Title :
Rate limiting client puzzle schemes for denial-of-service mitigation
Author :
Jing Yang Koh ; Ming, Joseph Teo Chee ; Niyato, Dusit
Author_Institution :
Sch. of Comput. Eng., Nanyang Technol. Univ. (NTU), Singapore, Singapore
Abstract :
Denial-of-service (DoS) attacks are on the rise in recent years and many cryptographic client puzzle schemes have been proposed for mitigating such attacks. Nonetheless, these schemes lack a strategy for setting the puzzle difficulty parameter which is an important issue for the legitimate users as they should not be unfairly delayed during low server loads. In this paper, we propose a leaky bucket rate limiting queue mechanism to set the puzzle difficulty according to a queue delay. This mechanism will rate limit the number of incoming requests to prevent server overloading. As a result, DoS attackers have to spend more time to solve harder puzzles which reduces their rate of attack success. We compare the effectiveness of the proposed mechanism on both hash reversal and repeated squaring client puzzles. We also demonstrate that the latter provides better DoS resistance as it ensures a lower server load and does not unfairly penalize mobile device users unnecessarily.
Keywords :
client-server systems; computer network security; cryptography; queueing theory; DoS attacks; cryptographic client puzzle schemes; denial of service mitigation; hash reversal client puzzles; leaky bucket rate limiting queue mechanism; mobile device users; puzzle difficulty parameter; queue delay; rate limiting client puzzles; repeated squaring client puzzles; server load; Computer crime; Delays; Limiting; Mobile handsets; Protocols; Resistance; Servers; Rate limiting; client puzzle; repeated squaring;
Conference_Titel :
Wireless Communications and Networking Conference (WCNC), 2013 IEEE
Conference_Location :
Shanghai
Print_ISBN :
978-1-4673-5938-2
Electronic_ISBN :
1525-3511
DOI :
10.1109/WCNC.2013.6554845
