Defeating DDoS using productive puzzles

Mehmud Abliz, Taieb F. Znati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

In this paper, we present Productive Puzzles, a novel puzzle mechanism for defending against Distributed Denial of Service (DDoS) attacks. Productive puzzles aim to use tasks from real applications and services-as opposed to repetitive cryptographic computations that only serve the security purpose-as the work to be completed by the client, therefore making meaningful use of the client resources that would be wasted otherwise. We prove that tight bounds on the probability of successful cheating can be achieved by using only a small number of tasks in a productive puzzle. Hardness of productive puzzles is dynamically adjusted based on the server load and the cost of processing the client's request, consequently making it harder for adversaries to leverage expensive requests in their attacks. Furthermore, a novel cache algorithm is introduced to prevent the puzzle solution replay attack that is a common threat to all puzzle based DDoS defense mechanisms. We evaluate the effectiveness of the productive puzzle scheme in a realistic experimental environment, and show that it provides nearly optimal puzzle based defense against DDoS attacks.

Original languageEnglish
Title of host publicationICISSP 2015 - 1st International Conference on Information Systems Security and Privacy, Proceedings
EditorsEsma Aimeur, Christophe Bidan, Olivier Camp, Edgar Weippl
PublisherSciTePress
Pages114-123
Number of pages10
ISBN (Electronic)9789897580819
Publication statusPublished - 2015
Externally publishedYes
Event1st International Conference on Information Systems Security and Privacy, ICISSP 2015 - Angers, Loire Valley, France
Duration: Feb 9 2015Feb 11 2015

Publication series

NameICISSP 2015 - 1st International Conference on Information Systems Security and Privacy, Proceedings

Conference

Conference1st International Conference on Information Systems Security and Privacy, ICISSP 2015
Country/TerritoryFrance
CityAngers, Loire Valley
Period2/9/152/11/15

Keywords

  • Client-sourcing
  • Cryptographic puzzles
  • Denial of service
  • Productive puzzles
  • Proof-of-work

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems

Fingerprint

Dive into the research topics of 'Defeating DDoS using productive puzzles'. Together they form a unique fingerprint.

Cite this