DOS-Resistant Authentication with Client Puzzles

Aura, Tuomas

doi:10.1007/3-540-44810-1_23

Cited by 139 publications

(99 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The computational puzzles of HIP [1] play a major role in this paper and have been investigated by others as well. Beal et al [3] developed a mathematical model to evaluate the usefulness of the HIP puzzle under steady-state DDoS attacks.…”

Section: Host Identity Protocolmentioning

confidence: 99%

Mitigation of Unsolicited Traffic across Domains with Host Identities and Puzzles

Komu

Tarkoma

Lukyanenko

2012

Information Security Technology for Applications

View full text Add to dashboard Cite

Abstract. In this paper, we present a general host identity-based technique for mitigating unsolicited traffic across different domains. We propose to tackle unwanted traffic by using a cross-layer technique based on the Host Identity Protocol (HIP). HIP authenticates traffic between two communicating end-points and its computational puzzle introduces a cost to misbehaving hosts. We present a theoretical framework for investigating scalability and effectiveness of the proposal, and also describe practical experiences with a HIP implementation. We focus on email spam prevention as our use case and how to integrate HIP into SMTP server software. The analytical investigation indicates that this mechanism may be used to effectively throttle spam by selecting a reasonably complex puzzle.

show abstract

Section: Host Identity Protocolmentioning

confidence: 99%

Mitigation of Unsolicited Traffic across Domains with Host Identities and Puzzles

Komu

Tarkoma

Lukyanenko

2012

Information Security Technology for Applications

View full text Add to dashboard Cite

show abstract

“…Different mechanisms exist to ensure this property, e.g., IKE cookies [27], client puzzles [28], and a distributed management. -Graceful Degradation: In the case of a partial DoS attack or compromise, other not directly affected VPN devices shall continue to work.…”

Section: Security Objectivesmentioning

confidence: 99%

A survey on automatic configuration of virtual private networks

Rossberg

Schaefer

2011

Computer Networks

View full text Add to dashboard Cite

Virtual private networks (VPN) offer a secure data exchange over public networks. Despite being cheaper than leased lines, growing sizes and dynamic behavior of VPN nodes, e.g., for mobility or reasons of denial-of-service-attacks, make a manual configuration of large, dynamic VPN expensive.Consequently, a number of different VPN auto-configuration approaches have been invented and partially deployed over the last decade. This article identifies a comprehensive set of objectives to be fulfilled by IP-based VPN auto-configuration, explains and groups mechanisms, and analyzes their strengths and weaknesses with regards to the objectives. Finally, it identifies potential future directions of autonomous VPN deployment.

show abstract

“…A few proofof-work protocols have been proposed in the literature [7,8,24,28,35,121,123]. A proof-of-work (also known as "cryptographic puzzles" or "client puzzles") protocol extends a client-server request-driven application protocol so that the server issues prospective clients computational challenges of client-specific difficulty.…”

Section: The Case For Proof-of-workmentioning

confidence: 99%

“…Proof-of-work approaches proposed in the literature [7,8,24,28,35,121,123] have demonstrated the feasibility of implementing proof-of-work systems at the network and transport layers. While the approaches have experimentally proved their effectiveness against portscans and network-level packet-flooding denial-ofservice attacks, they have all met resistance to adoption due to one fundamental detraction: they require both clients and servers to adopt specialized software in order to adhere to the protocol.…”

Section: The Kapow Approachmentioning

confidence: 99%

See 1 more Smart Citation

Addressing Automated Adversaries of Network Applications

Feng

Kaiser

2000

View full text Add to dashboard Cite

The Internet supports a perpetually evolving patchwork of network services and applications. Popular applications include the World Wide Web, online commerce, online banking, email, instant messaging, multimedia streaming, and online video games. Practically all networked applications have a common objective: to directly or indirectly process requests generated by humans. Some users employ automation to establish an unfair advantage over non-automated users. The perceived and substantive damages that automated, adversarial users inflict on an application degrade its enjoyment and usability by legitimate users, and result in reputation and revenue loss for the application's service provider.This dissertation examines three challenges critical to addressing the undesirable automation of networked applications. The first challenge explores individual methods that detect various automated behaviors. Detection methods range from observing unusual network-level request traffic to sensing anomalous client operation at the application-level. Since many detection methods are not individually conclusive, the second challenge investigates how to combine detection methods to accurately identify automated adversaries. The third challenge considers how to leverage the available knowledge to disincentivize adversary automation by nullifying their advantage over legitimate users.The thesis of this dissertation is that: there exist methods to detect automated behaviors with which an application's service provider can identify and then systematically disincentivize automated adversaries. This dissertation evaluates this thesis using research performed on two network applications that have different access to the client software: Web-based services and multiplayer online games. I would like to thank my advisor, Professor Wu-chang Feng, for his guidance throughout the course of this work. When I was stuck on a problem, his valuable advice always offered me a new perspective from which to approach the problem.From providing me with a framework for my research to reading and patiently editing my papers, each of his many contributions nudged me incrementally closer to completing my dissertation. I would also like to express my appreciation to

show abstract

DOS-Resistant Authentication with Client Puzzles

Cited by 139 publications

References 14 publications

Mitigation of Unsolicited Traffic across Domains with Host Identities and Puzzles

Mitigation of Unsolicited Traffic across Domains with Host Identities and Puzzles

A survey on automatic configuration of virtual private networks

Addressing Automated Adversaries of Network Applications

Contact Info

Product

Resources

About