IEEE Copyright Notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

ACM Copyright Notice

These are the authors' versions of the work. The copyright is with ACM. They are posted here by permission of ACM for your personal use. Not for redistribution. See individual publication details for information on the publication of the definitive versions.

Springer-Verlag LNCS Copyright Notice

The copyright of these contributions has been transferred to Springer-Verlag Berlin Heidelberg New York. The copyright transfer covers the exclusive right to reproduce and distribute the contribution, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature. Online available from Springer-Verlag LNCS series.

Work that appeared before the 1st of September 2003 was published while the authors were with the Lehrstuhl Praktische Informatik IV at the University of Mannheim.

Attackers, Packets, and Puzzles: On Denial-of-Service Prevention in Local Area Networks

Author(s): Yves Igor Jerschow.
Title: Attackers, Packets, and Puzzles: On Denial-of-Service Prevention in Local Area Networks
Published: PhD thesis, Heinrich Heine University, Düsseldorf, Germany, June 2012
Keyword(s): Denial of Service (DoS), network security, local area networks, CLL, authentication, public key cryptography, client puzzles, offline submission
Abstract: In this thesis, we tackle the problem of securing communication in Local Area Networks (LANs) and making it resistant against Denial-of-Service (DoS) attacks. The main vulnerability in wired and wireless LANs is the lack of initial address authenticity. It enables an attacker to take on different identities and to inject faked packets bearing a foreign or a bogus sender address. For this reason existing DoS countermeasures developed to mitigate attacks in the Internet have drawbacks when being applied in LANs.Our first contribution is the Cryptographic Link Layer (CLL) -- a comprehensive security protocol that provides authentication and confidentiality between neighboring hosts from the link layer upwards. CLL employs public-key cryptography to identify all hosts in the Ethernet LAN based on their IP/MAC address pairs. Unicast IP traffic is safeguarded by means of a block cipher and a message authentication code. CLL extends ARP and DHCP handshakes with authentication to protect these protocols against various kinds of attacks. Beginning with an ARP handshake, two hosts exchange certificates and cryptographic parameters, authenticate each other, and negotiate symmetric keys to establish a security association. CLL has been implemented on both Windows and Linux and achieves a very competitive performance.Verifying digital signatures in the handshake phase of CLL and of other security protocols that rely on public-key cryptography is a very expensive task compared to symmetric-key operations. Thus, it may become a target for DoS attacks where the adversary floods a victim host with faked signature packets trying to overload it. We introduce a countermeasure against DoS flooding attacks on public-key handshakes in LANs, called counter-flooding. A benign host trying to initiate an authentication handshake to a victim system that suffers from a flooding attack reacts to this aggression by flooding itself multiple copies of its signature packet for a short period. The key idea is for the victim host to verify only a fixed number of signatures per time period without becoming overloaded and to select those packets for verification that have the largest number of duplicates. We provide bounds for counter-flooding to succeed and show experimentally that in switched Ethernet a reasonable fair bandwidth division between concurrent flows is usually ensured.A well-known countermeasure against resource exhaustion attacks in the Internet are client puzzles. However, existing client puzzle schemes are either parallelizable, coarse-grained, or can be used only interactively. Interactive puzzles have the drawback that the packet with the puzzle parameters sent from server to client lacks authentication. Especially in LANs the attacker can mount a counterattack on the clients by injecting packets with fake puzzle parameters that pretend to come from the defending server. We propose a novel scheme for client puzzles based on the computation of square roots modulo a prime. Modular square root puzzles are non-parallelizable, can be employed both interactively and particularly non-interactively, and have polynomial granularity. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 Gbit networks. Furthermore, the efficiency of the scheme can be raised by adding a small bandwidth-based cost factor for the client.By introducing a secure client puzzle architecture we provide a solid basis to safely employ non-interactive client puzzles. It overcomes the authentication issue of interactive puzzles and prevents precomputation attacks. In our architecture, client puzzles, e.g., modular square root or hash-reversal puzzles, are employed non-interactively and constructed by the client from a periodically changing, secure random beacon. The beacons are generated in advance for a longer time span and regularly broadcasted in the LAN by a special beacon server. All hosts obtain a signed fingerprint package consisting of cryptographic digests of these beacons. Verifying a beacon is easy -- it takes only a single hash operation and can be performed at line speed by all hosts. To guarantee a robust beacon service, we develop sophisticated techniques which address synchronization aspects and especially the secure deployment of beacon fingerprints.In our final contribution, we pursue the idea of cryptographic puzzles beyond DoS protection and propose a novel application in the area of timed-release cryptography. We introduce a non-interactive and non-parallelizable RSA time-lock puzzle scheme where the time required to encrypt a message can be arbitrarily tuned by artificially enlarging the public exponent. Based on RSA time-lock puzzles, we present an offline submission protocol. It enables an author currently being offline to commit to its document before the deadline by continuously solving an RSA puzzle for that document and to submit it past the deadline just upon regaining connectivity. The correct puzzle solution serves as a proof to the accepting institution that the document in fact has been completed in time. To demonstrate the applicability of our scheme, we provide a platform-independent tool that performs all parts of our offline submission protocol.
Bib entry: [XML] [BibTeX]
Download: [PDF]
Verantwortlich für den Inhalt: E-Mail sendenWE Informatik