Puzzle-based Enhanced Capability Defense Technique

The Capability mechanism is well known for its effective defense against DoS attacks,but Denial-of-Capability(DoC) attacks may seriously compromise this defense effect.To tackle the problems of DoC attacks,a new scheme called Enhanced Capability Request(ECR) based on puzzle is proposed.Once the request channel is exhausted,capability-enabled routers will implement congestion-puzzle mechanisms to send puzzles to all clients requesting for riddling.All the clients are expected to solve the puzzles and attach answers to ECR packets which are to be validated by routers and then transferred if answers are correct.Simulation results show that the mechanism is effective in its defense performance,and it can allow legitimate users to acquire capabilities with high efficiencies even when malicious capabilities request packets are flooding the routers.