u TCP SYN flooding has been deployed in the real world –Panix, mid-Sept (WSJ, NYT) –New York Times, late Sept –Others Similar attacks may be mounted against , SSL, etc.
Some defenses against connection depletion
Throw away requests Buffer Server Problem: Legitimate clients must keep retrying Client Hello?
Request IP Tracing (or Syncookies) Buffer Server Can be evaded, particularly on, e.g., Ethernet Does not allow for proxies, anonymity Problems: Client Hi. My name is
Digital signatures Buffer Server Requires carefully regulated PKI Does not allow for anonymity Problems: Client
Connection timeout Problem: Hard to achieve balance between security and latency demands Server Client
Our solution: client puzzles
Intuition Restauranteur Table for four at 8 oclock. Name of Mr. Smith. Please solve this puzzle. O.K., Mr. Smith O.K. ???
u A puzzle takes an hour to solve u There are 40 tables in restaurant u Reserve at most one day in advance Intuition A legitimate patron can easily reserve a table, but: Suppose:
Intuition ??? Would-be saboteur has too many puzzles to solve
The client puzzle protocol Buffer Server Client Service request R O.K.
What does a puzzle look like?
hash image Y Puzzle basis: partial hash inversion pre-image X 160 bits ? Pair (X, Y) is k-bit-hard puzzle partial-image X ? k bits
Puzzle construction Client Service request R Server Secret S
Puzzle construction Server computes: secret S time T request R hash pre-image X hash image Y Puzzle
Puzzle properties u Puzzles are stateless u Puzzles are easy to verify u Hardness of puzzles can be carefully controlled u Puzzles use standard cryptographic primitives
Where to use client puzzles?
Some pros Avoids many flaws in other solutions, e.g.: u Allows for anonymous connections u Does not require PKI u Does not require retries -- even under heavy attack
Practical application u Can use client-puzzles without special- purpose software –Key idea: Applet carries puzzle + puzzle- solving code u Where can we apply this? –SSL (Secure Sockets Layer) –Web-based password authentication
u Puzzle and protocol description u Rigorous mathematical treatment of security using puzzles -- probabilistic/guessing attack –Dont really need multiple sub-puzzles as paper suggests Too Contributions of paper u Introduces idea of client puzzles for on- the-fly resource access control
Puzzles not new (but client-puzzles are) u Puzzles have also been used for: –Controlling spam (DW94, BGJMM98) –Auditing server usage (FM97) –Time capsules (RSW96)
u How to define a puzzle? Search space vs. sequential workload u Can puzzle construction be improved? More to be done –Replace hash with, e.g., reduced-round cipher u Can puzzles be made to do useful work? –Yes. Jakobsson & Juels Bread Pudding