Revisiting Client Puzzles for State Exhaustion Attacks Resilience

被引：3

作者：

Noureddine, Mohammad A. ^{[1
]}

Fawaz, Ahmed M. ^{[2
]}

Hsu, Amanda ^{[2
]}

Guldner, Cody ^{[1
]}

Vijay, Sameer ^{[1
]}

Basar, Tamer ^{[2
]}

Sanders, William H. ^{[2
]}

机构：

[1] Univ Illinois, Dept Comp Sci, Champaign, IL 61820 USA

[2] Univ Illinois, Dept Elect & Comp Engn, Champaign, IL USA

来源：

2019 49TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2019) | 2019年

关键词：

Denial of Service Attacks; Proof-of-Work; Stackelberg Games; Transport Control Protocol; NETWORK;

D O I：

10.1109/DSN.2019.00067

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we address the challenges facing the adoption of client puzzles as a means to protect the TCP connection establishment channel from state exhaustion DDoS attacks. We model the problem of selecting the puzzle difficulties as a Stackelberg game with the server as the leader and the clients as the followers and obtain the equilibrium solution for the puzzle difficulty. We then present an implementation of client puzzles inside the TCP stack of the Linux 4.13.0 kernel. We evaluate the performance of our implementation and the obtained solution against a range of attacks through reproducible experiments on the DETER testbed. Our results show that client puzzles are effective at boosting the tolerance of the TCP handshake channel to state exhaustion DDoS attacks by rate limiting malicious attackers while allocating resources for legitimate clients.

引用

页码：617 / 629

页数：13

共 50 条

[1] Quantitative Analysis of DoS Attacks and Client Puzzles in IoT Systems
Arnaboldi, Luca
Morisset, Charles
[J]. SECURITY AND TRUST MANAGEMENT (STM 2017), 2017, 10547 : 224 - 233
[2] Client Puzzles Based on Quasi Partial Collisions Against DoS Attacks in UMTS
Lei, Yaohui
Pierre, Samuel
Quintero, Alejandro
[J]. 2006 IEEE 64TH VEHICULAR TECHNOLOGY CONFERENCE, VOLS 1-6, 2006, : 2464 - 2468
[3] Quantifying Cyber-Resilience Against Resource-Exhaustion Attacks
Fink, Glenn A.
Griswold, Richard L.
Beech, Zachary W.
[J]. 2014 7TH INTERNATIONAL SYMPOSIUM ON RESILIENT CONTROL SYSTEMS (ISRCS), 2014,
[4] Using client puzzles to mitigate distributed denial of service attacks in the tor anonymous routing environment
Fraser, Nicholas A.
Kelly, Douglas J.
Raines, Richard A.
Baldwin, Rusty O.
Mullins, Barry E.
[J]. 2007 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-14, 2007, : 1197 - 1202
[5] Performance Evaluation of Non-parallelizable Client Puzzles for Defeating DoS Attacks in Authentication Protocols
Tritilanunt, Suratose
[J]. DATA AND APPLICATIONS SECURITY AND PRIVACY XXIV, PROCEEDINGS, 2010, 6166 : 358 - 365
[6] Building Instead of Imposing Resilience: Revisiting the Relationship Between Resilience and the State
Krueger, Marco
[J]. INTERNATIONAL POLITICAL SOCIOLOGY, 2019, 13 (01) : 53 - 67
[7] Testing the Resilience of MEC-Based IoT Applications Against Resource Exhaustion Attacks
Pietrantuono, Roberto
Ficco, Massimo
Palmieri, Francesco
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (02) : 804 - 818
[8] Using client puzzles to protect TLS
Dean, D
Stubblefield, A
[J]. USENIX ASSOCIATION PROCEEDINGS OF THE 10TH USENIX SECURITY SYMPOSIUM, 2001, : 1 - 8
[9] Practical Client Puzzles in the Standard Model
Kuppusamy, Lakshmi
Rangasamy, Jothi
Stebila, Douglas
Boyd, Colin
Nieto, Juan Gonzalez
[J]. 7TH ACM SYMPOSIUM ON INFORMATION, COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS 2012), 2012,
[10] Chained puzzles: A novel framework for IP-layer client puzzles
McNevin, TJ
Park, JM
Marchany, R
[J]. 2005 International Conference on Wireless Networks, Communications and Mobile Computing, Vols 1 and 2, 2005, : 298 - 303

← 1 2 3 4 5 →