client puzzles for denial of service resistant
play

Client puzzles for denial-of-service resistant authentication Joint - PowerPoint PPT Presentation

May 28, 2023 •230 likes •560 views

Client puzzles for denial-of-service resistant authentication Joint work with Juan Gonzalez, Lakshmi Kuppusamy, Jothi Rangasamy, Douglas Stebila, Suriadi Suriadi Colin Boyd Information Security Institute Queensland University of Technology

  1. Client puzzles for denial-of-service resistant authentication Joint work with Juan Gonzalez, Lakshmi Kuppusamy, Jothi Rangasamy, Douglas Stebila, Suriadi Suriadi Colin Boyd Information Security Institute Queensland University of Technology December 2011 Boyd et al. (QUT) Client puzzles December 2011 1 / 36

  2. Outline Background 1 What is DoS? Defending against DoS Types of puzzle 2 Hash-based puzzles Number-theoretic (RSA-based) puzzles Computational models for puzzles 3 Case study: web services 4 Boyd et al. (QUT) Client puzzles December 2011 2 / 36

  3. Australia-India Project Part of Australia-India Strategic Research Fund project on Protecting Critical Infrastructure from Denial of Service Attacks . Project 1: Advanced high-rate packet classifier Project 2: DoS defences for web services and service-oriented architectures Project 3: DoS-resilient authentication protocols Project 4: DoS vulnerabilities in emerging technologies Project 5: Harmonisation of policy, legal and regulatory environments Boyd et al. (QUT) Client puzzles December 2011 3 / 36

  4. Background What is DoS? Cyber attacks Denial-of-service (DoS) is one of the most common real world network security attacks. DoS prevents users from accessing their legitimate resources. It is an attack on availability . Highly publicised attacks have affected nation states: Estonia (April 2007); Georgia (August 2008); United States and South Korea (July 2009). DoS attacks against sites of your choice are readily available for hire. Boyd et al. (QUT) Client puzzles December 2011 5 / 36

  5. Background What is DoS? Types of denial of service attacks Brute force attacks: attacker generates sufficiently many legitimate requests to overload a server’s resources. Does not require special knowledge of protocol specification or implementation. Distributed denial of service (DDoS) attacks Ping floods Semantic attacks: attacker tries to exploit vulnerabilities of particular network protocols or applications. Requires special knowledge of protocol specification and implementation. Buffer overflow attacks TCP SYN flooding / IP spoofing attacks Boyd et al. (QUT) Client puzzles December 2011 6 / 36

  6. Background Defending against DoS Prevention techniques Try to identify malicious traffic: address filtering to block false addresses or addresses making too many requests; bandwidth management by routers and switches; packet inspection: look for patterns of bad requests; intrusion-prevention systems: look for signatures of attacks. Difficult to distinguish real users’ legitimate requests from attacker’s legitimately-formed requests in brute force attacks. Can authentication help? Boyd et al. (QUT) Client puzzles December 2011 7 / 36

  7. Background Defending against DoS Gradual authentication Principle for denial-of-service resistance proposed by Meadows Idea is to use cheap and low-security authentication initially Gradually put more effort into authentication if earlier stages succeed A typical progression might be to implement cookies first, then puzzles, then strong cryptographic authentication. Cookies provide proof of reachability Puzzles provide proof of work Signatures provide strong cryptographic authentication Boyd et al. (QUT) Client puzzles December 2011 8 / 36

  8. Background Defending against DoS Puzzles The server generates a challenge and the client is required to solve a moderately hard puzzle based on this challenge. Puzzles should be: easy to generate, not require stored state, easy to verify. Puzzles may be either computation-bound or memory-bound . We only look at the former. Boyd et al. (QUT) Client puzzles December 2011 9 / 36

  9. Background Defending against DoS Puzzle definition Formally, a client puzzle is a tuple of algorithms: Setup(1 k ): Return public parameters and server secret s . GenPuz( s , Q , str ): Generate a puzzle of difficulty Q for session string str . FindSoln( str , puz ): Find a solution for session string str and the given puzzle puz . VerSoln( s , str , puz , soln ): Check if soln is a valid solution for puzzle puz and session string str . Boyd et al. (QUT) Client puzzles December 2011 10 / 36

  10. Background Defending against DoS Puzzle security properties Difficulty: it should be moderately hard to solve a puzzle Unforgeability: it should not be possible for the adversary to generate valid puzzles Non-parallelizability: it should not be possible to have multiple computers solve a puzzle in less time than a single computer could Tuneable difficulty: can provide puzzles with different difficulty levels Useful puzzles: the work done in solving a puzzle can be used for another purpose Boyd et al. (QUT) Client puzzles December 2011 11 / 36

