Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related.

Published byMyrtle Smith Modified over 8 years ago

Similar presentations

Presentation on theme: "Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related."— Presentation transcript:

1 Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009)

2 Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related work Conclusion and future work

3 Introduction A denial of service (DoS) or a distributed denial of service (DDoS) attack is an attempt by malicious parties to prevent legitimate users from accessing a service, usually by depleting the resources of the server. The targeted resource of the attack can be bandwidth, CPU, memory, disk capacity, or combination of the above.

4 Introduction Cryptographic puzzles are proposed to defend against such denial of service attacks by better balancing the computational load of client and server. In a cryptographic puzzle scheme, a client is required to solve a cryptographic puzzle and submit the puzzle solution as proof of work before the server commits substantial resources to its request.

5 Introduction Cryptographic puzzles are first introduced by Dwork and Naor to combat junk e-mails. Resource disparity

6 Introduction In a hash reversal puzzle, a puzzle with difficulty d takes on average 2 d-1 hash operations to compute its solution. Say a server can handle 1000 requests per second, and a subset of clients have limited resources, and can perform 10 5 hash operations per second at maximum. Assuming these clients can spend at most 50% of their computational power on computing puzzles, then the server should allow at least 2 20 /0.5*10 5 = 20 seconds between sending a puzzle and receiving its solution, for a hash-reversal puzzle with difficulty d = 21.

7 Introduction An attacker with an ASIC designed for hash computation can perform 10 9 hash operations per second, so she can compute 20 sec /(2 20 /10 9 ) = 20,000 puzzles with the same difficulty during that 20-second period. This means an attacker with just one such ASIC component can easily overwhelm the server.

8 Introduction Guided tour puzzle Use the network round-trip delay as the unit work in the puzzle solving process, and require a client to complete a guided tour by visiting a predefined set of nodes, called tour guides, in a certain sequential visiting order.

9 Desired properties

Download ppt "Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related."

Similar presentations

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Small-world Overlay P2P Network

Small-world Overlay P2P Network
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.

Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.
You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.

You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
On Line Markets for Distributed Object Services: The MAJIC System Lior Levy, Liad Blumrosen and Noam Nisan The Hebrew University, Jerusalem Presented by.

On Line Markets for Distributed Object Services: The MAJIC System Lior Levy, Liad Blumrosen and Noam Nisan The Hebrew University, Jerusalem Presented by.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing Srikanth Kandula Dina Katabi, Matthias Jacob, and Arthur Berger.

Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing Srikanth Kandula Dina Katabi, Matthias Jacob, and Arthur Berger.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Similar presentations

Ads by Google