Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Introduction Kapitel lesen Erstes Kapitel lesen

2011 | OriginalPaper | Buchkapitel

6. Cryptographic Approaches to Denial-of-Service Resistance

verfasst von : C. Boyd, J. Gonzalez-Nieto, L. Kuppusamy, H. Narasimhan, C. Pandu Rangan, J. Rangasamy, J. Smith, D. Stebila, V. Varadarajan

Erschienen in: An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks

Verlag: Springer India

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Authentication is a promising way to treat denial-of-service (DoS) threats against nonpublic services because it allows servers to restrict connections only to authorised users. However, there is a catch with this argument since authentication itself is typically a computationally intensive rocess that is necessarily exposed to unauthenticated entities. This means that the authentication protocol can become a source of denial-of-service vulnerability itself, thereby causing the same problem it is aimed at solving.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Detection and Mitigation of High-Rate Flooding Attacks
Nächstes Kapitel Denial of Service Defence Appliance for Web Services
Fußnoten
1
This requirement addresses a flaw in the use of client puzzles proposed by Aura et al. [6] that was identified by Price [51].
 
2
FindSoln runs in time at mostt so that a client can stop searching for a puzzle after a specified amount of time; our difficulty definitions yield that a client must spend at least a certain amount of time to find a valid solution.
 
3
Note that GetSoln is only obligated to find a solution if puz was actually generated by the challenger. If \(\mathcal{A}\) generated puz, then \(\mathcal{A}\) may need to employ FindSoln to find a solution. Compared to FindSoln, GetSoln has access to additional secret information that may allow it to find a solution more easily.
 
4
In the random oracle model, a hash function is modelled as an ideal random function accessible to the adversary solely as an oracle [12].
 
5
The notation p1 ∘ a 1   ⊕  p 2 ∘ a 2  ⊕...  ⊕  p n ∘ a n denotes a lottery over the set of actions {a 1 ,a 2 ,...,a n }, where \({p}_{1} + {p}_{2} +... + {p}_{n} = 1\).
 
