client puzzles l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Client Puzzles PowerPoint Presentation
Download Presentation
Client Puzzles

Loading in 2 Seconds...

play fullscreen
1 / 30

Client Puzzles - PowerPoint PPT Presentation


  • 439 Views
  • Uploaded on

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories The Problem How to take down a restaurant Restauranteur Saboteur O.K., Mr. Smith Table for four at 8 o’clock. Name of Mr. Smith. Saboteur vs. Restauranteur

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Client Puzzles' - liam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
client puzzles

Client Puzzles

A Cryptographic Defense Against Connection Depletion Attacks

Ari Juels and John Brainard

RSA Laboratories

how to take down a restaurant
How to take down a restaurant

Restauranteur

Saboteur

saboteur vs restauranteur

O.K.,

Mr. Smith

Table for four

at 8 o’clock.

Name of Mr. Smith.

Saboteur vs. Restauranteur

Restauranteur

Saboteur

slide5

Restauranteur

No More Tables!

Saboteur

an example tcp syn flooding

“TCP connection, please.”

“TCP connection, please.”

“O.K. Please send ack.”

“O.K. Please send ack.”

An example: TCP SYN flooding

Buffer

slide7
TCP SYN flooding has been deployed in the real world
    • Panix, mid-Sept. 1996 (WSJ, NYT)
    • New York Times, late Sept. 1996
    • Others
  • Similar attacks may be mounted against e-mail, SSL, etc.
throw away requests

Client

“Hello?”

“Hello?”

“Hello?”

Throw away requests

Server

Buffer

Problem: Legitimate clients must keep retrying

ip tracing or syncookies

Server

Hi. My name is

10.100.16.126.

Buffer

IP Tracing (or Syncookies)

Client

Request

Problems:

  • Can be evaded, particularly on, e.g., Ethernet
  • Does not allow for proxies, anonymity
digital signatures

Server

Client

Buffer

Digital signatures

Problems:

  • Requires carefully regulated PKI
  • Does not allow for anonymity
connection timeout

Client

Connection timeout

Server

  • Problem: Hard to achieve balance between security
  • and latency demands
intuition

O.K.,

Mr. Smith

O.K.

Table for four

at 8 o’clock.

Name of Mr. Smith.

Please solve this

puzzle.

???

Intuition

Restauranteur

intuition15
Intuition

Suppose:

  • A puzzle takes an hour to solve
  • There are 40 tables in restaurant
  • Reserve at most one day in advance

A legitimate patron can easily reserve a table,

but:

slide16

Intuition

???

???

???

???

???

???

Would-be saboteur has too many puzzles to solve

the client puzzle protocol

Client

Service requestR

O.K.

The client puzzle protocol

Server

Buffer

slide19

Puzzle basis: partial hash inversion

pre-image X

k bits

?

partial-imageX’

hash

?

image Y

160 bits

Pair (X’, Y) is k-bit-hard puzzle

slide20

Puzzle construction

Server

Client

Service requestR

Secret S

slide21

Puzzle construction

Puzzle

Server computes:

secretS

timeT

requestR

hash

pre-imageX

hash

imageY

puzzle properties
Puzzle properties
  • Puzzles are stateless
  • Puzzles are easy to verify
  • Hardness of puzzles can be carefully controlled
  • Puzzles use standard cryptographic primitives
some pros
Some pros

Avoids many flaws in other solutions, e.g.:

  • Allows for anonymous connections
  • Does not require PKI
  • Does not require retries -- even under heavy attack
practical application
Practical application
  • Can use client-puzzles without special-purpose software
    • Key idea: Applet carries puzzle + puzzle-solving code
  • Where can we apply this?
    • SSL (Secure Sockets Layer)
    • Web-based password authentication
slide27

Too

Contributions of paper

  • Introduces idea of client puzzles for on-the-fly resource access control
  • Puzzle and protocol description
  • Rigorous mathematical treatment of security using puzzles -- probabilistic/guessing attack
    • Don’t really need multiple sub-puzzles as paper suggests
puzzles not new but client puzzles are
Puzzles not new (but client-puzzles are)
  • Puzzles have also been used for:
    • Controlling spam (DW94, BGJMM98)
    • Auditing server usage (FM97)
    • Time capsules (RSW96)
more to be done

Replace hash with, e.g., reduced-round cipher

More to be done
  • How to define a puzzle? Search space vs. sequential workload
  • Can puzzle construction be improved?
  • Can puzzles be made to do useful work?
    • Yes. Jakobsson & Juels “Bread Pudding”