| Title: |
1Deamplification of DoS Attacks via Puzzles |
| Authors: |
Jacob Beal; Tim Shepard |
| Contributors: |
The Pennsylvania State University CiteSeerX Archives |
| Source: |
http://openmap.bbn.com/~jbeal/Unpublished/puzzle.pdf. |
| Publication Year: |
2004 |
| Collection: |
CiteSeerX |
| Subject Terms: |
DRAFT; Please do not redistribute |
| Description: |
— Puzzles have been proposed as a mechanism to deamplify denial of service attacks against a server’s memory and processing resources. For example, HIP im-plements a cookie puzzle mechanism to protect the server from wasting resources performing Diffie-Hellman expo-nentiation in response to spurious requests. We examine cookie puzzle mechanisms of this type. We find that careful attention is needed in server implementation to ensure that an attacker does not retain opportunities to amplify the attack despite the puzzle mech-anism, and present a design which addresses these issues. We compare vulnerability to bandwidth and processing attacks, determining when one dominates the other. Finally, we quantify the deamplification of DoS attacks provided by a cookie puzzle mechanism and determine the best setting for puzzle difficulty under a steady-state attack. I. |
| Document Type: |
text |
| File Description: |
application/pdf |
| Language: |
English |
| Relation: |
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.507.3779; http://openmap.bbn.com/~jbeal/Unpublished/puzzle.pdf |
| Availability: |
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.507.3779; http://openmap.bbn.com/~jbeal/Unpublished/puzzle.pdf |
| Rights: |
Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| Accession Number: |
edsbas.DBC64132 |
| Database: |
BASE |