshop, Cambridge, UK, April 3–5, 2000; revised papers, Vol. 2133 of Lecture Notes in Computer Science, pp. 170–177, Springer, 2001.

    Google Scholar 

  5. B. Waters, A. Juels, J. A. Halderman, and E. W. Felten. New client puzzle outsourcing techniques for dos resistance. In ACM Conference on Computer and Communications Security, pp. 246–256, 2004.

    Google Scholar 

  6. D. Bernstein. Syn floods - a solution. Available at http://www.op.net/jaw/syn-fix.html, 1996.

  7. E. Brickell, and K. McCurley. An interactive identification scheme based on discrete logarithms and factoring. In Advances in Cryptology, Proceedings EUROCRYPT 90, LNCS 473, Vol. 5, pp. 23–29. Springer, 1991.

    Google Scholar 

  8. CNN. Cyber-attacks batter Web heavyweights. Available at http://www.cnn.com/2000/tech/computing/02/09/cyber.attacks.01/index.html, February 2002.

  9. daN.Re:client puzzle protocol neohapsis archives. Available athttp://archives.neohapsis.com/archives/nfr-wizards/2000-q1/0645.html, 2000.

  10. C. Davidson. The “SYN flood” gates open for WebCom. iWorld Weekly, 16 December, 1996.

    Google Scholar 

  11. C. Dwork, and M. Naor. Pricing via processing or combatting junk mail. In Advances in Cryptology, Proceedings CRYPTO 92, LNCS 740, pp. 139–147, Santa Barbara, CA USA, Springer, August 1992.

    Google Scholar 

  12. T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31:469–472, 1985.

    Article  MathSciNet  MATH  Google Scholar 

  13. J. Elliot. Distributed denial of service attacks and the zombie ant effect. IT Professional, pp. 55–57, March 2000.

    Google Scholar 

  14. P. Ferguson, and D. Senie. Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing. IETF, RFC 2267, January 1998.

    Google Scholar 

  15. A. Juels, and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In S. Kent, (Ed.), Distributed Systems Security (SNDSS), pp. 151–165, 1999.

    Google Scholar 

  16. F. Kargl, J.Maier, and M. Weber. Protecting web servers from distributed denial of service attacks. In Proceedings of the 10th International WWW Conference, Hong Kong, May 1–5, 2001.

    Google Scholar 

  17. C. Kaufman, R. Perlman, and M. Speciner. Network Security: Private Communication in a Public World (2nd Edition). Prentice Hall PTR, 2002.

    Google Scholar 

  18. A.K. Lenstra, and H.W. Lenstra, Jr. Algorithms in number theory. In J. van Leeuwen, (Ed.), Handbook of Theoretical Computer Science, Vol. A, pp. 673–715, MIT/Elsevier, 1990.

    Google Scholar 

  19. C. Mclvor, M. Mcloone, and J. Mccanny. Modified montgomery modular multiplication and rsa exponentiation techniques. In IEE Proceedings - Computers & Digital Techniques, Vol. 151, pp. 402–408, November 2004.

    Article  Google Scholar 

  20. A. Oldyzko. Discrete logarithms in finite fields and their cryptographic significance. In Advances in Cryptology, Proceedings EUROCRYPT 84, LNCS 209, pp. 224–314, Springer, 1984.

    Google Scholar 

  21. K. Park, and H. Lee. On the effectiveness of probabilistic packet marking for ip traceback under denial of service attack. IEEE INFOCOM 2001, pp. 338–347, 2001.

    Google Scholar 

  22. K. Park, and H. Lee. On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law internets. In Proceedings of ACM SIGCOMM’2001, August 2001.

    Google Scholar 

  23. K. Park, and H. Lee. Advanced packet marking mechanism with pushback for ip traceback. In ACNS04 PROGRAM - Academic Track, June 8–11, 2004.

    Google Scholar 

  24. M. B. Rash. client puzzle protocol. Available at http://honor.trusecure.com/pipermail/firewall-wizards/2000-february/007944.html, 2000.

  25. L. Ricciulli, P. Lincoln, and P. Kakkar. TCP SYN flooding defense. In In Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS’99), 1999.

    Google Scholar 

  26. B. Schneier. Applied cryptography : protocols, algorithms, and source code in C. Wiley, 1996.

    Google Scholar 

  27. C. Schnorr. Efficient signature generation for smart cards. In Advances in Cryptology, Proceedings CRYPTO 89, LNCS 435, pp. 239–252, Springer, 1990.

    Google Scholar 

  28. L. Sherriff. Virus launches ddos for mobile phones. Available at http://www.theregister.co.uk/content/1/12394.html.

  29. C. Wang, C. Lin, and C. Chang. Signature schemes based on two hard problems simultaneously. In the 17th International Conference on Advanced Information Networking and Applications, pp. 557–560, 2003.

    Google Scholar 

  30. G. Weijers. re:client puzzle protocol. Available at http://archives.neohapsis.com/archives/nfr-wizards/2000-q1/0558.html, 2000.

  31. M. Williams. Ebay, amazon, buy.com hit by attacks. IDG News Service, 9 February 2000.

    Google Scholar 

  32. B. Ziegler. Hacker tangles panix Web site. Wall Street Journal, 12 September 1996.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology and Computer Science, University of Wollongong, Wollongong, Australia

    Yi Gao

Authors
  1. Yi Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jennifer Seberry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yi Gao .

Editor information

Editors and Affiliations

  1. , Department of Computer Science, City University of Hong Kong, Tat Chee Avenue 83, Hong Kong, 0, Hong Kong/PR China

    Scott C.-H. Huang

  2. , Computer Science and Engineering, University of Minnesota, Union Street SE., 200, Minneapolis, 55455-0000, USA

    David MacCallum

  3. Erik Jonsson School of Engineering &, Computer Science, University of Texas, Dallas, W. Campbell Road 800, Richardson, 75080, USA

    Ding-Zhu Du

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Gao, Y., Susilo, W., Mu, Y., Seberry, J. (2010). Efficient Trapdoor-Based Client Puzzle Against DoS Attacks. In: Huang, SH., MacCallum, D., Du, DZ. (eds) Network Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-73821-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-73821-5_10

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-73820-8

  • Online ISBN: 978-0-387-73821-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation