Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2011: Topics in Cryptology – CT-RSA 2011 pp 284–301Cite as

Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6558))

Abstract

Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requiring a client to solve some moderately hard problem before being granted access to a resource. However, recent client puzzle difficulty definitions (Stebila and Ustaoglu, 2009; Chen et al., 2009) do not ensure that solving n puzzles is n times harder than solving one puzzle. Motivated by examples of puzzles where this is the case, we present stronger definitions of difficulty for client puzzles that are meaningful in the context of adversaries with more computational power than required to solve a single puzzle.

A protocol using strong client puzzles may still not be secure against DoS attacks if the puzzles are not used in a secure manner. We describe a security model for analyzing the DoS resistance of any protocol in the context of client puzzles and give a generic technique for combining any protocol with a strong client puzzle to obtain a DoS-resistant protocol.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. In: Proc. Internet Society Network and Distributed System Security Symposium (NDSS) 2003, Internet Society, San Diego (2003)

    Google Scholar 

  2. Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Keromytis, A.D., Reingold, O.: Just Fast Keying: Key agreement in a hostile Internet. ACM Transactions on Information and System Security 7(2), 1–30 (2004)

    Article  MATH  Google Scholar 

  3. Aura, T., Nikander, P.: Stateless connections. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 87–97. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  4. Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  5. Babbage, S., Catalano, D., Cid, C., Dunkelman, O., Gehrmann, C., Granboulan, L., Lange, T., Lenstra, A., Nguyen, P.Q., Paar, C., Pelzl, J., Pornin, T., Preneel, B., Rechberger, C., Rijmen, V., Robshaw, M., Rupp, A., Smart, N., Ward, M.: ECRYPT yearly report on algorithms and keysizes (2007-2008) (2008), http://www.ecrypt.eu.org/documents/D.SPA.28-1.1.pdf

  6. Back, A.: A partial hash collision based postage scheme (1997), http://www.hashcash.org/papers/announce.txt

  7. Back, A.: Hashcash (2004), http://www.hashcash.org/docs/hashcash.html

  8. Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3), 362–399 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  9. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  10. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proc. 1st ACM Conference on Computer and Communications Security (CCS), pp. 62–73. ACM, New York (1993)

    Chapter  Google Scholar 

  11. Boyen, X.: Halting password puzzles: Hard-to-break encryption from human-memorable keys. In: Proc. 16th USENIX Security Symposium, pp. 119–134 (2007)

    Google Scholar 

  12. Canetti, R., Halevi, S., Steiner, M.: Hardness amplification of weakly verifiable puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Chen, L., Morrissey, P., Smart, N.P., Warinschi, B.: Security notions and generic constructions for client puzzles. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 505–523. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Dodis, Y., Impagliazzo, R., Jaiswal, R., Kabanets, V.: Security amplification for interactive cryptographic primitives. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 128–145. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Dwork, C., Goldberg, A., Naor, M.: On memory-bound functions for fighting spam. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 426–444. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  17. Dwork, C., Naor, M., Wee, H.: Pebbling and proofs of work. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 37–54. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Jakobsson, M., Juels, A.: Proofs of work and bread pudding protocols (extended abstract). In: Preneel, B. (ed.) Proceedings of the IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security. IFIP Conference Proceedings, vol. 152, pp. 258–272. Kluwer, Dordrecht (1999), http://www.rsa.com/rsalabs/node.asp?id=2049

    Google Scholar 

  19. Juels, A., Brainard, J.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: Proc. Internet Society Network and Distributed System Security Symposium (NDSS) 1999, pp. 151–165. Internet Society, San Diego (1999)

    Google Scholar 

  20. Karame, G.O., Capkun, S.: Low-cost client puzzles based on modular exponentiation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 679–697. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  21. Kaufman, C.: Internet Key Exchange (IKEv2) protocol, RFC 4306 (2005)

    Google Scholar 

  22. LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  23. Mao, W., Paterson, K.G.: On the plausible deniability feature of Internet protocols (2002) (manuscript), http://citeseer.ist.psu.edu/678290.html

  24. McNevin, T.J., Park, J.M., Marchany, R.: pTCP: A client puzzle protocol for defending against resource exhaustion denial of service attacks. Technical Report TR-ECE-04-10, Department of Electrical and Computer Engineering, Virginia Tech (2004), http://www.arias.ece.vt.edu/publications/TechReports/mcNevin-2004-1.pdf

  25. Meadows, C.: A formal framework and evaluation method for network denial of service. In: Proc. 12th IEEE Computer Security Foundations Workshop (CSFW), p. 4. IEEE, Los Alamitos (1999)

    Chapter  Google Scholar 

  26. Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.R.: Host Identity Protocol, RFC 5201 (2008)

    Google Scholar 

  27. Rivest, R.L., Shamir, A.: PayWord and MicroMint: Two simple micropayment schemes. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 69–87. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  28. Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Tech. Rep. TR-684, MIT Laboratory for Computer Science (1996), http://people.csail.mit.edu/rivest/RivestShamirWagner-timelock.pdf

  29. Smith, J., González Nieto, J., Boyd, C.: Modelling denial of service attacks on JFK with Meadows’s cost-based framework. In: Buyya, R., Ma, T., Safavi-Naini, R., Steketee, C., Susilo, W. (eds.) Proc. 4th Australasian Information Security Workshop – Network Security (AISW-NetSec) 2006. CRPIT, vol. 54, pp. 125–134. Australian Computer Society (2006)

    Google Scholar 

  30. Stebila, D., Kuppusamy, L., Rangasamy, J., Boyd, C., Gonzalez Nieto, J.: Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols. Cryptology ePrint Archive (2010) (full version), http://eprint.iacr.org/

  31. Stebila, D., Ustaoglu, B.: Towards denial-of-service-resilient key agreement protocols. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 389–406. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  32. Stinson, D.R.: Cryptography: Theory and Practice, 2nd edn. Chapman & Hall, Boca Raton (2002)

    MATH  Google Scholar 

  33. Tritilanunt, S., Boyd, C., Foo, E., González Nieto, J.: Toward non-parallelizable client puzzles. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 247–264. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  34. Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Designs, Codes and Cryptography 46(3), 329–342 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  35. Waters, B., Juels, A., Halderman, J.A., Felten, E.W.: New client puzzle outsourcing techniques for DoS resistance. In: Pfitzmann, B., Liu, P. (eds.) Proc. 11th ACM Conference on Computer and Communications Security (CCS), pp. 246–256. ACM, New York (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Institute, Queensland University of Technology, Brisbane, Queensland, Australia

    Douglas Stebila, Lakshmi Kuppusamy, Jothi Rangasamy, Colin Boyd & Juan Gonzalez Nieto

Authors
  1. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lakshmi Kuppusamy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jothi Rangasamy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Colin Boyd
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Juan Gonzalez Nieto
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics and Telecommunications, National and Kapodistrian University of Athen, Panepistimiopolis Ilisia, 15784, Athens, Greece

    Aggelos Kiayias

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stebila, D., Kuppusamy, L., Rangasamy, J., Boyd, C., Gonzalez Nieto, J. (2011). Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols. In: Kiayias, A. (eds) Topics in Cryptology – CT-RSA 2011. CT-RSA 2011. Lecture Notes in Computer Science, vol 6558. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19074-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19074-2_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19073-5

  • Online ISBN: 978-3-642-19074-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation