Client Puzzles Based on Quasi Partial Collisions Against DoS Attacks in UMTS

The UMTS system and architecture are designed to accommodate Internet-like mobile services and specific services like mobile commerce to mobile users. They bring attacks from Internet and mobile users as well. Denial-of-Service (DoS) attacks aim to frustrate a legitimate user's access to mobile services or bring down servers by depleting system resources. Many approaches are proposed to thwart these attacks. A client puzzle from the server, which forces the client to resolve it before communication, is one of these approaches. The server can adjust the difficulty levels of the puzzle for access control and against DoS attacks according to current resource consumption and communication scenario. Currently, many types of client puzzles have no fine-grained control over difficulties. In a client puzzle, the next higher difficulty level is often twice as hard as the current one. In this paper, we propose a method based on partial collisions in hash functions. Our approach provides fine-grained control over difficulties by introducing a quasi partial collision concept. The results obtained confirm the fine granularity and efficiency of our approach.