Literatur
1.
Abadi, M., M. Burrows, M. Manasse, and T. Wobber. 2003. Moderately hard, memory-bound functions. In the 10th Annual Network and Distributed System Security Symposium, San Diego, 6–7 Feb 2003.
2.
Agah, A., and S.K. Das. 2007. Preventing dos attacks in wireless sensor networks: A repeated game theory approach. International Journal of Network Security 5(2): 145–153.
3.
Aiello, W., S.M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A.D. Keromytis, and O. Reingold. 2004. Just fast keying: Key agreement in a hostile Internet. ACM Transactions on Information and System Security 7(2): 1–30.CrossRef
4.
Aura, T., and P. Nikander. 1997. Stateless connections. In Proceeding of the International Conference on Information and Communications Security (ICICS’97), eds. Y. Han, T. Okamoto, and S. Qing, LNCS, vol. 1334, 87–97, Beijing, China, Nov 1997. Springer.
5.
Aura, T., P. Nikander, and J. Leiwo. 2000. DoS-resistant authentication with client puzzles. In Security Protocols Workshop 2000, 170–181. Cambridge, Apr 2000.
6.
Aura, T., P. Nikander, and J. Leiwo. 2001. DOS-resistant authentication with client puzzles. In Revised Papers from the 8th International Workshop on Security Protocols, Lecture notes in computer science, vol. 2133, 170–177. Springer-Verlag.
7.
Aura, T., and P. Nikander. 1997. Stateless connections. Technical report A46, Helsinki University of Technology, Digital Systems laboratory, Espoo, Finland.
8.
9.
10.
Bellare, M., J. Kilian, and P. Rogaway. 2000. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3): 362–399.MathSciNetMATHCrossRef
11.
Bellare, M., and P. Rogaway. 1994. Entity authentication and key distribution. In Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’93, 232–249, London. Springer-Verlag.
12.
Bellare, M., and P. Rogaway. 1993. Random oracles are practical: a paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on Computer and communications security, CCS ’93, 62–73, New York, 1993. ACM.
13.
Bencsath, B., I. Vajda, and L. Buttyan. 2003. A game based analysis of the client puzzle approach to defend against DoS attacks. In Proceedings of the 2003 International Conference on Software, Telecommunications and Computer Networks, 763–767, 2003.
14.
Canetti, R., S. Halevi, and M. Steiner. 2005. Hardness amplification of weakly verifiable puzzles, In J. Kilian (ed.), Theory of Cryptography Conference (TCC), LNCS 3378, pp. 17–33. Springer, 2005.
15.
Canetti, R., and H. Krawczyk. 2002. Security analysis of IKE’s signature based key-exchange protocol. In M. Yung (ed.), Advances in Cryptology – Proc. CRYPTO, LNCS 2442, pp. 27–52. Springer, 2002.
16.
Castelluccia, C., E. Mykletun, and G. Tsudik (2006). Improving secure server performance by re-balancing SSL/TLS handshakes. In ASIACCS ’06: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, 26–34, New York, 2006. ACM Press.
17.
Chan, E., C.A. Gunter, S. Jahid, E. Peryshkin, and D. Rebolledo. 2008. Using rhythmic nonces for puzzle-based DoS resistance. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures, 51–58, New York, 2008. ACM Press.
18.
Chen, L., P. Morrissey, N.P. Smart, and B. Warinschi. 2009. Security notions and generic constructions for client puzzles. In M. Matsui (ed.), Advances in Cryptology – Proc. ASIACRYPT 2009, LNCS 5912, pp. 505–523. Springer, 2009.
19.
Dwork, C., A. Goldberg, and M. Naor. 2003. On memory-bound functions for fighting spam. In the 23rd Annual International Cryptology Conference (CRYPTO 2003), 426–444, Aug 2003.
20.
Dwork, C., and M. Naor. 1992. Pricing via processing or combatting junk mail. In the 12th Annual International Cryptology Conference on Advances in Cryptology, Lecture notes In Computer Science, vol. 740, 139–147, 1992. Springer-Verlag.
21.
Dwork, C., M. Naor, and H. Wee. 2005. Pebbling and proofs of work. In CRYPTO, 37–54, 2005.
22.
Fallah, M. 5555. A puzzle-based defense strategy against flooding attacks using game theory. IEEE Transactions on Dependable and Secure Computing 99(2): 5555.
23.
Feng, W., E. Kaiser, W. Feng, and A. Luu. 2004. The design and implementation of network layer puzzles. Technical report 04-003, OGI CSE, Aug 2004.
24.
Feng, W., E. Kaiser, and A. Luu. 2005. Design and implementation of network puzzles. In INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, vol. 4, 2372–2382, March 2005.
25.
Fudenberg, D. and E. Maskin. 1986. The folk theorem in repeated games with discounting or with incomplete information. Econometrica 54(3): 533–54.MathSciNetMATHCrossRef
26.
Harkins, D. and D. Carrel. 1998. The internet key exchange (IKE), November 1998. Obsoleted by RFC 4306, updated by RFC 4109.
27.
Jakobsson, M., and A. Juels. Proofs of work and bread pudding protocols (extended abstract). In B. Preneel (ed.), Proceedings of the IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security, volume 152 of IFIP Conference Proceedings, pp. 258–272. Kluwer, 1999.
28.
29.
Juels, A., and J. Brainard. 1999. Client Puzzles: A cryptographic defense against connection depletion attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS ’99), 151–165, San Diego, Feb 1999. Internet Society Press, Reston.
30.
Karn, P.R., and W.A. Simpson. 1999. Photuris: Session-key management protocol. RFC 2522, IETF.
31.
Kaufman, C. 2005. Internet key exchange (IKEv2) protocol. RFC 4306.
32.
Kennell, R., and L.H. Jamieson. 2003. Establishing the genuinity of remote computer systems. In 12th USENIX Security Symposium, 295–308, 2003.
33.
34.
Kent, S., and K. Seo. 2005. Security architecture for the internet protocol, December 2005.
35.
Komathy, K., and P. Narayanasamy. 2008. Secure data forwarding against denial of service attack using trust based evolutionary game. In Vehicular Technology Conference, 2008. VTC Spring 2008. IEEE, 31–35, May 2008.
