DISPUTE: Distributed puzzle tussle

Distributed Denial of Service (DDoS) attack continues to be one of the main vulnerabilities of today's Internet. Client's puzzle mechanism is a well-known solution against such threat, however with badly tuned puzzle sizes it may harm the clients in the peaceful time, as well as produce additional difficulties during an attack. Here, we introduce a novel algorithm — DISPUTE — auto-tunable distributed puzzle mechanism with variable puzzle sizes. Main feature of it is that the server does not need to adjust any puzzle sizes, instead the clients during the “fight for” server resources find some form of equilibrium situation on the server side. We describe the algorithm and show the DISPUTE's performance using a simulation tool. The results suggest that regular (laptop) users, as well as light (sensor) users can successfully access a server even during a heavy DDoS attack.

[1]  Andrey Khurri,et al.  Performance of host identity protocol on lightweight hardware , 2007, MobiArch '07.

[2]  Tuomas Aura DOS-Resistant Authentication with Client Puzzles (Transcript of Discussion) , 2000, Security Protocols Workshop.

[3]  Scott Shenker,et al.  Internet indirection infrastructure , 2002, SIGCOMM 2002.

[4]  Michael Walfish,et al.  DDoS defense by offense , 2006, TOCS.

[5]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[6]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM '07.

[7]  Michael Walfish,et al.  DDoS defense by offense , 2006, SIGCOMM 2006.

[8]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[9]  Scott Shenker,et al.  Internet indirection infrastructure , 2004, TNET.

[10]  E. Maasland,et al.  Auction Theory , 2021, Springer Texts in Business and Economics.

[11]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[12]  Kevin Barraclough,et al.  I and i , 2001, BMJ : British Medical Journal.

[13]  Andrei Gurtov Host Identity Protocol (HIP): Towards the Secure Mobile Internet , 2008 .

[14]  W. Marsden I and J , 2012 .

[15]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[16]  Ari Juels,et al.  $evwu Dfw , 1998 .

[17]  Andrei V. Gurtov,et al.  Playing Defense by Offense: Equilibrium in the DoS-attack problem , 2010, The IEEE symposium on Computers and Communications.