NexTech 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • UBICOMM 2021, The Fifteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2021, The Fifteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2021, The Fifteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2021, The Eleventh International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2021, The Thirteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2021, The Tenth International Conference on Data Analytics
  • GLOBAL HEALTH 2021, The Tenth International Conference on Global Health Challenges
  • CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems

SoftNet 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • ICSEA 2021, The Sixteenth International Conference on Software Engineering Advances
  • ICSNC 2021, The Sixteenth International Conference on Systems and Networks Communications
  • CENTRIC 2021, The Fourteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2021, The Thirteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2021, The Thirteenth International Conference on Advances in System Simulation
  • SOTICS 2021, The Eleventh International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2021, The Tenth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2021, The Sixth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NetWare 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • SENSORCOMM 2021, The Fifteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2021, The Twelfth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2021, The Fifteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2021, The Thirteenth International Conference on Advances in Future Internet
  • CENICS 2021, The Fourteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2021, The Fifteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2021, The Seventh International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2021, The Sixth International Conference on Green Communications, Computing and Technologies

TrendNews 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • CORETA 2021, Advances on Core Technologies and Applications
  • DIGITAL 2021, Advances on Societal Digital Transformation

 


ThinkMind // International Journal On Advances in Security, volume 5, numbers 3 and 4, 2012 // View article sec_v5_n34_2012_5


Mitigating Distributed Service Flooding Attacks with Guided Tour Puzzles

Authors:
Mehmud Abliz
Taieb Znati
Adam Lee

Keywords: denial of service; availability; tour puzzles; proof of work; client puzzles; cryptography.

Abstract:
Various cryptographic puzzle schemes have been proposed as defenses against Denial of Service (DoS) attacks. However, these schemes have two common shortcomings that diminish their effectiveness as a DoS mitigation solution. First, the DoS-resilience that these schemes provide is minimized when there is a large disparity between the computational power of malicious and legitimate clients. Second, the legitimate clients also have to perform the same heavy puzzle computations that do not contribute to any useful work from the clients' perspective. In this article, we introduce guided tour puzzles (GTP), a novel puzzle scheme that addresses these shortcomings. GTP uses latency --- as opposed to computational delay --- as a way of forcing a sustainable request arrival rate on clients. Measurement results from a large-scale network test-bed shows that the variation in the puzzle solving times is significantly smaller than the puzzle solving time variation of computation-based puzzles. As attackers have much less control over the round-trip delays than they do over the computational power, a latency-based puzzle scheme, such as GTP, provides significantly better protection against strong attackers. Meanwhile, we show that GTP minimizes useless computations required for the client computers. We evaluate the effectiveness of guided tour puzzles in a realistic simulation environment using a large-scale Internet topology, and show that GTP provides a strong mitigation of DoS request flooding attacks and puzzle solving attacks.

Pages: 121 to 133

Copyright: Copyright (c) to authors, 2012. Used with permission.

Publication date: December 31, 2012

Published in: journal

ISSN: 1942-2636

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.