Guaranteeing Access in Spite of Distributed Service-Flooding Attacks

  • Virgil D. Gligor
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3364)


We argue that open networks designed using end-to-end arguments are particularly vulnerable to flooding, and that this vulnerability persists as hardware and operating systems technologies advance. An effective end-to-end approach to counter distributed flooding attacks against public services and provide access guarantees to their clients is to establish and enforce “user agreements” among clients outside the public services they access. Among the user agreements designed to protect servers from flooding attacks, those requiring client proofs of work (e.g., client puzzles using hash functions) are both ineffective and unnecessary whenever strong access guarantees are desired. In contrast, simple rate-control agreements can be defined to provide strong guarantees based on waiting-time limits. These agreements are established by special-purpose servers and verified before request processing at network-line rate, and hence cannot be flooded.


Hash Function Message Authentication Code Client Request USENIX Security Symposium User Agreement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    von Ahn, L., Blum, M., Hopper, N., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–178. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Bertsekas, D., Gallager, R.: Data Networks, 2nd edn. Prentice-Hall, Englewood Cliffs (1992)zbMATHGoogle Scholar
  4. 4.
    Bromley, D.W.: Making the Commons Work: Theory, Practice and Policy. ICS Press, San Francisco (1992), (Part 2, describing case studies; cf. [17], p. 22, 272Google Scholar
  5. 5.
    Darmohray, T., Oliver, R.: Hot Spares for DoS Attacks. login 25, No.7, (July 2000)Google Scholar
  6. 6.
    Dean, D., Stubblefield, A.: Using Client Puzzles to Protect TLS. In: Proc. of the USENIX Security Symposium (August 2001)Google Scholar
  7. 7.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
  8. 8.
    Gligor, V.D.: A Note on the Denial-of-Service Problem. In: Proc. of the IEEE Symposium on Computer Security and Privacy, Oakland, California (April 1983); also in IEEE Transactions on Software Engineering, SE-10, No. 3 (May 1984)Google Scholar
  9. 9.
    Gligor, V.D.: On Denial of Service in Computer Networks. In: Proc. of Int’l Conference on Data Engineering, Los Angeles, California, Los Angeles, California, February 1986, pp. 608–617 (1986)Google Scholar
  10. 10.
    Gligor, V.D., Donescu, P.: Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 92–108. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Hagerup, T., Rub, C.: A Guided Tour of Chernoff Bounds. In: Information Processing Letters, 33th edn., pp. 305–308. North-Holland, Amsterdam (1989-90)Google Scholar
  12. 12.
    Hardin, G.: The Tragedy of Commons. Science 162, 1243 (1968)CrossRefGoogle Scholar
  13. 13.
    Henessy, J., Patterson, D.: Computer Architecture: A Quantitative Approach, pp. 8–9. Morgan-Kaufmann, San Francisco (1990)Google Scholar
  14. 14.
    Ioannidis, J., Bellovin, S.: Implementing Pushback: Router-Based Defense Against DDoS Attacks. In: Proc. of Network and Distributed Systems Security Symposium, San Diego, California, February 2002, pp. 79–86. San Diego (2002)Google Scholar
  15. 15.
    Juels, A., Brainard, J.: Client Puzzles: A Cryptographic Defense Against Connection Depletion Attacks. In: Proc. of Network and Distributed Systems Symposium, San Diego, CA, February (1999)Google Scholar
  16. 16.
    Lampson, B.: Software Components: Only Giants Survive. In: Herbert, A., Sparck Jones, K. (eds.) Computer Systems: Papers for Roger Needham. Microsoft Research, February 2003, pp. 113–120 (2003)Google Scholar
  17. 17.
    Lessig, L.: The Future of Ideas: The Fate of the Commons in a Connected World. Random House, N.Y. (2001)Google Scholar
  18. 18.
    Millen, J.K.: A Resource Allocation Model for Denial of Service. In: Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, vol. 2, pp. 89–106 (1993), (also in the Journal of Computer Security)Google Scholar
  19. 19.
    Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service Activity. In: Proc. of 2001 USENIX Security Symposium, Washington D.C (August 2001)Google Scholar
  20. 20.
    Pearson, S., Balacheff, B., Chen, L.: Trusted Computing Platforms – TCPA Technology in Context. Prentice Hall PTR, Englewood Cliffs (2003)Google Scholar
  21. 21.
    Saltzer, J.H., Reed, D.P., Clark, D.D.: End-to-End Arguments in System Design. ACM Transactions on Computer Systems 2 (November 1984)Google Scholar
  22. 22.
    Wang, L., Pai, V., Petersen, L.: The Effectiveness of Request Redirection on CDN Robustness. In: Proc. of the 5th Symp. on OS Design and Implementation (OSDI), Boston, Mass (December 2002)Google Scholar
  23. 23.
    Wang, X., Reiter, M.: Defending Against Denial-of-Service Attacks with Puzzle Auctions. In: Proc. of IEEE Symp. on Security and Privacy, Berkeley, CA (May 2003)Google Scholar
  24. 24.
    Xu, J., Lipton, R., Essa, I.: Hello, Are You Human, Technical Report, Georgia Institute of Technology (November 2000)Google Scholar
  25. 25.
    Yu, C.-F., Gligor, V.D.: A Formal Specification and Verification Method for Preventing Denial of Service Attacks. In: Proc. of the IEEE Security and Privacy Symposium, Oakland, CA, April 1988, vol. SE-16, pp. 187–200 (1998); also in IEEE Transactions on Software Engineering, June 1990, pp. 581-592Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Virgil D. Gligor
    • 1
  1. 1.VDG Inc.Chevy Chase

Personalised recommendations