Revisiting Client Puzzles for State Exhaustion Attacks Resilience

被引：3

作者：

Noureddine, Mohammad A. ^{[1
]}

Fawaz, Ahmed M. ^{[2
]}

Hsu, Amanda ^{[2
]}

Guldner, Cody ^{[1
]}

Vijay, Sameer ^{[1
]}

Basar, Tamer ^{[2
]}

Sanders, William H. ^{[2
]}

机构：

[1] Univ Illinois, Dept Comp Sci, Champaign, IL 61820 USA

[2] Univ Illinois, Dept Elect & Comp Engn, Champaign, IL USA

来源：

2019 49TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2019) | 2019年

关键词：

Denial of Service Attacks; Proof-of-Work; Stackelberg Games; Transport Control Protocol; NETWORK;

D O I：

10.1109/DSN.2019.00067

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we address the challenges facing the adoption of client puzzles as a means to protect the TCP connection establishment channel from state exhaustion DDoS attacks. We model the problem of selecting the puzzle difficulties as a Stackelberg game with the server as the leader and the clients as the followers and obtain the equilibrium solution for the puzzle difficulty. We then present an implementation of client puzzles inside the TCP stack of the Linux 4.13.0 kernel. We evaluate the performance of our implementation and the obtained solution against a range of attacks through reproducible experiments on the DETER testbed. Our results show that client puzzles are effective at boosting the tolerance of the TCP handshake channel to state exhaustion DDoS attacks by rate limiting malicious attackers while allocating resources for legitimate clients.

引用

页码：617 / 629

页数：13

共 50 条

[31] A general attack model on hash-based client puzzles
Price, G
[J]. CRYPTOGRAPHY AND CODING, PROCEEDINGS, 2003, 2898 : 319 - 331
[32] Low-Cost Client Puzzles Based on Modular Exponentiation
Karame, Ghassan O.
Capkun, Srdjan
[J]. COMPUTER SECURITY-ESORICS 2010, 2010, 6345 : 679 - 697
[33] Wireless Client Puzzles in IEEE 802.11 Networks: Security by Wireless
Martinovic, Ivan
Zdarsky, Frank A.
Wilhelm, Matthias
Wegmann, Christian
Schmitt, Jens B.
[J]. WISEC'08: PROCEEDINGS OF THE FIRST ACM CONFERENCE ON WIRELESS NETWORK SECURITY, 2008, : 36 - 45
[34] Next generation SCADA security: Best practices and client puzzles
Bowen, CL
Buennemeyer, TK
Thomas, RW
[J]. Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop, 2005, : 426 - 427
[35] Defending Battery Exhaustion Attacks on Mobile Systems
Shin, Sungyong
Lee, Taek
In, Hoh Peter
[J]. 2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, 2009, : 1020 - 1025
[36] The Steps to Client/Server Disaster Resilience
[J]. Unisphere, 3 (12):
[37] The Moderately Hard DoS-Resistant Authentication Protocol on Client Puzzles
Hwang, Min-Shiang
Chong, Song-Kong
Ou, Hsia-Hung
[J]. INFORMATICA, 2016, 27 (01) : 31 - 48
[38] Revisiting Assumptions for Website Fingerprinting Attacks
Cui, Weiqi
Chen, Tao
Fields, Christian
Chen, Julianna
Sierra, Anthony
Chan-Tin, Eric
[J]. PROCEEDINGS OF THE 2019 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS '19), 2019, : 328 - 339
[39] THE INITIATION OF MIGRAINE ATTACKS - REVISITING THE BRAINSTEM
May, Arne
[J]. CEPHALALGIA, 2016, 36 : 7 - 8
[40] Revisiting Rowhammer Attacks in Embedded Systems
Fraile, Lidia Pocero
Fournaris, Apostolos P.
Koufopavlou, Odysseas
[J]. 2019 14TH IEEE INTERNATIONAL CONFERENCE ON DESIGN & TECHNOLOGY OF INTEGRATED SYSTEMS IN NANOSCALE ERA (DTIS 2019), 2019,

← 1 2 3 4 5 →