  11. Types of puzzle Hash-based puzzles Hash-based puzzle (Juels–Brainard) Based on finding partial pre-image of hash function H . Difficulty parameter is Q . Choose random x ← { 0 , 1 } k PuzGen Set x = x ′ � x ′′ ���� ���� Q k − Q Set z = H ( x , Q , str ) Puzzle is ( x ′′ , z ) FindSoln Find y such that H ( y � x ′′ , Q , str ) = z VerSoln Check that z ? = H ( y � x ′′ , Q , str ) Boyd et al. (QUT) Client puzzles December 2011 13 / 36

  12. Types of puzzle Hash-based puzzles Properties of hash-based puzzles Merits Generation and verification very efficient Easily tuneable by giving ‘hints’ (range for solution) Limitations Seem hard to make non-parallelisable Proofs of difficulty are only available in the random oracle model Boyd et al. (QUT) Client puzzles December 2011 14 / 36

  13. Types of puzzle Number-theoretic (RSA-based) puzzles Time-lock puzzles of Rivest–Shamir–Wagner (RSW) RSA-based puzzle proposed in 1996 Sending information into the future Uses RSA modulus n = pq . Setup Choose difficulty Q Compute b = 2 Q mod φ ( n ) PuzGen Choose random x Puzzle consists of ( n , x , Q ) Compute y = x 2 Q mod n FindSoln Check that y ? = x b mod n VerSoln Boyd et al. (QUT) Client puzzles December 2011 15 / 36

  14. Types of puzzle Number-theoretic (RSA-based) puzzles Properties of RSW puzzle Merits Believed to be non-parallelisable - only known way to find y is to square a repeatedly Q times. Simple construction Limitations Verification requires exponentiation No proof of difficulty Boyd et al. (QUT) Client puzzles December 2011 16 / 36

  15. Types of puzzle Number-theoretic (RSA-based) puzzles Karame– ˇ Capkun puzzle (ESORICS 2010) RSW puzzle is relatively expensive to verify. VerSoln requires full modular exponentiation. Karame and ˇ Capkun use short RSA private exponent . Consequently RSA public exponent must be very large. Puzzle is essentially to compute RSA encryption of random value. Verification is decryption with short exponent and checking. Boyd et al. (QUT) Client puzzles December 2011 17 / 36

  16. Types of puzzle Number-theoretic (RSA-based) puzzles Karame– ˇ Capkun construction n is RSA modulus, d is short RSA private exponent of length k (such as k = 80), public exponent is e > n 2 . Setup Choose difficulty Q Compute b = 2 Q mod φ ( n ) PuzGen Choose random X K = e − b Puzzle is ( n , x , Q , K ) FindSoln Compute y 1 = x 2 Q mod n ; y 2 = x K mod n VerSoln Check that ( y 1 y 2 ) d mod n ? = x Boyd et al. (QUT) Client puzzles December 2011 18 / 36

  17. Types of puzzle Number-theoretic (RSA-based) puzzles Properties of Karame– ˇ Capkun construction Merits Verification much improved over RSW puzzle, by about | n | / 2 k times Has proof of difficulty (relative to RSW puzzle) Limitations Verification still requires exponentiation Parallelisability not so tight Boyd et al. (QUT) Client puzzles December 2011 19 / 36

  18. Types of puzzle Number-theoretic (RSA-based) puzzles BPV generator Boyko, Peinado, Venkatesan, Eurocrypt’98 Method for computing random RSA encryptions and exponentiations efficiently with pre-computation. Pre-computation generates a table of random pairs: { ( α i , α u i ) } for RSA generator; { ( x i , g x i ) } for DL generator; When new value is needed a small random subset of table is chosen and combined. For suitable parameter sizes the output of the generators are statistically indistinguishable from randomly generated pairs. Boyd et al. (QUT) Client puzzles December 2011 20 / 36

  19. Types of puzzle Number-theoretic (RSA-based) puzzles BPV generator for RSA BPV Generator Let k , ℓ , and N , with N ≥ ℓ ≥ 1, be parameters. Let n be an RSA modulus and u an exponent. Pre-processing run once. Generate N random integers n and compute β i ← α iu mod n for each i . α 1 , α 2 , . . . , α N ← Z ∗ Return a table τ ← (( α i , β i )) N i = 1 . Whenever a pair ( x , x u mod n ) is needed : choose a random set S ⊆ { 1 , . . . , N } of size ℓ . Compute x ← � j ∈ S α j mod n and X ← � j ∈ S β j mod n and return ( x , X ) . Boyd et al. (QUT) Client puzzles December 2011 21 / 36

