Game Theoretic Resistance to Denial of Service Attacks Using Hidden Difficulty Puzzles

Denial of Service (DoS) vulnerabilities are one of the major concerns in today’s internet. Client-puzzles offer a good mechanism to defend servers against DoS attacks. In this paper, we introduce the notion of hidden puzzle difficulty, where the attacker cannot determine the difficulty of the puzzle without expending a minimal amount of computational resource. We propose three concrete puzzles that satisfy this requirement. Using game theory, we show that a defense mechanism is more effective when it uses a hidden difficulty puzzle. Based on the concept of Nash equilibrium, we develop suitable defense mechanisms that are better than the existing ones.

[1]  Drew Fudenberg,et al.  The Folk Theorem in Repeated Games with Discounting or with Incomplete Information , 1986 .

[2]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[3]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[4]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[5]  Ari Juels,et al.  $evwu Dfw , 1998 .

[6]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[7]  Moon-Chuen Lee,et al.  A denial-of-service resistant public-key authentication and key establishment protocol , 2002, Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (Cat. No.02CH37326).

[8]  L. Buttyán,et al.  A Game Based Analysis of the Client Puzzle Approach to Defend Against DoS Attacks , 2003 .

[9]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[10]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[11]  Martin J. Osborne,et al.  An Introduction to Game Theory , 2003 .

[12]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[13]  Vitaly Shmatikov,et al.  Game-based analysis of denial-of-service prevention protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[14]  Wu-chi Feng,et al.  Design and implementation of network puzzles , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[15]  Anthony Ephremides,et al.  A game-theoretic analysis of denial of service attacks in wireless random access , 2007, 2007 5th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks and Workshops.

[16]  Jason Smith,et al.  Denial of service : prevention, modelling and detection , 2007 .

[17]  Afrand Agah,et al.  Preventing DoS Attacks in Wireless Sensor Networks: A Repeated Game Theory Approach , 2007, Int. J. Netw. Secur..

[18]  Colin Boyd,et al.  Toward Non-parallelizable Client Puzzles , 2007, CANS.

[19]  Jun-Jie Lv A game theoretic defending model with puzzle controller for distributed dos attack prevention , 2008, 2008 International Conference on Machine Learning and Cybernetics.

[20]  Carl A. Gunter,et al.  Using rhythmic nonces for puzzle-based DoS resistance , 2008, CSAW '08.

[21]  Sean W. Smith,et al.  Combating Spam and Denial-of-Service Attacks with Trusted Puzzle Solvers , 2008, ISPEC.

[22]  K. Komathy,et al.  Secure Data Forwarding against Denial of Service Attack Using Trust Based Evolutionary Game , 2008, VTC Spring 2008 - IEEE Vehicular Technology Conference.

[23]  Hideki Imai,et al.  A generic construction of useful client puzzles , 2009, ASIACCS '09.

[24]  Mehran S. Fallah A Puzzle-Based Defense Strategy Against Flooding Attacks Using Game Theory , 2010, IEEE Transactions on Dependable and Secure Computing.