Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Webpage: Funded by: 23 5 4 mod _ kaPoW: Mitigating Denial-of-Service with Transparent Proof-of-Work Ed Kaiser & Wu-chang.

Published byJemima Parrish Modified over 7 years ago

Similar presentations

Presentation on theme: "Project Webpage: Funded by: 23 5 4 mod _ kaPoW: Mitigating Denial-of-Service with Transparent Proof-of-Work Ed Kaiser & Wu-chang."— Presentation transcript:

1 Project Webpage: http://maes.cs.pdx.edu Funded by: 23 5 4 mod _ kaPoW: Mitigating Denial-of-Service with Transparent Proof-of-Work Ed Kaiser & Wu-chang Feng 1 The Work Function The ProblemThe ChallengesThe Solution Transparency 7 Challenge Difficulty 6 Backwards Compatibility 8 Efficiency Find an answer A that satisfies: where; H is a one-way hash function (i.e. SHA1) with uniformly distributed output D C is a client-specific server-assigned difficulty N C is a client-specific server-generated nonce, generated by: H(D C, N C, A)  0 mod D C (1) N C = E K (IP C, URL, D C ) (2) Unwanted traffic like Denial-of-Service attacks remain a problem for networked systems. Proof-of-Work is a defense that prioritizes service requests based on the clients’ willingness to solve computational challenges. Existing Proof-of-Work schemes have not made much progress towards deployment because in order to work they require the wide-scale use of special client software. Embed the Proof-of-Work challenges and responses within the URLs of protected web content. Clients use JavaScript to solve the work functions. The server uses an Apache module to prioritize HTTP requests based on the solution in the URL; valid solution  high priority missing solution  low priority error invalid solution  low priority error zero difficulty solution  low priority Transparency so that clients do not need to download and install special software. Backwards-compatibility so clients that cannot solve challenges may still participate. Bind work functions to client, server, and time. Efficiency to minimize overhead. Tailor challenges with client-specific difficulty to prioritize clients based on their past behavior. using; E an efficient encryption algorithm (i.e. the XTEA block cipher) K the secret key held by the server IP C the client’s network identity URL the resource descriptor contained in the request D C the same client-specific server-assigned difficulty as above Client browsers use the Solve() script as needed; image URLs are solved as the DOM is loaded but hyperlinks are only solved when clicked. This is driven through scripts; user input is not needed. The error page’s script automatically solves the work function and refreshes using the correct URL; the error page is not seen by users. Webpages are modified only upon egress from the module; content servers operate as normal. Modified URLs default to difficulty zero (D C = 0) so that legacy clients without JavaScript enabled can access the content on the low priority mirror; all clients have a method to access content. The module operates independent to content production and does not require any changes to the format or content of webpages, whether they are static or dynamically generated; the module flexibly modifies outgoing webpages. The server benefits over the baseline with it’s ability to efficiently reject bad solutions. The overhead of appending challenges to URLs is only significant for large files containing hundreds of URLs. Error: Invalid PoW <BODY ONLOAD='Solve(document.links[0]); window.location.replace(document.links[0].href)' > Invalid PoW The requested URL did not have a valid Proof-of-Work attached. If you are reading this page, it is likely that you do not have JavaScript enabled. If you would still like to try to access the content, please click the following link: http://maes.cs.pdx.edu/ The Error Page Sample Content Page Sample Content Page This webpage demonstrates an image and link protected by Proof-of-Work. are solved when the page is loaded to avoid delay. In contrast, PoW-protected links are solved only when the link is clicked. A Modified Content Page Internet Clients Append challenges to URLs Redirect to Error Page mod _ kaPoW No Yes The client-specific difficulty D C is assigned by the server based upon the maximum of either the client’s contribution to the current aggregate load or the client’s slowly decaying load history. The history is stored efficiently using a counting Bloom Filter indexed by the client’s identity IP C. Each entry measures a client’s cumulative load from successful requests (i.e. those that had valid solutions). Invalid A ? Missing N C or D C ? D C = 0 ? Low Priority Mirror High Priority Mirror

Download ppt "Project Webpage: Funded by: 23 5 4 mod _ kaPoW: Mitigating Denial-of-Service with Transparent Proof-of-Work Ed Kaiser & Wu-chang."

Similar presentations

PHP I.

PHP I.
Web Content Control Application Providing Secure & Reliable Internet Access December 2010.

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
CHAPTER 15 WEBPAGE OPTIMIZATION. LEARNING OBJECTIVES How to test your web-page performance How browser and server interactions impact performance What.

CHAPTER 15 WEBPAGE OPTIMIZATION. LEARNING OBJECTIVES How to test your web-page performance How browser and server interactions impact performance What.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Languages for Dynamic Web Documents

Languages for Dynamic Web Documents
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.

CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.
EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao

EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao
CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.

CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
HTTP Performance Objective: In this problem, we consider the performance of HTTP, comparing non-persistent HTTP with persistent HTTP. Suppose the page.

HTTP Performance Objective: In this problem, we consider the performance of HTTP, comparing non-persistent HTTP with persistent HTTP. Suppose the page.
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

Similar presentations

Ads by Google