Chained puzzles: a novel framework for IP-layer client puzzles

Author

McNevin, Timothy J. ; Park, Jung-Min ; Marchany, Randy

Author_Institution

Adv. Res. in Inf. Assurance & Security Lab., Virginia Polytech. Inst. & State Univ., USA

Volume

1

fYear

2005

fDate

13-16 June 2005

Firstpage

298

Abstract

Large-scale, high-profile distributed denial-of-service (DDoS) attacks have become common recurring events that increasingly threaten the proper functioning and continual success of the Internet. Recently, client puzzle protocols have been proposed as a mitigation technique for DoS attacks. These protocols require a client to solve a cryptographic "puzzle" before it receives any service from a remote server. By embedding the client puzzle mechanism into the lowest layer of the Internet protocol stack that is vulnerable against network DoS attacks - the network layer - we can mitigate the most virulent form of DoS attacks: flooding-based DDoS attacks. This paper describes the framework of a novel IP-layer client puzzle protocol that we call chained puzzles. We describe the framework in detail and show its effectiveness using simulation results.

Keywords

IP networks; Internet; cryptography; protocols; telecommunication security; IP-layer client puzzles; Internet; Internet protocol stack; chained puzzles; client puzzle mechanism; client puzzle protocols; cryptographic puzzle; distributed denial-of-service; Computer crime; Computer security; Cryptographic protocols; Cryptography; Filtering; Floods; Information security; Laboratories; Large-scale systems; Network servers;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Networks, Communications and Mobile Computing, 2005 International Conference on

Print_ISBN

0-7803-9305-8

Type

conf

DOI

10.1109/WIRLES.2005.1549426

Filename

1549426