Requirements for Client Puzzles

Requirements for Client Puzzles to Defeat the Denial of Service and the Distributed Denial of Service Attacks

Vicky Laurens1, Abdulmotaleb El Saddik1, and Amiya Nayak2

1Multimedia Communications Research Laboratory University of Ottawa, Canada

2School of Information Technology & Engineering University of Ottawa, Canada

 

Abstract: Client puzzle protocols represent a promising technique for defeating resource depletion Denial of Service (DoS) attacks. Practical implementations of client puzzle protocols not only reported positive results in achieving such a challenging goal (preventing DoS attacks), but also these implementations overcame, up to a certain degree, one of the first disadvantages of client puzzle protocols: Their interoperability with current Internet communication protocols. However, the question on whether client puzzle protocols can thwart the Distributed Denial of Service (DDoS) attacks is still under investigation. Due to the increasing number of DDoS attacks, their prevention has become very important. Based on the puzzle generation and verification processes, and focusing mainly on forestalling DDoS attacks, this paper classifies and analyzes current proposals of client puzzle protocols. The paper not only reveals and analyzes their limitations with regards to the prevention of DDoS attacks, but also outlines a general approach for addressing the identified limitations. We propose a solution based on the general principle that under attack legitimate clients should be willing to experience some degradation in their performance in order to obtain the requested service. Our proposal is based on including a puzzle-solution request  in different states of a given connection such that the computational load for solving the puzzles will be noted but the clients’ operations will not be totally interrupted.

Keywords: Security attacks, distributed denial of service.

Received May 12, 2005; accepted August 3, 2005

Full Text

Read 7638 times Last modified on Wednesday, 20 January 2010 03:06
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…