Abstract
CPU bound client puzzles have been suggested as a defense mechanism against connection depletion attacks. However, the wide disparity in CPU speeds prevents such puzzles from being globally deployed. Recently, Abadi et. al. [1] and Dwork et. al. [2] addressed this limitation by showing that memory access times vary much less than CPU speeds, and hence offer a viable alternative. In this paper, we further investigate the applicability of memory bound puzzles from a new perspective and propose constructions based on heuristic search methods. Our constructions are derived from a more algorithmic foundation, and as a result, allow us to easily tune parameters that impact puzzle creation and verification costs. Moreover, unlike prior approaches, we address client-side cost and present an extension that allows memory constrained clients (e.g., PDAs) to implement our construction in a secure fashion.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. In: Proceedings of Network and Distributed Systems Security Symposium, San Diego, California, USA, 2003, pp. 107–121 (February 2003)
Dwork, C., Goldberg, A., Naor, M.: On memory-bound functions for fighting spam. In: Proceedings of the 23rd Annual International Cryptology Conference, pp. 426–444 (2003)
Juels, A., Brainard, J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: Proceedings of Networks and Distributed Security Systems, pp. 151–165 (February 1999)
Dean, D., Stubblefield, A.: Using client puzzles to protect TLS. In: Proceedings of the 10th USENIX Security Symposium, pp. 1–8 (August 2001)
Wang, X., Reiter, M.K.: Defending against Denial-of-Service attacks with puzzle auctions. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 78–92. IEEE Computer Society, Los Alamitos (2003)
Waters, B., Juels, A., Halderman, J.A., Felten, E.W.: New client puzzle outsourcing techniques for DoS resistance. In: Proceedings of the 11th ACM conference on Computer and Communications Security, pp. 246–256 (2004)
Bernstein, D.J.: SYN cookies (1996), http://cr.yp.to/syncookies.html
Floyd, S., Jacobson, V.: Random early detection gateways for congestion avoidance. IEEE/ACM Transactions on Networking 1(4), 397–413 (1993)
Loyd, S.: Mathematical Puzzles of Sam Loyd. Dover (1959), Selected and Edited by Martin Gardner
Singmaster, D.: Notes on Rubik’s Magic Cube. Enslow Pub. Inc. (1981)
Korf, R.: Finding Optimal Solutions to Rubik’s Cube Using Pattern Databases. In: Proceedings of the 14th National Conference on Artificial Intelligence and 9th Innovative Applications of Artificial Intelligence Conference, Rhode Island pp. 700–705. AAAI Press/MIT Press (1997)
Hern’advolgyi, I.T., Holte, R.C.: Experiments with automatically created memory-based heuristics. In: Choueiry, B.Y., Walsh, T. (eds.) SARA 2000. LNCS, vol. 1864, pp. 281–290. Springer, Heidelberg (2000)
Bocan, V.: Threshold puzzles: The evolution of DoS-resistant authentication. Periodica Politechnica, Transactions on Automatic Control and Computer Science 49(63) (2004)
Merkle, R.C.: Secure communications over insecure channels. Communications of ACM 21(4), 294–299 (1978)
Back, A.: Hash cash - A Denial of Service Counter-Measure. Technical report (2002), http://www.hashcash.org/
Wang, X., Reiter, M.K.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: Proceedings of the 11th ACM conference on Computer and Communications Security, pp. 257–267. ACM Press, New York (2004)
Rosenthal, D.S.H.: On the cost distribution of a memory bound function. Computing Research Repository. cs.CR/0311005 (2003)
Hart, P.E., Nilsson, N.J., Raphael, B.: A formal basis for the heuristic determination of minimum cost paths. IEEE Transactions on Systems Science and Cybernetics 4(2), 100–107 (1968)
Hart, P.E., Nilsson, N.J., Raphael, B.: Correction to a formal basis for the heuristic determination of minimum cost paths. ACM SIGART Bulletin 37, 28–29 (1972)
Parberry, I.: A real-time algorithm for the (n 2 − 1)-puzzle. Information Processing Letters 56(1), 23–28 (1995)
Culberson, J.C., Schaeffer, J.: Searching with pattern databases. In: McCalla, G.I. (ed.) Canadian AI 1996. LNCS, vol. 1081, pp. 402–416. Springer, Heidelberg (1996)
Holte, R.C., Hern’advolgyi, I.T.: A space-time tradeoff for memory-based heuristics. In: Proceedings of the 16th national conference on Artificial Intelligence and the 11th Innovative Applications of Artificial Intelligence conference, pp. 704–709, American Association for Artificial Intelligence, Menlo Park (1999)
FIPS: The Keyed-Hash Message Authentication Code (HMAC) (2002), http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf
Korf, R.E.: Recent progress in the design and analysis of admissible heuristic functions. In: Proceedings of the 17th National Conference on Artificial Intelligence and 12th Conference on Innovative Applications of Artificial Intelligence, pp. 1165–1170. AAAI Press / The MIT Press (2000)
Korf, R.E., Reid, M.: Complexity analysis admissible heuristic search. In: Proceedings of the 15th national/10th conference on Artificial Intelligence/Innovative Applications of Artificial intelligence, pp. 305–310, American Association for Artificial Intelligence, Menlo Park (1998)
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Doshi, S., Monrose, F., Rubin, A.D. (2006). Efficient Memory Bound Puzzles Using Pattern Databases. In: Zhou, J., Yung, M., Bao, F. (eds) Applied Cryptography and Network Security. ACNS 2006. Lecture Notes in Computer Science, vol 3989. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767480_7
Download citation
DOI: https://doi.org/10.1007/11767480_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34703-3
Online ISBN: 978-3-540-34704-0
eBook Packages: Computer ScienceComputer Science (R0)