IEEE Copyright Notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

ACM Copyright Notice

These are the authors' versions of the work. The copyright is with ACM. They are posted here by permission of ACM for your personal use. Not for redistribution. See individual publication details for information on the publication of the definitive versions.

Springer-Verlag LNCS Copyright Notice

The copyright of these contributions has been transferred to Springer-Verlag Berlin Heidelberg New York. The copyright transfer covers the exclusive right to reproduce and distribute the contribution, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature. Online available from Springer-Verlag LNCS series.

Work that appeared before the 1st of September 2003 was published while the authors were with the Lehrstuhl Praktische Informatik IV at the University of Mannheim.

Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots

Author(s): Yves Igor Jerschow, Martin Mauve.
Title: Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots
Published: ARES 2011: Proceedings of the 6th International Conference on Availability, Reliability and Security, Vienna, Austria, August 2011
Abstract: Denial of Service (DoS) attacks aiming to exhaust the resourcesof a server by overwhelming it with bogus requests have becomea serious threat. Especially protocols that rely on public keycryptography and perform expensive authentication handshakes maybe an easy target. A well-known countermeasure against DoS attacksare client puzzles. The victimized server demands from the clientsto commit computing resources before it processes their requests.To get service, a client must solve a cryptographic puzzle andsubmit the right solution. Existing client puzzle schemes havesome drawbacks. They are either parallelizable, coarse-grained orcan be used only interactively. In case of interactive clientpuzzles where the server poses the challenge an attacker mightmount a counterattack on the clients by injecting fake packetscontaining bogus puzzle parameters. In this paper we introduce anovel scheme for client puzzles which relies on the computationof square roots modulo a prime. Modular square root puzzles arenon-parallelizable, i.e., the solution cannot be obtained fasterthan scheduled by distributing the puzzle to multiple machinesor CPU cores, and they can be employed both interactively andnon-interactively. Our puzzles provide polynomial granularityand compact solution and verification functions. Benchmarkresults demonstrate the feasibility of our approach to mitigateDoS attacks on hosts in 1 or even 10 GBit networks. In addition,we show how to raise the efficiency of our puzzle scheme byintroducing a bandwidth-based cost factor for the client.
Bib entry: [XML] [BibTeX]
Download: [PDF]
Verantwortlich für den Inhalt: E-Mail sendenWE Informatik