Title :
Mitigating denial of service attacks with password puzzles
Author_Institution :
Inst. for Infocomm Res., Singapore
Abstract :
The client puzzles have been proposed as an important mechanism in defending against distributed denial-of-service (DDoS) attacks. In this paper we propose a new IP layer client puzzles scheme, password puzzles (PP). In this scheme a puzzle issuer; on the behalf of a receiver, responds to requests with puzzles that a sender must solve before sending in any packet to a receiver. We design two new puzzle types, hash-chain-reversal puzzles and multiple-hash-chains-reversal puzzles, with which a sender is expected to reverse one (multiple) hash chain(s) and send in packets with valid passwords (i.e., solutions of puzzles) to the receiver. Our design achieves three main properties. First, the PP scheme is able to generate puzzles with different difficulties flexibly for various clients. Second, a puzzle issuer is able to generate puzzles at a per-flow and per-packet basis. Third, the PP scheme is able to converge to be a "non-puzzle " protocol.
Keywords :
IP networks; authorisation; client-server systems; cryptography; protocols; telecommunication security; IP layer client puzzles scheme; authorisation; cryptography; distributed denial of service attack; multiple-hash-chains-reversal puzzles; password puzzles; telecommunication security; Access protocols; Computer crime; Counting circuits; Cryptography; Filtering; Information technology; Internet; Network servers; Protection; Testing;
Conference_Titel :
Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on
Print_ISBN :
0-7695-2315-3
DOI :
10.1109/ITCC.2005.200
