Masters of Computer Science by Reasearch
School of Information Technology and Computer Science - Faculty of Informatics
Gao, Yi, Efficient trapdoor-based client puzzle system against DoS attacks, M.Comp.Sc thesis, School of Information Technology and Computer Science, University of Wollongong, 2005. http://ro.uow.edu.au/theses/331
Denial of service (DoS) and distributed denial of service (DDoS) are serious threats to computer networks. DoS and DDoS attacks aim to shut down a target server by depleting its resources and rendering it incapable of offering stable and integrated service to legitimate clients. Preventing DoS and DDoS attacks is a difficult task. A promising countermeasure against DoS attacks is the Client Puzzle method, which nevertheless faces a number of challenges, such as the complexity of puzzle construction and solution verification. Our research focuses on exploring novel puzzle constructions to satisfy the high demands of DoS defence in practice. In this thesis, we first identify the underlying weaknesses of existing client puzzles. To mitigate these vulnerabilities, we recommend the necessary requirements for good client puzzles. Based on this, we propose a new model for puzzle distribution, called the Trapdoor-based Client Puzzle System (TCPS). Two specific schemes are presented to construct puzzles within TCPS. We depict these two schemes, where each trapdoor algorithm is applied respectively. Both schemes have two distinct features: the computational overheads are low, and the difficulty level of puzzles is measurable. Moreover, both puzzle schemes are provably secure under traditional hard problems in mathematics. Our contribution to client puzzle defence against DoS attacks can be summarised as follows: * Identify the shortcomings of existing client puzzles. * Recommend the requirements of good client puzzles. * Formally define the Trapdoor-based Client Puzzle System, along with strict security conditions. * Propose a client puzzle scheme whose security is based on the RSA Assumption. Effectiveness and security are analysed and proven. * Propose a second client puzzle scheme whose security is based on the Discrete Logarithm Problem (DLP). Similarly, effectiveness and security are also analysed. * Provide a possible configuration for system parameters. * Discuss further possible attacks and their solutions. As our research is carried out in DoS attack scenarios, we also introduce this technical background before our achievements are presented.