微信服务号

微信订阅号

2025-6-2- 11
Home > Archive>Volume 20, Issue 9, 2009 >2558-2573
PDF HTML XML Export Cite reminder
Adaptive Client Puzzle Scheme Against Denial-of-Service Attacks
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [24]
    • |
  • Related [3]
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    This paper studies the traditional client puzzle scheme and proposes an adaptive scheme which erforms a lightweight client-server interaction to flexibly adjust the puzzle difficulty according to the eal-time statuses of both client and server. To evaluate the applicability, the authors combine the two schemes and develop an adaptive DoS-resistant security framework for Peer-to-Peer networks. The theoretical analyses and experimental results show that the adaptive client puzzle scheme can ffectively defend against various DoS attacks without significantly influencing legitimate clients’ experiences even in a highly malicious environment.

    Reference
    [1] Handley M, Rescorla E. Internet denial-of-service considerations (RFC4732). 2006. http://www.ietf.org/rfc/rfc4732.txt
    [2] Parno B, Wendlandt D, Shi E, Perrig A, Maggs B, Hu YC. Portcullis: Protecting connection setup from denial-of-capability attacks. In: Proc. of the ACM SIGCOMM 2007. 2007. 289-300.
    [3] Aura T, Nikander P, Leiwo J. DOS-Resistant authentication with client puzzles. In: Proc. of the 8th Int’l Workshop on Security Protocols. 2000. 170-177.
    [4] Merkle R. Secure communications over insecure channels. Communications of the ACM, 1978,21(4):294-299.
    [5] Dwork C, Naor M. Pricing via processing or combatting junk mail. In: Proc. of the CRYPTO’92. 1992. 139-147.
    [6] Juels A, Brainard J. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: Proc. of the 1999 Network and Distributed System Security Symp. (NDSS). 1999. 151-165.
    [7] Abadi M, Burrows M, Manasse M, Wobber T. Moderately hard, memory-bound functions. ACM Trans. on Internet Technology (TOIT), 2005,5(2):299-327.
    [8] Rivest R, Shamir A, Wagner D. Time-Lock puzzles and timed-release crypto. Technical Report, MIT-LCS-TR-684, MIT, 1996.
    [9] Bocan V. Threshold puzzles: The evolution of DOS-resistant authentication. Trans. on Automatic Control and Computer Science, 2004,49(63).
    [10] Wang X, Reiter M. Defending against denial-of-service attacks with puzzle auctions. In: Proc. of the 2003 IEEE Symp. on Security and Privacy. 2003. 78-92.
    [11] Laurens V, Saddik A, Nayak A. Requirements for client puzzles to defeat the denial of service and the distributed denial of service attacks. Int’l Arab Journal of Information Technology, 2006,3(4):326-333.
    [12] Meadows C. A formal framework and evaluation method for network denial of service. In: Proc. of the 12th IEEE Computer Security Foundations Workshop. 1999. 4-13.
    [13] Krawczyk H, Bellare M, Canetti R. HMAC: Keyed-Hashing for message authentication (RFC2104). 1997. http://www.ietf.org/rfc/ rfc2104.txt
    [14] Cho K, Fukuda K, Esaki H, Kato A. The impact and implications of the growth in residential user-to-user traffic. In: Proc. of the ACM SIGCOMM 2006. 2006. 207-218.
    [15] Liang J, Kumar R, Ross K. The KaZaA overlay: A measurement study. Computer Networks Journal (Special Issue on Overlay Distribution Structures and their Applications), 2005.
    [16] Napster. http://www.napster.com/
    [17] Gnutella. http://www.gnutella.com/
    [18] Chawathe Y, Ratnasamy S, Breslau L, Lanham N, Shenker S. Making Gnutella-like P2P systems scalable. In: Proc. of the ACM SIGCOMM 2003. 2003. 407-418.
    [19] Merugu S, Srinivasan S, Zegura E. Adding structure to unstructured peer-to-peer networks: the role of overlay topology. In: Proc. of the Networked Group Communication (NGC). 2003.
    [20] Liang J, Kumar R, Xi Y, Ross K. Pollution in P2P file sharing systems. In: Proc. of the IEEE INFOCOM 2005. 2005. 1174-1185.
    [21] Saroiu S, Gummadi P, Gribble S. A measurement study of peer-to-peer file sharing systems. In: Proc. of the Multimedia Computing and Networking. 2002.
    [22] Sripanidkulchai K. The popularity of Gnutella queries and its implications on scalability. In: Proc. of the O’Reilly Peer-to-Peer and Web Services Conf. 2001.
    [23] Keromytis A, Misra V, Rubenstein D. SOS: An architecture for mitigating DDoS attacks. IEEE Journal on Selected Areas in Communications, 2004,22(1):176-188.
    [24] Stoica I, Morris R, Karger D, Kaashoek M, Balakrishnan H. Chord: A scalable peer-to-peer lookup service for Internet applications. In: Proc. of the ACM SIGCOMM 2001. 2001. 149-160.
    Cited by
Get Citation

陈瑞川,郭文嘉,唐礼勇,陈钟.一种抵御拒绝服务攻击的自适应客户端难题.软件学报,2009,20(9):2558-2573

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:February 20,2008
  • Revised:December 10,2008
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063