Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots

Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A well-known countermeasure against DoS attacks are client puzzles. The victimized server demands from the clients to commit computing resources before it processes their requests. To get service, a client must solve a cryptographic puzzle and submit the right solution. Existing client puzzle schemes have some drawbacks. They are either parallelizable, coarse-grained or can be used only interactively. In case of interactive client puzzles where the server poses the challenge an attacker might mount a counterattack on the clients by injecting fake packets containing bogus puzzle parameters. In this paper we introduce a novel scheme for client puzzles which relies on the computation of square roots modulo a prime. Modular square root puzzles are non-parallelizable, i.e., the solution cannot be obtained faster than scheduled by distributing the puzzle to multiple machines or CPU cores, and they can be employed both interactively and non-interactively. Our puzzles provide polynomial granularity and compact solution and verification functions. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 GBit networks. In addition, we show how to raise the efficiency of our puzzle scheme by introducing a bandwidth-based cost factor for the client.

[1]  Srdjan Capkun,et al.  BAP: Broadcast Authentication Using Cryptographic Puzzles , 2007, ACNS.

[2]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[3]  Daisuke Suzuki,et al.  How to Maximize the Potential of FPGA Resources for Modular Exponentiation , 2007, CHES.

[4]  Colin Boyd,et al.  Toward Non-parallelizable Client Puzzles , 2007, CANS.

[5]  Kireeti Kompella,et al.  Using smoothness to achieve parallelism , 1988, STOC '88.

[6]  Michael Walfish,et al.  DDoS defense by offense , 2006, TOCS.

[7]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[8]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[9]  Tim Güneysu,et al.  Exploiting the Power of GPUs for Asymmetric Cryptography , 2008, CHES.

[10]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[11]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[12]  J. Ward,et al.  Book Review: Proceedings of the Third International Conference on Spectral and High Order Methods@@@Book Review: An introduction to computational geometry for curves and surfaces@@@Book Review: The mathematics of surfaces@@@Book Review: Algorithmic number theory, Volume I: Efficient algorithms , 1998 .

[13]  M. McLoone,et al.  Fast Montgomery modular multiplication and RSA cryptographic processor architectures , 2003, The Thrity-Seventh Asilomar Conference on Signals, Systems & Computers, 2003.

[14]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[15]  Wilfried N. Gansterer,et al.  Enhancing ZRTP by using Computational Puzzles , 2008, J. Univers. Comput. Sci..

[16]  Ghassan O. Karame,et al.  Low-Cost Client Puzzles Based on Modular Exponentiation , 2010, ESORICS.

[17]  Wu-chi Feng,et al.  Design and implementation of network puzzles , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[18]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[19]  John Waldron,et al.  Efficient Acceleration of Asymmetric Cryptography on Graphics Hardware , 2009, AFRICACRYPT.

[20]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[21]  J. Sorenson A Sublinear-Time Parallel Algorithm for Integer Modular Exponentiation , 1999 .

[22]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[23]  Richard J. Lipton,et al.  Towards uncheatable benchmarks , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[24]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[25]  Fabian Monrose,et al.  Efficient Memory Bound Puzzles Using Pattern Databases , 2006, ACNS.

[26]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[27]  Ari Juels,et al.  $evwu Dfw , 1998 .

[28]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[29]  Wenbo Mao Timed-Release Cryptography , 2001, Selected Areas in Cryptography.

[30]  Martin Mauve,et al.  Offline Submission with RSA Time-Lock Puzzles , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[31]  Michael K. Reiter,et al.  Mitigating bandwidth-exhaustion attacks using congestion puzzles , 2004, CCS '04.

[32]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[33]  Ryuichi Harasawa,et al.  A remark on the computation of cube roots in finite fields , 2009, IACR Cryptol. ePrint Arch..

[34]  Martin Mauve,et al.  Counter-Flooding: DoS Protection for Public Key Handshakes in LANs , 2009, 2009 Fifth International Conference on Networking and Services.

[35]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[36]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .