Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

 
 
 
  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract


    In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.


  • Keywords


    Distributed Denial of Service Attacks (DDoS); Client Puzzle Mechanism; Cryptographic Puzzles; Authentication.

  • References


      [1] A. Juels and J. Brainard, “Client puzzles: A cryptographic countermeasure against connection depletion attacks,” in Proc. Netw. Distrib. Syst. Secur. Symp. 1999

      [2] J. Green, J. Juen, O. Fatemieh, R. Shankesi, D. Jin, and C. A. Gunter “Reconstructing Hash Reversal based Proof of Work Schemes,” in Proc. 4th USENIX Workshop Large-Scale Exploits Emergent Threats, 2011.

      [3] E. Kaiser and W.-C. Feng “mod_kaPoW: Mitigating DoS with transparent proof-of-work,”, in Proc. ACM CoNEXT Conf., 2007. https://doi.org/10.1145/1364654.1364737.

      [4] Christos Douligeris, “DDoS attacks and defense mechanisms: classification and state-of-the-art,” Department of Informatics, University of Piraeus, 80 Karaoli and Dimitriou Str, Piraeus 18534, 13 October 2003.

      [5] Qiang Tang* and Arjan Jeckmans, “Towards a security model for computational puzzle schemes,” International Journal of Computer Mathematics Vol. 88, No.11,pp. 2246–2257, July 2011. https://doi.org/10.1080/00207160.2010.543951.

      [6] Yves Igor Jerschow Martin Mauve, “Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots”, Institute of Computer Science, Heinrich Heine University, D¨usseldorf, Germany.

      [7] Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. In: Proceedings of Network and Distributed Systems Security Symposium, San Diego, California, USA, 2003, pp. 107–121 (February 2003)

      [8] Dwork, C., Goldberg, A., Naor, M.: On memory-bound functions for fighting spam. In: Proceedings of the 23rd Annual International Cryptology Conference, pp. 426–444 (2003) https://doi.org/10.1007/978-3-540-45146-4_25.

      [9] T. J. McNevin, J.-M. Park, and R. Marchany, “A DoS limiting network architecture,” Virginia Tech Univ., Dept. Elect. Comput. Eng., Blacksburg, VA, USA, Tech. Rep. TR-ECE-04-10, Oct. 2004.

      [10] Sujata Doshi, Fabian Monrose, and Aviel D. Rubin Johns, “Efficient Memory Bound Puzzles Using Pattern Databases” J. Zhou, M. Yung, and F. Bao(Eds.): ACNS 2006, LNCS 3989, pp. 98–113, 2006. c Springer-Verlag Berlin Heidelberg 2006.

      [11] Yongdong Wu, Zhigang Zhao, Feng Bao, and Robert H. Deng, ” Software Puzzle: A Countermeasure to Resource-Inflated Denial-of-Service Attacks ” Ieee Transactions On Information Forensics And Security, Vol. 10, No. 1, January 2015

      [12] J. E. Smith and R. Nair, Virtual Machines: Versatile Platforms for Systems and Processes. San Mateo, CA, USA: Morgan Kaufmann, 2005, p. 19.

      [13] J. Ansel et al., “Language-independent sandboxing of just-in-time compilation and self-modifying code,” in Proc. ACM SIGPLAN Conf. Program. Lang. Design Implement. 2011, pp. 355–366. https://doi.org/10.1145/1993498.1993540.

      [14] H.-Y. Tsai, Y.-L. Huang, and D. Wagner, “A graph approach to quantitative analysis of control-flow obfuscating transformations,” IEEE Trans. Inf. Forensics Security, vol. 4, no. 2, pp. 257–267, Jun. 2009. https://doi.org/10.1109/TIFS.2008.2011077.

      [15] D. Kahn, the Codebreakers: The Story of Secret Writing, 2nd ed. New York, NY, USA: Scribners, 1996, p. 235.

      [16] X. Wang and M. K. Reiter, “Mitigating bandwidth-exhaustion attacks using congestion puzzles,” in Proc. 11th ACM Conf. Comput. Commun. Secur, 2004, pp. 257–267. https://doi.org/10.1145/1030083.1030118.


 

View

Download

Article ID: 9473
 
DOI: 10.14419/ijet.v7i1.1.9473




Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.