A Systematic Puzzle Approach of Deploying Software For Restricting Dos & DDOS Attacks

Gelli Naga Venkata Vinay Kumar, Md. Amanatulla

Abstract


In the network denial of service (DoS) and distributed DoS (DDoS) attacks intend to prevent legitimate clients from accessing services are considered a serious hazard to the availability and reliability of the internet services. For example, server receives huge number of junk request from malicious client. For each request, server has to waste extra CPU time for completing process of SSL handshakes .Server cannot handle requests of services from its true customers because it may not have enough resources to handle the request. As a result of this attack is vanished businesses and reputation lost. Represented an advance mechanism that refers as the software puzzle, the aim of this mechanism is to prevent DoS or DDoS attacks and provide services to valid clients. The idea is quite simple. When a client wants to acquire a service from the server, client sends a simple request to the server. After getting the client request, the server sends one puzzle challenge to client. Client must first solve a complex structure puzzle correctly and submit it to the server for accessing services. Server verifies this puzzle solution, if it is correct then server agrees to establish connection with client. To solve this puzzle by every client, prevent vulnerable connection. A software puzzle is different kinds of methods or complex structure or problem which uses sequence of steps and solving these steps client can access resources. Timestamp, data length, key length and software puzzle complexity these attributes are used for security purpose in puzzle generation process and generates puzzle dynamically. I have used the SPEKE algorithm for key generation; it provides high level security and thwarts man-in-middle attack by password. Implement the RC7 algorithm for encryption purpose. It provides best result in case of throughput and time consumption and provides high level security .

References


[ 1] Yongdong Wu, Zhigang Zhao, Feng Bao, and Robert H. Deng “Software Puzzle: A Countermeasure to Resource-Inflated Denial-ofService Attacks†IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 10, NO. 1, JANUARY 2015.

[ 2] R. L. Rivest, A. Shamir, and D. A. Wagner, “Time-lock puzzles and timed-release crypto,†Dept. Comput. Sci. Massachusetts Inst. Technol., Cambridge, MA, USA, Tech. Rep. MIT/LCS/TR-684, Feb. 1996.

[ 3] A. Juels and J. Brainard, “Client puzzles: A cryptographic countermeasure against connection depletion attacks,†in Proc. Netw. Distrib. Syst.Secur. Symp, 1999.

[ 4] T. J. McNevin, J.-M. Park, and R. Marchany, “pTCP: A client puzzle protocol for defending against resource exhaustion denial of service attacks,†Virginia Tech Univ., Dept. Elect. Comput. Eng., Blacksburg, VA, USA, Tech. Rep. TR-ECE-04-10, Oct. 2004.

W.-C. Feng and E. Kaiser, “The case for public work,†in Proc. IEEE Global Internet Symp., May 2007, pp. 43–48.

D. Keppel, S. J. Eggers, and R. R. Henry, “A case for runtime code generation,†Dept. Comput. Sci. Eng., Univ. Washington, Seattle, WA, USA, Tech. Rep. CSE-91-11-04, 1991.

E. Kaiser and W.-C. Feng, “mod_kaPoW: Mitigating DoS with transparent proof-of-work,†in Proc. ACM CoNEXT Conf., 2007, p. 74.

NVIDIA CUDA. (Apr. 4, 2012). NVIDIA CUDA C Programming Guide, Version 4.2. [Online]. Available: http://developer.download.nvidia.com/

X. Wang and M. K. Reiter, “Mitigating bandwidth-exhaustion attacks using congestion puzzles,†in Proc. 11th ACM Conf. Comput. Commun. Secur., 2004, pp. 257–267.

M. Jakobsson and A. Juels, “Proofs of work and bread pudding protocols,†in Proc. IFIP TC6/TC11 Joint Working Conf. Secure Inf. Netw., Commun. Multimedia Secur., 1999, pp. 258–272.

[ 11] Y. I. Jerschow and M. Mauve, “Non-parallelizable and non-interactive client puzzles from modular square roots,†in Proc. Int. Conf. Availability, Rel. Secur., Aug. 2011, pp. 135–142.

[ 12] J. Green, J. Juen, O. Fatemieh, R. Shankesi, D. Jin, and C. A. Gunter,“Reconstructing Hash Reversal based Proof of Work Schemes,†in Proc. 4th USENIX Workshop Large-Scale Exploits Emergent Threats, 2011.


Full Text: PDF [Full Text]

Refbacks

  • There are currently no refbacks.


Copyright © 2013, All rights reserved.| ijseat.com

Creative Commons License
International Journal of Science Engineering and Advance Technology is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJSEat , Permissions beyond the scope of this license may be available at http://creativecommons.org/licenses/by/3.0/deed.en_GB.

Â