  20. Types of puzzle Number-theoretic (RSA-based) puzzles A new non-parallelisable puzzle (RSA Puz) n is RSA modulus, public exponent is e = 3. Set d = 3 − 1 mod φ ( n ) Setup Choose difficulty Q Set u = d − ( 2 Q mod φ ( n )) Compute BPV pre-processing to obtain table with N = 2500 and ℓ = 4 Use BPV algorithm to computer new ( x , X = x u ) pair PuzGen Puzzle is ( n , x , Q ) FindSoln Compute y = x 2 Q mod n VerSoln Check that ( X · y ) 3 mod n ? = x Boyd et al. (QUT) Client puzzles December 2011 22 / 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Client Puzzles Defending Against Denial-of- Service Attacks with Puzzle Auctions Outline

Client Puzzles Defending Against Denial-of- Service Attacks with Puzzle Auctions Outline

Client Puzzles Defending Against Denial-of- Service Attacks with Puzzle Auctions Outline Motivation Auction Protocol TCP Puzzle Auction TCP Client Puzzle Implementation Experiment Results Questions Defending Against

761 views • 30 slides
Alternative Mining Puzzles Essential Puzzle Requirements ASIC-Resistant Puzzles

Alternative Mining Puzzles Essential Puzzle Requirements ASIC-Resistant Puzzles

Cryptocurrency Technologies Alternative Mining Puzzles Alternative Mining Puzzles Essential Puzzle Requirements ASIC-Resistant Puzzles Proof-of-Useful-Work Non-outsourceable Puzzles Proof-of-Stake Virtual Mining Puzzles

474 views • 26 slides
Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples

Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples

Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples Countermeasures against DoS Crypto Puzzles Stateless Protocols Avoid IP address spoofing / identifying malicious nodes Ingress filtering

937 views • 72 slides
Denial of Service Last Class Fault tolerance Concurrency Naming This Class

Denial of Service Last Class Fault tolerance Concurrency Naming This Class

Denial of Service Last Class Fault tolerance Concurrency Naming This Class Networking How DDoS works UDP Data Client Server Response TCP DDoS Distributed denial-of-service attack Attacker targets a victim from a

436 views • 28 slides
Denial-of-Service (DoS), continued CS 161: Computer Security Prof. David Wagner April 4, 2016

Denial-of-Service (DoS), continued CS 161: Computer Security Prof. David Wagner April 4, 2016

Denial-of-Service (DoS), continued CS 161: Computer Security Prof. David Wagner April 4, 2016 Transport-Level Denial-of-Service Recall TCPs 3-way connection establishment handshake Goal: agree on initial sequence numbers Server Client

530 views • 40 slides
Denial of Service Denial of Service An attack designed to disrupt or completely deny

Denial of Service Denial of Service An attack designed to disrupt or completely deny

1 Denial of Service Denial of Service An attack designed to disrupt or completely deny legitimate users access to network, servers, services, or other resources Two basic favors: Target resource starvation Network

430 views • 19 slides
New Client Puzzle Outsourcing Techniques for DoS Resistance Paper by Waters, Juels,

New Client Puzzle Outsourcing Techniques for DoS Resistance Paper by Waters, Juels,

New Client Puzzle Outsourcing Techniques for DoS Resistance Paper by Waters, Juels, Halderman, and Felten Presenter: Michael Peck Outline Need for client puzzles Basic idea of client puzzles Related ideas Juels/Brainard

551 views • 39 slides
Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service How to mitigate attacks How to find out senders What is Denial of Service

542 views • 8 slides
Practicing Scientific Inquiry through Jigsaw Puzzles Tara Mohanan Puzzles as Games Math puzzles

Practicing Scientific Inquiry through Jigsaw Puzzles Tara Mohanan Puzzles as Games Math puzzles

Practicing Scientific Inquiry through Jigsaw Puzzles Tara Mohanan Puzzles as Games Math puzzles Logic puzzles Number puzzles Word puzzles Object puzzles Shape puzzles Jigsaw puzzles Puzzles as Part of Inquiry Jigsaw

614 views • 24 slides
Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding Attacks Exploiting Software

806 views • 27 slides
Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London

Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London

Towards DoS-resistant Internet Architecture Prof. Mark Handley University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding Attacks Exploiting Software Weaknesses

319 views • 19 slides
Denial-of-Service (DoS) CS 161: Computer Security Prof. David Wagner March 5, 2013 Attacks on

Denial-of-Service (DoS) CS 161: Computer Security Prof. David Wagner March 5, 2013 Attacks on

