Skip to main content

Revisiting Difficulty Notions for Client Puzzles and DoS Resilience

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7483)

Abstract

Cryptographic puzzles are moderately difficult problems that can be solved by investing non-trivial amounts of computation and/or storage. Devising models for cryptographic puzzles has only recently started to receive attention from the cryptographic community as a first step towards rigorous models and proofs of security of applications that employ them (e.g. Denial-of-service (DoS) resistance). Unfortunately, the subtle interaction between the complex scenarios for which cryptographic puzzles are intended and typical difficulties associated with defying concrete security easily leads to flaws in definitions and proofs. Indeed, as a first contribution we exhibit shortcomings of the state-of-the-art definition of security of cryptographic puzzles and point out some flaws in existing security proofs. The main contribution of this paper are new security definitions for puzzle difficulty. We distinguish and formalize two distinct flavors of puzzle security (which we call optimal and ideal) and in addition properly define the relation between solving one puzzle vs. solving multiple ones. We demonstrate the applicability of our notions by analyzing the security of two popular puzzle constructions. In addition, we briefly investigate existing definitions for the related notion of DoS security. We demonstrate that the only rigorous security notions proposed to date is not sufficiently demanding (as it allows to prove secure protocols that are clearly not DoS resilient) and suggest an alternative definition. Our results are not only of theoretical interest. We show that our better characterization of hardness for puzzles and DoS resilience allows establishing formal bounds on the effectiveness of client puzzles which confirm previous empirical observations.

Keywords

  • Hash Function
  • Success Probability
  • Random Oracle Model
  • Security Notion
  • Resource Exhaustion

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. ACM Transactions on Internet Technology 5, 299–327 (2005)

    CrossRef  Google Scholar 

  2. Abliz, M., Znati, T.: A guided tour puzzle for denial of service prevention. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 279–288. IEEE Computer Society (2009)

    Google Scholar 

  3. Aura, T., Nikander, P., Leiwo, J.: DOS-Resistant Authentication with Client Puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  4. Back, A.: Hashcash - a denial of service counter-measure. Technical report (2002)

    Google Scholar 

  5. Boyd, C., Gonzalez-Nieto, J., Kuppusamy, L., Narasimhan, H., Rangan, C., Rangasamy, J., Smith, J., Stebila, D., Varadarajan, V.: An investigation into the detection and mitigation of denial of service (Dos) attacks: Critical information infrastructure protection. In: Cryptographic Approaches to Denial-of-Service Resistance, p. 183 (2011)

    Google Scholar 

  6. Chen, L., Morrissey, P., Smart, N.P., Warinschi, B.: Security Notions and Generic Constructions for Client Puzzles. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 505–523. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  7. Dean, D., Stubblefield, A.: Using client puzzles to protect tls. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM 2001, vol. 10, p. 1. USENIX Association, Berkeley (2001)

    Google Scholar 

  8. Dwork, C., Goldberg, A., Naor, M.: On Memory-Bound Functions for Fighting Spam. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 426–444. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  9. Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)

    Google Scholar 

  10. Gao, Y., Susilo, W., Mu, Y., Seberry, J.: Efficient trapdoor-based client puzzle against DoS attacks. Network Security, 229–249 (2010)

    Google Scholar 

  11. Jeckmans, A.: Computational puzzles for spam reduction in SIP (draft) (July 2007)

    Google Scholar 

  12. Jeckmans, A.: Practical client puzzle from repeated squaring. Technical report (August 2009)

    Google Scholar 

  13. Jerschow, Y.I., Mauve, M.: Non-parallelizable and non-interactive client puzzles from modular square roots. In: Sixth International Conference on Availability, Reliability and Security, ARES 2011, pp. 135–142 (2011)

    Google Scholar 

  14. Juels, A., Brainard, J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: Proceedings of NDSS 1999 (Networks and Distributed Security Systems), pp. 151–165 (1999)

    Google Scholar 

  15. Karame, G.O., Čapkun, S.: Low-Cost Client Puzzles Based on Modular Exponentiation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 679–697. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  16. Rangasamy, J., Stebila, D., Boyd, C., Gonzalez Nieto, J.: An integrated approach to cryptographic mitigation of denial-of-service attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 114–123. ACM (2011)

    Google Scholar 

  17. Rivest, R., Shamir, A., Wagner, D.: Time-lock puzzles and timed-release crypto. Technical report, Cambridge, MA, USA (1996)

    Google Scholar 

  18. Stebila, D., Kuppusamy, L., Rangasamy, J., Boyd, C., Gonzalez Nieto, J.: Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 284–301. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  19. Suriadi, S., Stebila, D., Clark, A., Liu, H.: Defending web services against denial of service attacks using client puzzles. In: 2011 IEEE International Conference on Web Services (ICWS), pp. 25–32. IEEE (2011)

    Google Scholar 

  20. Tang, Q., Jeckmans, A.: On non-parallelizable deterministic client puzzle scheme with batch verification modes (2010)

    Google Scholar 

  21. Tritilanunt, S., Boyd, C., Foo, E., González Nieto, J.M.: Toward Non-parallelizable Client Puzzles. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 247–264. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Groza, B., Warinschi, B. (2012). Revisiting Difficulty Notions for Client Puzzles and DoS Resilience. In: Gollmann, D., Freiling, F.C. (eds) Information Security. ISC 2012. Lecture Notes in Computer Science, vol 7483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33383-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33383-5_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33382-8

  • Online ISBN: 978-3-642-33383-5

  • eBook Packages: Computer ScienceComputer Science (R0)