Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/50843
Title: Novel ways of authentication and identification of users in wireless networks
Authors: Koh, Jing Yang.
Keywords: DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
Issue Date: 2012
Abstract: Cryptographic client puzzles have been widely proposed for mitigating the rising denial-of-service (DoS) attacks in internet networks. It introduces a promising approach, fundamentally different from the classical DoS defence mechanisms. Users requesting for a web service must first solve a puzzle before being serviced by the server. There exists a variety of puzzle algorithms for such purposes but most of them will require a puzzle difficulty parameter to determine the amount of time needed by users to solve the puzzle. However, the important issue of how to set this puzzle difficulty value has yet to be completely addressed by researchers. Thus, in this project, we propose using a generic leaky bucket rate limiting queue mechanism to determine the puzzle difficulty according to a queue delay. Specifically, by manipulating the puzzle difficulty parameter adaptively, the proposed mechanism will allow the server to rate limit the amount of incoming requests that it will have to serve per unit time. As a result, the server will not be overloaded by requests, while a potential DoS attacker has to spend more resources and time to solve harder puzzles, reducing their rate of request. Our leaky bucket mechanism can be easily applied to most existing client puzzles but we applied it into two popular client puzzle algorithms, the hash reversal and repeated squaring puzzles. The hash reversal puzzle requires solvers to find a missing input pre-image given the hash output and a partial pre-image while the repeated squaring puzzle requires the computation of a fixed number of modular exponentiations. We then used the puzzles in the Transport Layer Security (TLS) protocol to provide DoS resistances. We compared the two puzzle schemes and demonstrated through the experiments and simulations that the latter together with our leaky bucket mechanism is more effective in mitigating DoS attempts as it ensures a lower server CPU load. Furthermore, repeated squaring puzzles have many desirable properties such as being non-parallelizable, provides finer granularity and does not unfairly penalize mobile device users much. Therefore, our leaky bucket mechanism can allow existing client puzzle schemes to fully utilize their puzzle difficulty parameter to provide better DoS resistances.
URI: http://hdl.handle.net/10356/50843
Schools: School of Computer Engineering 
Organisations: A*STAR Institute for Infocomm Research (I2R)
Research Centres: Centre for Multimedia and Network Technology 
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
SCE11-0412.pdf
  Restricted Access
2.03 MBAdobe PDFView/Open

Page view(s) 50

444
Updated on Jun 22, 2024

Download(s)

8
Updated on Jun 22, 2024

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.