Denial-of-Service (DoS) CS 161: Computer Security Prof. David Wagner March 5, 2013 Attacks on Availability Denial-of-Service (DoS): preventing legitimate users from using a computing service We do though need to consider our threat model

1.09k views • 42 slides
Countering SYN Flood Denial-of-Service (DoS) Attacks Ross Oliver Tech Mavens

Countering SYN Flood Denial-of-Service (DoS) Attacks Ross Oliver Tech Mavens

Countering SYN Flood Denial-of-Service (DoS) Attacks Ross Oliver Tech Mavens reo@tech-mavens.com What is a Denial-of- Service (DoS) attack? ! Attacker generates unusually large volume of requests, overwhelming your servers ! Legitimate

493 views • 27 slides
Denial of Service Attacks Types, Causes, Motives & Remedies By M. Raza ur Rehman NUST

Denial of Service Attacks Types, Causes, Motives & Remedies By M. Raza ur Rehman NUST

Denial of Service Attacks Types, Causes, Motives & Remedies By M. Raza ur Rehman NUST PAKCON 2004 Denial of Service Attacks Attempts to prevent or disturb legitimate access to co mputer resources Resources like bandwidth, services

557 views • 18 slides
Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements:

Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements:

Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements: Materials are taken from the Internet COMP4631 1 Agenda of this lecture Zombie computers, bots, botnets Denial of service (DoS) a/acks

630 views • 45 slides
CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL:

CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL:

CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Denial of Service Intentional prevention

663 views • 25 slides
Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements Romain

Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements Romain

Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements Romain Fontugne 1 , Emile Aben 2 , Cristel Pelsser 3 , Randy Bush 1 November 1, 2017 1 IIJ Research Lab, 2 RIPE NCC, 3 University of Strasbourg / CNRS 1 / 25

499 views • 35 slides
CSE 484 / CSE M 584: Computer Security and Privacy Spring 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Spring 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

735 views • 36 slides
CPS: Market Analysis of Attacks Against Demand Response in the Smart Grid Carlos Barreto,

CPS: Market Analysis of Attacks Against Demand Response in the Smart Grid Carlos Barreto,

CPS: Market Analysis of Attacks Against Demand Response in the Smart Grid Carlos Barreto, carlos.barretosuarez@utdallas.edu Alvaro A. Cardenas, alvaro.cardenas@utdallas.edu Nicanor Quijano, nquijano@uniandes.edu.co Eduardo Mojica,

330 views • 20 slides
iCAST / TRUST Collaboration Year 2 - Kickoff Meeting Robin Sommer International Computer Science

iCAST / TRUST Collaboration Year 2 - Kickoff Meeting Robin Sommer International Computer Science

iCAST / TRUST Collaboration Year 2 - Kickoff Meeting Robin Sommer International Computer Science Institute robin@icsi.berkeley.edu http://www.icir.org Projects Overview Project 1 NIDS Evasion Testing in a Live Context Project 2

420 views • 21 slides
CS 162 Intro to Programming II Inheritance I 1 Basic

CS 162 Intro to Programming II Inheritance I 1 Basic

CS 162 Intro to Programming II Inheritance I 1 Basic Idea Parent/base/super class Character More general Child/derived/sub class

504 views • 22 slides
Boleslaw Szymanski based on slides by Albert-Lszl Barabsi and Roberta Sinatr a

Boleslaw Szymanski based on slides by Albert-Lszl Barabsi and Roberta Sinatr a

Frontiers of Network Science Fall 2017 Class 19: Robustness II (Chapter 8 in Textbook) Boleslaw Szymanski based on slides by Albert-Lszl Barabsi and Roberta Sinatr a www.BarabasiLab.com Attack threshold for arbitrary P(k) Attack

329 views • 28 slides
Implementing Explanation-Based Argumentation using Answer Set Programming Giovanni Sileno

Implementing Explanation-Based Argumentation using Answer Set Programming Giovanni Sileno

Implementing Explanation-Based Argumentation using Answer Set Programming Giovanni Sileno g.sileno@uva.nl Alexander Boer, Tom van Engers 5 May 2014, ArgMAS presentation Leibniz Center for Law University of Amsterdam Background Argumentation

1.09k views • 61 slides
Slide 4 / 50 3 The two circular wire loops are represented above lie on the same axis. If the

Slide 4 / 50 3 The two circular wire loops are represented above lie on the same axis. If the

Slide 1 / 50 AP Physics 2 Electromagnetic Induction Multiple Choice www.njctl.org Slide 2 / 50 1 A beam of electrons travels between two parallel coils of wire, as shown in the figures above. When the coils do not carry a current, the

432 views • 17 slides

More recommend