IEEE Copyright Notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

ACM Copyright Notice

These are the authors' versions of the work. The copyright is with ACM. They are posted here by permission of ACM for your personal use. Not for redistribution. See individual publication details for information on the publication of the definitive versions.

Springer-Verlag LNCS Copyright Notice

The copyright of these contributions has been transferred to Springer-Verlag Berlin Heidelberg New York. The copyright transfer covers the exclusive right to reproduce and distribute the contribution, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature. Online available from Springer-Verlag LNCS series.

Work that appeared before the 1st of September 2003 was published while the authors were with the Lehrstuhl Praktische Informatik IV at the University of Mannheim.

Modular Square Root Puzzles: Design of Non-Parallelizable and Non-Interactive Client Puzzles

Author(s): Yves Igor Jerschow, Martin Mauve.
Title: Modular Square Root Puzzles: Design of Non-Parallelizable and Non-Interactive Client Puzzles
Published: Computers & Security 35 (), pp. 25-36, 2013
Keyword(s): client puzzles, Denial of Service (DoS), network protocols, authentication, computational puzzles
Abstract: Denial of Service (DoS) attacks aiming to exhaust the resources of aserver by overwhelming it with bogus requests have become a serious threat.Especially protocols that rely on public key cryptography and perform expensiveauthentication handshakes may be an easy target. A well-known countermeasureagainst resource depletion attacks are client puzzles. The victimized serverdemands from the clients to commit computing resources before it processestheir requests. To get service, a client must solve a cryptographic puzzle andsubmit the right solution. Existing client puzzle schemes have some drawbacks.They are either parallelizable, coarse-grained or can be used only interactively.In case of interactive client puzzles where the server poses the challenge anattacker might mount a counterattack on the clients by injecting faked packetswith bogus puzzle parameters bearing the server's sender address. In thispaper we introduce a novel scheme for client puzzles which relies on thecomputation of square roots modulo a prime. Modular square root puzzles arenon-parallelizable, i. e., the solution cannot be obtained faster than scheduledby distributing the puzzle to multiple machines or CPU cores, and they can beemployed both interactively and non-interactively. Our puzzles provide polynomialgranularity and compact solution and verification functions. Benchmarkresults demonstrate the feasibility of our approach to mitigate DoS attacks onhosts in 1 or even 10 Gbit networks. In addition, we show how to raise theefficiency of our puzzle scheme by introducing a bandwidth-based cost factor forthe client. Furthermore, we also investigate the construction of client puzzlesfrom modular cube roots.
Bib entry: [XML] [BibTeX]
Download: [PDF]
Verantwortlich für den Inhalt: E-Mail sendenWE Informatik