Skip to main content
SpringerLink
Log in

DOS-Resistant Authentication with Client Puzzles

  • Conference paper
  • First Online:
Book cover Security Protocols (Security Protocols 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2133))

Included in the following conference series:

Abstract

Denial of service by server resource exhaustion has become a major security threat in open communications networks. Public-key authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a server’s memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Edward Amoroso. A policy model for denial of service. In Proc. Computer Security Foundations Workshop III, pages 110–114, Franconia, NH USA, June 1990. IEEE Computer Society Press.

    Google Scholar 

  2. Tuomas Aura and Pekka Nikander. Stateless connections. In Proc. International Conference on Information and Communications Security (ICICS’97), volume 1334 of LNCS, pages 87–97, Beijing, China, November 1997. Springer Verlag.

    Google Scholar 

  3. TCP SYN flooding and IP spoofing attack. CERT Advisory CA-96.21, CERT, November 1996.

    Google Scholar 

  4. William H. Cunningham. Optimal attack and reinforcement of a network. Journal of the ACM, 32(3):549–561, July 1985.

    Google Scholar 

  5. Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In Advances in Cryptology-Proc. CRYPTO’ 98, volume 740 of LNCS, pages 139–147, Santa Barbara, CA USA, August 1992. Springer-Verlag.

    Google Scholar 

  6. Virgil D. Gligor. A note on the denial-of-service problem. In Proc. 1983 IEEE Symposium on Research in Security and Privacy, pages 139–149, Oakland, CA USA, April 1983. IEEE Computer Society.

    Google Scholar 

  7. Dan Harkins and Dave Carrel. The Internet key exchange (IKE). RFC 2409, IETF Network Working Group, November 1998.

    Google Scholar 

  8. Shouichi Hirose and Kanta Matsuura. Enhancing the resistance of a provably secure key agreement protocol to a denial-of-service attack. In Proc. 2nd International Conference on Information and Communication Security (ICICS’99), pages 169–182, Sydney, Australia, November 1999. Springer.

    Google Scholar 

  9. P. Janson, G. Tsudik, and M. Yung. Scalability and flexibility in authentication services: The KryptoKnight approach. In IEEE INFOCOM’97, Tokyo, April 1997.

    Google Scholar 

  10. Ari Juels and John Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proc. 1999 Network and Distributed Systems Security Symposium (NDSS), pages 151–165, San Diego, CA, February 1999. Internet Society.

    Google Scholar 

  11. Phil Karn and William A. Simpson. Photuris: Session-key management protocol. RFC 2522, IETF Network Working Group, March 1999.

    Google Scholar 

  12. Catherine Meadows. A formal framework and evaluation method for network denial of service. In Proc. 12th IEEE Computer Security Foundations Workshop, pages 4–13, Mordano, Italy, June 1999. IEEE Computer Society.

    Google Scholar 

  13. Jonathan K. Millen. A resource allocation model for denial of service. In Proc. 1992 IEEE Computer Society Symposium on Security and Privacy, pages 137–147, Oakland, CA USA, May 1992. IEEE Computer Society Press.

    Google Scholar 

  14. Cynthia A. Phillips. The network inhibition problem. In Proc. 25th Annual ACM Symposium on the Theory of Computing, pages 776–785. ACM Press, May 1993.

    Google Scholar 

  15. Christoph L. Schuba, Ivan V. Krsul, Markus G. Kuhn, Eugene H. Spaffold, Aurobindo Sundaram, and Diego Zamboni. Analysis of a denial of service attack on TCP. In Proc. 1997 IEEE Symposium on Security and Privacy, pages 208–223, Oakland, CA USA, May 1997. IEEE Computer Society Press.

    Google Scholar 

  16. William A. Simpson. IKE/ISAKMP considered harmful. ;login;, 24(6):48–58, December 1999.

    Google Scholar 

  17. Che-Fn Yu and Virgil D. Gligor. A formal specification and verification method for the prevention of denial of service. In Proc. 1988 IEEE Symposium on Security and Privacy, pages 187–202, Oakland, CA USA, April 1988. IEEE Computer Society Press.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Helsinki University of Technology, P.O.Box 5400, FIN-02015, HUT, Finland

    Tuomas Aura & Pekka Nikander

  2. Division of Sciences, Vrije Universiteit, De Boelelaan 1081A, 1081, HV, Amsterdam, The Netherlands

    Jussipekka Leiwo

Authors
  1. Tuomas Aura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pekka Nikander
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jussipekka Leiwo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, Hatfield, AL10 9AB, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. Cryptomathic, Corso Svizzera 185, 10149, Torino, Italy

    Bruno Crispo

  3. Microsoft Research Ltd., St. George House, 1 Guildhall Street, Cambridge, CB2 3NH, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aura, T., Nikander, P., Leiwo, J. (2001). DOS-Resistant Authentication with Client Puzzles. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2000. Lecture Notes in Computer Science, vol 2133. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44810-1_22

Download citation

  • DOI: https://doi.org/10.1007/3-540-44810-1_22

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42566-3

  • Online ISBN: 978-3-540-44810-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation