Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism
Keywords:Distributed Denial of Service Attacks (DDoS), Client Puzzle Mechanism, Cryptographic Puzzles, Authentication.
In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the serverâ€™s bandwidth and computing power are always greater than attackerâ€™s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The clientâ€™s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the clientâ€™s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.
 A. Juels and J. Brainard, â€œClient puzzles: A cryptographic countermeasure against connection depletion attacks,â€ in Proc. Netw. Distrib. Syst. Secur. Symp. 1999
 J. Green, J. Juen, O. Fatemieh, R. Shankesi, D. Jin, and C. A. Gunter â€œReconstructing Hash Reversal based Proof of Work Schemes,â€ in Proc. 4th USENIX Workshop Large-Scale Exploits Emergent Threats, 2011.
 E. Kaiser and W.-C. Feng â€œmod_kaPoW: Mitigating DoS with transparent proof-of-work,â€, in Proc. ACM CoNEXT Conf., 2007. https://doi.org/10.1145/1364654.1364737.
 Christos Douligeris, â€œDDoS attacks and defense mechanisms: classification and state-of-the-art,â€ Department of Informatics, University of Piraeus, 80 Karaoli and Dimitriou Str, Piraeus 18534, 13 October 2003.
 Qiang Tang* and Arjan Jeckmans, â€œTowards a security model for computational puzzle schemes,â€ International Journal of Computer Mathematics Vol. 88, No.11,pp. 2246â€“2257, July 2011. https://doi.org/10.1080/00207160.2010.543951.
 Yves Igor Jerschow Martin Mauve, â€œNon-Parallelizable and Non-Interactive Client Puzzles from Modular Square Rootsâ€, Institute of Computer Science, Heinrich Heine University, DÂ¨usseldorf, Germany.
 Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. In: Proceedings of Network and Distributed Systems Security Symposium, San Diego, California, USA, 2003, pp. 107â€“121 (February 2003)
 Dwork, C., Goldberg, A., Naor, M.: On memory-bound functions for fighting spam. In: Proceedings of the 23rd Annual International Cryptology Conference, pp. 426â€“444 (2003) https://doi.org/10.1007/978-3-540-45146-4_25.
 T. J. McNevin, J.-M. Park, and R. Marchany, â€œA DoS limiting network architecture,â€ Virginia Tech Univ., Dept. Elect. Comput. Eng., Blacksburg, VA, USA, Tech. Rep. TR-ECE-04-10, Oct. 2004.
 Sujata Doshi, Fabian Monrose, and Aviel D. Rubin Johns, â€œEfficient Memory Bound Puzzles Using Pattern Databasesâ€ J. Zhou, M. Yung, and F. Bao(Eds.): ACNS 2006, LNCS 3989, pp. 98â€“113, 2006. c Springer-Verlag Berlin Heidelberg 2006.
 Yongdong Wu, Zhigang Zhao, Feng Bao, and Robert H. Deng, â€ Software Puzzle: A Countermeasure to Resource-Inflated Denial-of-Service Attacks â€ Ieee Transactions On Information Forensics And Security, Vol. 10, No. 1, January 2015
 J. E. Smith and R. Nair, Virtual Machines: Versatile Platforms for Systems and Processes. San Mateo, CA, USA: Morgan Kaufmann, 2005, p. 19.
 J. Ansel et al., â€œLanguage-independent sandboxing of just-in-time compilation and self-modifying code,â€ in Proc. ACM SIGPLAN Conf. Program. Lang. Design Implement. 2011, pp. 355â€“366. https://doi.org/10.1145/1993498.1993540.
 H.-Y. Tsai, Y.-L. Huang, and D. Wagner, â€œA graph approach to quantitative analysis of control-flow obfuscating transformations,â€ IEEE Trans. Inf. Forensics Security, vol. 4, no. 2, pp. 257â€“267, Jun. 2009. https://doi.org/10.1109/TIFS.2008.2011077.
 D. Kahn, the Codebreakers: The Story of Secret Writing, 2nd ed. New York, NY, USA: Scribners, 1996, p. 235.
 X. Wang and M. K. Reiter, â€œMitigating bandwidth-exhaustion attacks using congestion puzzles,â€ in Proc. 11th ACM Conf. Comput. Commun. Secur, 2004, pp. 257â€“267. https://doi.org/10.1145/1030083.1030118.