Software puzzle: A countermeasure to resource-inflated denial-of-service attacks
Denial-of-service (DoS) and distributed DoS (DDoS) are among the major threats to cyber-security, and client puzzle, which demands a client to perform computationally expensive operations before being granted services from a server, is a well-known countermeasure to them. However, an attacker can in...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2015
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/2539 https://ink.library.smu.edu.sg/context/sis_research/article/3539/viewcontent/Software_puzzle_A_countermeasure_to_resource_inflated_denial_of_service_attacks.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-3539 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-35392020-01-15T02:46:35Z Software puzzle: A countermeasure to resource-inflated denial-of-service attacks WU, Yongdong ZHAO, Zhigang FENG, Bao DENG, Robert H. Denial-of-service (DoS) and distributed DoS (DDoS) are among the major threats to cyber-security, and client puzzle, which demands a client to perform computationally expensive operations before being granted services from a server, is a well-known countermeasure to them. However, an attacker can inflate its capability of DoS/DDoS attacks with fast puzzle-solving software and/or built-in graphics processing unit (GPU) hardware to significantly weaken the effectiveness of client puzzles. In this paper, we study how to prevent DoS/DDoS attackers from inflating their puzzle-solving capabilities. To this end, we introduce a new client puzzle referred to as software puzzle. Unlike the existing client puzzle schemes, which publish their puzzle algorithms in advance, a puzzle algorithm in the present software puzzle scheme is randomly generated only after a client request is received at the server side and the algorithm is generated such that: 1) an attacker is unable to prepare an implementation to solve the puzzle in advance and 2) the attacker needs considerable effort in translating a central processing unit puzzle software to its functionally equivalent GPU version such that the translation cannot be done in real time. Moreover, we show how to implement software puzzle in the generic server-browser model. 2015-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2539 info:doi/10.1109/TIFS.2014.2366293 https://ink.library.smu.edu.sg/context/sis_research/article/3539/viewcontent/Software_puzzle_A_countermeasure_to_resource_inflated_denial_of_service_attacks.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Software puzzle code obfuscation GPU programming distributed denial of service (DDoS) Computer Sciences Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Software puzzle code obfuscation GPU programming distributed denial of service (DDoS) Computer Sciences Information Security |
| spellingShingle |
Software puzzle code obfuscation GPU programming distributed denial of service (DDoS) Computer Sciences Information Security WU, Yongdong ZHAO, Zhigang FENG, Bao DENG, Robert H. Software puzzle: A countermeasure to resource-inflated denial-of-service attacks |
| description |
Denial-of-service (DoS) and distributed DoS (DDoS) are among the major threats to cyber-security, and client puzzle, which demands a client to perform computationally expensive operations before being granted services from a server, is a well-known countermeasure to them. However, an attacker can inflate its capability of DoS/DDoS attacks with fast puzzle-solving software and/or built-in graphics processing unit (GPU) hardware to significantly weaken the effectiveness of client puzzles. In this paper, we study how to prevent DoS/DDoS attackers from inflating their puzzle-solving capabilities. To this end, we introduce a new client puzzle referred to as software puzzle. Unlike the existing client puzzle schemes, which publish their puzzle algorithms in advance, a puzzle algorithm in the present software puzzle scheme is randomly generated only after a client request is received at the server side and the algorithm is generated such that: 1) an attacker is unable to prepare an implementation to solve the puzzle in advance and 2) the attacker needs considerable effort in translating a central processing unit puzzle software to its functionally equivalent GPU version such that the translation cannot be done in real time. Moreover, we show how to implement software puzzle in the generic server-browser model. |
| format |
text |
| author |
WU, Yongdong ZHAO, Zhigang FENG, Bao DENG, Robert H. |
| author_facet |
WU, Yongdong ZHAO, Zhigang FENG, Bao DENG, Robert H. |
| author_sort |
WU, Yongdong |
| title |
Software puzzle: A countermeasure to resource-inflated denial-of-service attacks |
| title_short |
Software puzzle: A countermeasure to resource-inflated denial-of-service attacks |
| title_full |
Software puzzle: A countermeasure to resource-inflated denial-of-service attacks |
| title_fullStr |
Software puzzle: A countermeasure to resource-inflated denial-of-service attacks |
| title_full_unstemmed |
Software puzzle: A countermeasure to resource-inflated denial-of-service attacks |
| title_sort |
software puzzle: a countermeasure to resource-inflated denial-of-service attacks |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2015 |
| url |
https://ink.library.smu.edu.sg/sis_research/2539 https://ink.library.smu.edu.sg/context/sis_research/article/3539/viewcontent/Software_puzzle_A_countermeasure_to_resource_inflated_denial_of_service_attacks.pdf |
| _version_ |
1770572517098913792 |