IEEE Copyright Notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

ACM Copyright Notice

These are the authors' versions of the work. The copyright is with ACM. They are posted here by permission of ACM for your personal use. Not for redistribution. See individual publication details for information on the publication of the definitive versions.

Springer-Verlag LNCS Copyright Notice

The copyright of these contributions has been transferred to Springer-Verlag Berlin Heidelberg New York. The copyright transfer covers the exclusive right to reproduce and distribute the contribution, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature. Online available from Springer-Verlag LNCS series.

Work that appeared before the 1st of September 2003 was published while the authors were with the Lehrstuhl Praktische Informatik IV at the University of Mannheim.

Secure Client Puzzles based on Random Beacons

Author(s): Yves Igor Jerschow, Martin Mauve.
Title: Secure Client Puzzles based on Random Beacons
Published: IFIP Networking 2012: Proceedings of the 11th International Conference on Networking, Prague, Czech Republic, May 2012
Abstract: Denial of Service (DoS) attacks pose a fast-growing threat to networkservices in the Internet, but also corporate Intranets and public localarea networks like Wi-Fi hotspots may be affected. Especially protocolsthat perform authentication and key exchange relying on expensive publickey cryptography are likely to be preferred targets. A well-knowncountermeasure against resource depletion attacks are client puzzles.Most existing client puzzle schemes are interactive. Upon receiving arequest the server constructs a puzzle and asks the client to solve thischallenge before processing its request. But the packet with the puzzleparameters sent from server to client lacks authentication. The attackermight mount a counterattack on the clients by injecting faked packetswith bogus puzzle parameters bearing the server's sender address. Aclient receiving a plethora of bogus challenges may become overloadedand probably will not be able to solve the genuine challenge issued bythe authentic server. Thus, its request remains unanswered. In thispaper we introduce a secure client puzzle architecture that overcomesthe described authentication issue. In our scheme client puzzles areemployed non-interactively and constructed by the client from aperiodically changing, secure random beacon. A special beacon serverbroadcasts beacon messages which can be easily verified by matchingtheir hash values against a list of beacon fingerprints that has beenobtained in advance. We develop sophisticated techniques to provide arobust beacon service. This involves synchronization aspects andespecially the secure deployment of beacon fingerprints.
Bib entry: [XML] [BibTeX]
Download: [PDF]
Responsible for the content: E-MailWE Informatik