Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Research in Networking

NETWORKING 2012: NETWORKING 2012 pp 184–197Cite as

  1. Home
  2. NETWORKING 2012
  3. Conference paper
Secure Client Puzzles Based on Random Beacons

Secure Client Puzzles Based on Random Beacons

  • Yves Igor Jerschow20 &
  • Martin Mauve20 
  • Conference paper
  • 978 Accesses

  • 3 Citations

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 7290)

Abstract

Denial of Service (DoS) attacks pose a fast-growing threat to network services in the Internet, but also corporate Intranets and public local area networks like Wi-Fi hotspots may be affected. Especially protocols that perform authentication and key exchange relying on expensive public key cryptography are likely to be preferred targets. A well-known countermeasure against resource depletion attacks are client puzzles.Most existing client puzzle schemes are interactive. Upon receiving a request the server constructs a puzzle and asks the client to solve this challenge before processing its request. But the packet with the puzzle parameters sent from server to client lacks authentication. The attacker might mount a counterattack on the clients by injecting faked packets with bogus puzzle parameters bearing the server’s sender address. A client receiving a plethora of bogus challenges may become overloaded and probably will not be able to solve the genuine challenge issued by the authentic server. Thus, its request remains unanswered. In this paper we introduce a secure client puzzle architecture that overcomes the described authentication issue. In our scheme client puzzles are employed noninteractively and constructed by the client from a periodically changing, secure random beacon. A special beacon server broadcasts beacon messages which can be easily verified by matching their hash values against a list of beacon fingerprints that has been obtained in advance. We develop sophisticated techniques to provide a robust beacon service. This involves synchronization aspects and especially the secure deployment of beacon fingerprints.

Keywords

  • network security
  • Denial of Service (DoS)
  • client puzzles
  • authentication
  • public key cryptography

Download conference paper PDF

References

  1. Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately Hard, Memory-bound Functions. ACM Transactions on Internet Technology 5, 299–327 (2005)

    CrossRef  Google Scholar 

  2. Aura, T., Nikander, P., Leiwo, J.: DOS-Resistant Authentication with Client Puzzles. Revised Papers from the 8th International Workshop on Security Protocols, pp. 170–177 (April 2001)

    Google Scholar 

  3. Back, A.: Hashcash - A Denial of Service Counter-Measure (August 2002), http://www.hashcash.org/papers/hashcash.pdf

  4. Chen, L., Morrissey, P., Smart, N.P., Warinschi, B.: Security Notions and Generic Constructions for Client Puzzles. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 505–523. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  5. Dean, D., Stubblefield, A.: Using Client Puzzles to Protect TLS. In: SSYM 2001: Proceedings of the 10th USENIX Security Symposium (August 2001)

    Google Scholar 

  6. Feng, W.-C., Kaiser, E., Feng, W.-C., Luu, A.: The Design and Implementation of Network Puzzles. In: INFOCOM 2005: Proceedings of the 24th IEEE Conference on Computer Communications, pp. 2372–2382 (March 2005)

    Google Scholar 

  7. Hlavacs, H., Gansterer, W.N., Schabauer, H., Zottl, J., Petraschek, M., Hoeher, T., Jung, O.: Enhancing ZRTP by using Computational Puzzles. Journal of Universal Computer Science 14(5), 693–716 (2008)

    Google Scholar 

  8. Jerschow, Y.I., Lochert, C., Scheuermann, B., Mauve, M.: CLL: A Cryptographic Link Layer for Local Area Networks. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 21–38. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  9. Jerschow, Y.I., Mauve, M.: Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots. In: ARES 2011: Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 135–142 (August 2011)

    Google Scholar 

  10. Jerschow, Y.I., Scheuermann, B., Mauve, M.: Counter-Flooding: DoS Protection for Public Key Handshakes in LANs. In: ICNS 2009: Proceedings of the 5th International Conference on Networking and Services, pp. 376–382 (April 2009)

    Google Scholar 

  11. Juels, A., Brainard, J.G.: Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks. In: NDSS 1999: Proceedings of the Network and Distributed System Security Symposium (February 1999)

    Google Scholar 

  12. Lloyd, J.: Botan: a BSD-licensed crypto library for C++, http://botan.randombit.net

  13. Martinovic, I., Zdarsky, F.A., Wilhelm, M., Wegmann, C., Schmitt, J.B.: Wireless Client Puzzles in IEEE 802.11 Networks: Security by Wireless. In: WiSec 2008: Proceedings of the ACM Conference on Wireless Network Security (March 2008)

    Google Scholar 

  14. Peng, T., Leckie, C., Ramamohanarao, K.: Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys 39(1), 3 (2007)

    CrossRef  Google Scholar 

  15. Schaller, P., Čapkun, S., Basin, D.: BAP: Broadcast Authentication Using Cryptographic Puzzles. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 401–419. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  16. Tang, Q., Jeckmans, A.: On Non-Parallelizable Deterministic Client Puzzle Scheme with Batch Verification Modes. Centre for Telematics and Information Technology, University of Twente (January 2010), http://doc.utwente.nl/69557/

  17. Tritilanunt, S., Boyd, C., Foo, E., González Nieto, J.M.: Toward Non-parallelizable Client Puzzles. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 247–264. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  18. von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems For Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  19. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS Defense by Offense. In: SIGCOMM 2006: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 303–314 (September 2006)

    Google Scholar 

  20. Wang, X., Reiter, M.K.: A multi-layer framework for puzzle-based denial-of-service defense. International Journal of Information Security 7, 243–263 (2008)

    CrossRef  Google Scholar 

  21. Waters, B., Juels, A., Alex Halderman, J., Felten, E.W.: New Client Puzzle Outsourcing Techniques for DoS Resistance. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 246–256 (October 2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, Heinrich Heine University, 40225, Düsseldorf, Germany

    Yves Igor Jerschow & Martin Mauve

Authors
  1. Yves Igor Jerschow
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Mauve
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telecommunications Engineering, Czech Technical University in Prague, Technicka 2, 166 27, Prague 6, Czech Republic

    Robert Bestak & Lukas Kencl & 

  2. Bell Labs, Alcatel-Lucent, 600 Mountain Avenue, 07974-0636, Murray Hill, NJ, USA

    Li Erran Li

  3. Instituto IMDEA Networks, Avenida del Mar Mediterraneo 22, 28918, Leganes (Madrid), Spain

    Joerg Widmer

  4. Tsinghua-ChinaCache Joint Laboratory, Tsinghua University, FIT 3-429, Haidian District, 100016, Beijing, China

    Hao Yin

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Jerschow, Y.I., Mauve, M. (2012). Secure Client Puzzles Based on Random Beacons. In: Bestak, R., Kencl, L., Li, L.E., Widmer, J., Yin, H. (eds) NETWORKING 2012. NETWORKING 2012. Lecture Notes in Computer Science, vol 7290. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30054-7_15

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-30054-7_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30053-0

  • Online ISBN: 978-3-642-30054-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature