Efficient Trapdoor-Based Client Puzzle Against DoS Attacks



It is well known that authentication, integrity, and confidentiality are the most important principles of network security. However, recent reports about a number of prominent Internet service providers that broke down because of malicious attacks [2, 3, 32,32] urge people to realize that all security principles must be based on service availability. “Availability” in this context refers to a service that can be accessed within a reasonable amount of waiting time after a legitimate client sends a request.


Search Range Connection Request Modular Multiplication Discrete Logarithm Problem Modular Exponentiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Digital signature standard (DSS). In Federal Information Processing Standards Publication 186. National Institute of Standards and Technology (NIST), 1994.Google Scholar
  2. 2.
    The New York Times, 12 September, 1996.Google Scholar
  3. 3.
    R. Aguilar, and J. Kornblum. New York Times site hacked. CNET NEWS.COM, 8 November, 1996.Google Scholar
  4. 4.
    T. Aura, P. Nikander, and J. Leiwo. Dos-resistant authentication with client puzzles. Security Protocols, 8th International Workshop, Cambridge, UK, April 3–5, 2000; revised papers, Vol. 2133 of Lecture Notes in Computer Science, pp. 170–177, Springer, 2001.Google Scholar
  5. 5.
    B. Waters, A. Juels, J. A. Halderman, and E. W. Felten. New client puzzle outsourcing techniques for dos resistance. In ACM Conference on Computer and Communications Security, pp. 246–256, 2004.Google Scholar
  6. 6.
    D. Bernstein. Syn floods - a solution. Available at http://www.op.net/jaw/syn-fix.html, 1996.
  7. 7.
    E. Brickell, and K. McCurley. An interactive identification scheme based on discrete logarithms and factoring. In Advances in Cryptology, Proceedings EUROCRYPT 90, LNCS 473, Vol. 5, pp. 23–29. Springer, 1991.Google Scholar
  8. 8.
    CNN. Cyber-attacks batter Web heavyweights. Available at http://www.cnn.com/2000/tech/computing/02/09/cyber.attacks.01/index.html, February 2002.
  9. 9.
    daN.Re:client puzzle protocol neohapsis archives. Available athttp://archives.neohapsis.com/archives/nfr-wizards/2000-q1/0645.html, 2000.
  10. 10.
    C. Davidson. The “SYN flood” gates open for WebCom. iWorld Weekly, 16 December, 1996.Google Scholar
  11. 11.
    C. Dwork, and M. Naor. Pricing via processing or combatting junk mail. In Advances in Cryptology, Proceedings CRYPTO 92, LNCS 740, pp. 139–147, Santa Barbara, CA USA, Springer, August 1992.Google Scholar
  12. 12.
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31:469–472, 1985.MathSciNetMATHCrossRefGoogle Scholar
  13. 13.
    J. Elliot. Distributed denial of service attacks and the zombie ant effect. IT Professional, pp. 55–57, March 2000.Google Scholar
  14. 14.
    P. Ferguson, and D. Senie. Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing. IETF, RFC 2267, January 1998.Google Scholar
  15. 15.
    A. Juels, and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In S. Kent, (Ed.), Distributed Systems Security (SNDSS), pp. 151–165, 1999.Google Scholar
  16. 16.
    F. Kargl, J.Maier, and M. Weber. Protecting web servers from distributed denial of service attacks. In Proceedings of the 10th International WWW Conference, Hong Kong, May 1–5, 2001.Google Scholar
  17. 17.
    C. Kaufman, R. Perlman, and M. Speciner. Network Security: Private Communication in a Public World (2nd Edition). Prentice Hall PTR, 2002.Google Scholar
  18. 18.
    A.K. Lenstra, and H.W. Lenstra, Jr. Algorithms in number theory. In J. van Leeuwen, (Ed.), Handbook of Theoretical Computer Science, Vol. A, pp. 673–715, MIT/Elsevier, 1990.Google Scholar
  19. 19.
    C. Mclvor, M. Mcloone, and J. Mccanny. Modified montgomery modular multiplication and rsa exponentiation techniques. In IEE Proceedings - Computers & Digital Techniques, Vol. 151, pp. 402–408, November 2004.CrossRefGoogle Scholar
  20. 20.
    A. Oldyzko. Discrete logarithms in finite fields and their cryptographic significance. In Advances in Cryptology, Proceedings EUROCRYPT 84, LNCS 209, pp. 224–314, Springer, 1984.Google Scholar
  21. 21.
    K. Park, and H. Lee. On the effectiveness of probabilistic packet marking for ip traceback under denial of service attack. IEEE INFOCOM 2001, pp. 338–347, 2001.Google Scholar
  22. 22.
    K. Park, and H. Lee. On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law internets. In Proceedings of ACM SIGCOMM’2001, August 2001.Google Scholar
  23. 23.
    K. Park, and H. Lee. Advanced packet marking mechanism with pushback for ip traceback. In ACNS04 PROGRAM - Academic Track, June 8–11, 2004.Google Scholar
  24. 24.
    M. B. Rash. client puzzle protocol. Available at http://honor.trusecure.com/pipermail/firewall-wizards/2000-february/007944.html, 2000.
  25. 25.
    L. Ricciulli, P. Lincoln, and P. Kakkar. TCP SYN flooding defense. In In Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS’99), 1999.Google Scholar
  26. 26.
    B. Schneier. Applied cryptography : protocols, algorithms, and source code in C. Wiley, 1996.Google Scholar
  27. 27.
    C. Schnorr. Efficient signature generation for smart cards. In Advances in Cryptology, Proceedings CRYPTO 89, LNCS 435, pp. 239–252, Springer, 1990.Google Scholar
  28. 28.
    L. Sherriff. Virus launches ddos for mobile phones. Available at http://www.theregister.co.uk/content/1/12394.html.
  29. 29.
    C. Wang, C. Lin, and C. Chang. Signature schemes based on two hard problems simultaneously. In the 17th International Conference on Advanced Information Networking and Applications, pp. 557–560, 2003.Google Scholar
  30. 30.
    G. Weijers. re:client puzzle protocol. Available at http://archives.neohapsis.com/archives/nfr-wizards/2000-q1/0558.html, 2000.
  31. 31.
    M. Williams. Ebay, amazon, buy.com hit by attacks. IDG News Service, 9 February 2000.Google Scholar
  32. 32.
    B. Ziegler. Hacker tangles panix Web site. Wall Street Journal, 12 September 1996.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.School of Information Technology and Computer ScienceUniversity of WollongongWollongongAustralia

Personalised recommendations