Abstract
In this paper, we present a general attack model against hash-based client puzzles. Our attack is generic in that it works against many published protocols. We introduce a new protocol and subsequently attack our new construction as well. We conclude by drawing two requirements of client puzzle protocols that would overcome our attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium (2003)
Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001)
Benham, M.: Internet Exproler SSL Vulnerability (August 2002), http://www.securiteam.com/windowsntfocus/5JP0E0081M.html
Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)
Dean, D., Stubblefield, A.: Using client puzzles to protect TLS. In: Proceedings of 10th Annual USENIX Security Symposium (2001)
Freier, A., Karlton, P., Kocher, P.: The SSL protocol - version3.0 (March 1996), Available at http://home.netscape.com/eng/ssl3/ssl-toc.html
Geng, X., Whinston, A.: Defeating distributed denial of service attack. IEEE IT Professional 2(4), 36–41 (2000)
Juels, A., Brainard, J.: Client puzzles: A cryptographic counter- measure against connection depletion attacks. In: Kent, S. (ed.) Proceedings of the 1999 Network and Distributed System Security Symposium, pp. 151–165 (1999)
Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998)
Sobig, F.: worm believed to start at Web porn site (August 2003), Available at http://www.usatoday.com/tech/news/computersecurity/2003-08-22-sobig-start_x.htm
Wang, X., Reiter, M.K.: Defending against denial-of- service attacks with puzzle auctions. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Price, G. (2003). A General Attack Model on Hash-Based Client Puzzles. In: Paterson, K.G. (eds) Cryptography and Coding. Cryptography and Coding 2003. Lecture Notes in Computer Science, vol 2898. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40974-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-40974-8_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20663-7
Online ISBN: 978-3-540-40974-8
eBook Packages: Springer Book Archive