36.
LaMacchia, B., K. Lauter, and A. Mityagin. 2007. Stronger security of authenticated key exchange. In W. Susilo, J.K. Liu, and Y. Mu (eds), First International Conference on Provable Security (ProvSec), LNCS 4784, pp. 1–16. Springer, 2007.
37.
Leiwo, J., P. Nikander, and T. Aura. 2000. Towards network denial of service resistant protocols. In the 15th Annual Working Conference on Information Security (SEC2000), vol. 175, Beijing, China, Aug 2000.
38.
Lemon, J. 2002. Resisting SYN flood DoS attacks with a SYN cache. In the BSDCon 2002, 89–97, Berkley, 11–14 Feb 2002.
39.
Lv, J.-J. 2008. A game theoretic defending model with puzzle controller for distributed dos attack prevention. In 2008 International Conference on Machine Learning and Cybernetics, vol. 2, 1064–1069, July 2008.
40.
Mahimkar, A., and V. Shmatikov. 2005. Game-based analysis of denial-of-service prevention protocols. In CSFW ’05: Proceedings of the 18th IEEE Workshop on Computer Security Foundations, 287–301, Washington, DC, 2005. IEEE Computer Society.
41.
42.
Matsuura, K., and H. Imai. 2000. Modification of internet key exchange resistant against denial-of-service. In Pre-Proceeding of Internet Workshop 2000 (IWS2000), 167–174, Feb 2000.
43.
Meadows, C. 1999. A formal framework and evaluation method for network denial of service. In Proc. 12th IEEE Computer Security Foundations Workshop (CSFW) 1999, 4, 1999.
44.
Meadows, C. 2001. A cost-based framework for analysis of denial of service in networks. Journal of Computer Security 9(1): 143–164.
45.
Menezes, A.J., P.C. van Oorschot, and S.A. Vanstone. 1997. Handbook of applied cryptography. CRC Press series on discrete mathematics and its applications. CRC Press. ISBN 0-8493-8523-7.MATH
46.
Mirkovic, J., and P. Reiher. 2004. A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Computer Communication Review 34(2): 39–53.CrossRef
47.
Moskowitz, R., P. Nikander, P. Jokela, and T.R. Henderson. 2008. Host identity protocol, Apr 2008. RFC 5201.
48.
Narasimhan, H., V. Varadarajan, and C.P. Rangan. 2009. Game theoretic resistance to denial of service attacks using hidden difficulty puzzles. Cryptology ePrint Archive, Report 2009/350. http://​eprint.​iacr.​org/​. Accessed 31 Aug 2011.
49.
Narasimhan, H., V. Varadarajan, and C.P. Rangan. 2010. Game theoretic resistance to denial of service attacks using hidden difficulty puzzles. In ISPEC, 359–376, 2010.
50.
51.
Price, G. 2003. A general attack model on hash-based client puzzles. In Cryptography and Coding, 9th IMA International Conference, Cirencester, UK, December 16–18, 2003, Proceedings, ed. K. Paterson, Lecture notes in computer science, 319–331, vol. 2898. Springer-Verlag.
52.
Rabin, M.O. 1979. Digitalized signatures and public-key functions as intractable as factorization. Technical report MIT/LCS/TR-212, Massachusetts Institute of Technology.
53.
Rivest, R.L, A. Shamir, and L. Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2): 120–126.MathSciNetMATHCrossRef
54.
Rivest, R.L., A. Shamir, and D.A. Wagner. 1996. Time-lock puzzles and timed-release crypto. Technical report TR-684, Massachusetts Institute of Technology, Cambridge, 10 Mar 1996.
55.
Sagduyu, Y.E., and A. Ephremides. 2009. A game-theoretic analysis of denial of service attacks in wireless random access. Wireless Networks 15(5): 651–666.CrossRef
56.
Shankar, U., M. Chew, and J.D. Tygar. 2004. Side effects are not sufficient to authenticate software. In Proceedings of the Thirteenth USENIX Security Symposium, 89–102, Aug 2004. USENIX.
57.
Simpson, W.A. 1999. IKE/ISAKMP considered harmful. USENIX ;login 24(6).
58.
Smith, J. 2007. Denial of service: Prevention, modelling and detection. PhD thesis, Queensland University of Technology, Brisbane.
59.
Smith, J., J. González Nieto, and C. Boyd. Modelling denial of service attacks on JFK with Meadows’s cost-based framework, 125–134.
60.
Stebila, D., L. Kuppusamy, J. Rangasamy, C. Boyd, and J. Gonzalez-Nieto. 2011. Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols. In Topics in Cryptology – CT-RSA 2011, ed. A. Kiayias Lecture notes in computer science, 284–301, vol. 6558, 2011. Springer, Berlin.
61.
Stebila, D., and B. Ustaoglu. 2009. Towards denial-of-service-resilient key agreement protocols. In C. Boyd and J. González Nieto (eds), Proc. 14th Australasian Conference on Information Security and Privacy (ACISP), LNCS 5594, pp. 389–406. Springer, 2009.
62.
Tritilanunt, S., C. Boyd, J. González Nieto, and E. Foo. 2007. Toward non-parallelizable cryptographic puzzles. In of 6th International Conference on Cryptology and Network Security (CANS 2007), Singapore, 8–10 December 2007.
63.
Ustaoglu, B. 2008. Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Designs, Codes and Cryptography 46(3): 329–342.MathSciNetCrossRef
64.
Wang, X. and M.K. Reiter. 2003. Defending against denial-of-service attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, 2003. IEEE Computer Society.
65.
Waters, B., A. Juels, J.A. Halderman, and E.W. Felten. 2004. New client puzzle outsourcing techniques for dos resistance. In CCS ’04: Proceedings of the 11th ACM Conference on Computer and Communications Security, 246–256, New York, 2004. ACM.
Metadaten
Titel
Cryptographic Approaches to Denial-of-Service Resistance
verfasst von
C. Boyd
J. Gonzalez-Nieto
L. Kuppusamy
H. Narasimhan
C. Pandu Rangan
J. Rangasamy
J. Smith
D. Stebila
V. Varadarajan
Copyright-Jahr
2011
Verlag
Springer India
Buch
An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks

Print ISBN: 978-81-322-0276-9

Electronic ISBN: 978-81-322-0277-6

Copyright-Jahr: 2011

DOI
https://doi.org/10.1007/978-81-322-0277-6_6

Neuer Inhalt

    Bildnachweise