Security Notions and Generic Constructions for Client Puzzles

By a computational puzzle we mean a mildly difficult computational problem that requires resources (processor cycles, memory, or both) to solve. Puzzles have found a variety of uses in security. In this paper we are concerned with client puzzles : a type of puzzle used as a defense against Denial of Service (DoS) attacks. The main contribution of this paper is a formal model for the security of client puzzles.We clarify the interface that client puzzles should offer and give two security notions for puzzles. Both functionality and security are inspired by, and tailored to, the use of puzzles as a defense against DoS attacks.Our definitions fill an important gap: breaking either of the two properties immediately leads to successful DoS attacks. We illustrate this point with an attack against a previously proposed puzzle construction.We also provide a generic construction of a client puzzle which meets our security definitions.

[1]  Bogdan Groza,et al.  On Chained Cryptographic Puzzles , 2006 .

[2]  Geraint Price A General Attack Model on Hash-Based Client Puzzles , 2003, IMACC.

[3]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..

[4]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[5]  Pekka Nikander,et al.  Host Identity Protocol , 2008, RFC.

[6]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[7]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[8]  Ari Juels,et al.  $evwu Dfw , 1998 .

[9]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[10]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[11]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[12]  Ran Canetti,et al.  Hardness Amplification of Weakly Verifiable Puzzles , 2005, TCC.

[13]  Yuval Ishai,et al.  Basing Weak Public-Key Cryptography on Strong One-Way Functions , 2008, TCC.

[14]  Russell Impagliazzo,et al.  Limits on the Provable Consequences of One-way Permutations , 1988, CRYPTO.

[15]  Yi Gao,et al.  Efficient trapdoor-based client puzzle system against DoS attacks , 2005 .

[16]  Liqun Chen,et al.  An Auditable Metering Scheme for Web Advertisement Applications , 2001, ISC.

[17]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[18]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[19]  A. Juels,et al.  PROOFS OF WORK AND BREAD PUDDING PROTOCOLS (EXTENDED ABSTRACT) , 1999 .

[20]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[21]  Angelos D. Keromytis,et al.  Just fast keying: Key agreement in a hostile internet , 2004, TSEC.

[22]  Ruby B. Lee,et al.  Remote Denial of Service Attacks and Countermeasures , 2001 .

[23]  Catherine A. Meadows,et al.  A Cost-Based Framework for Analysis of Denial of Service Networks , 2001, J. Comput. Secur..

[24]  Phillip Rogaway,et al.  Formalizing Human Ignorance , 2006, VIETCRYPT.

[25]  Srdjan Capkun,et al.  BAP: Broadcast Authentication Using Cryptographic Puzzles , 2007, ACNS.

[26]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[27]  Colin Boyd,et al.  Toward Non-parallelizable Client Puzzles , 2007, CANS.

[28]  Jason Smith,et al.  Modelling denial of service attacks on JFK with Meadows's cost-based framework , 2006, ACSW.

[29]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[30]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.