Publication Type

Journal Article

Version

acceptedVersion

Publication Date

1-2015

Abstract

Denial-of-service (DoS) and distributed DoS (DDoS) are among the major threats to cyber-security, and client puzzle, which demands a client to perform computationally expensive operations before being granted services from a server, is a well-known countermeasure to them. However, an attacker can inflate its capability of DoS/DDoS attacks with fast puzzle-solving software and/or built-in graphics processing unit (GPU) hardware to significantly weaken the effectiveness of client puzzles. In this paper, we study how to prevent DoS/DDoS attackers from inflating their puzzle-solving capabilities. To this end, we introduce a new client puzzle referred to as software puzzle. Unlike the existing client puzzle schemes, which publish their puzzle algorithms in advance, a puzzle algorithm in the present software puzzle scheme is randomly generated only after a client request is received at the server side and the algorithm is generated such that: 1) an attacker is unable to prepare an implementation to solve the puzzle in advance and 2) the attacker needs considerable effort in translating a central processing unit puzzle software to its functionally equivalent GPU version such that the translation cannot be done in real time. Moreover, we show how to implement software puzzle in the generic server-browser model.

Keywords

Software puzzle, code obfuscation, GPU programming, distributed denial of service (DDoS)

Discipline

Computer Sciences | Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Information Forensics and Security

Volume

10

Issue

1

First Page

168

Last Page

177

ISSN

1556-6013

Identifier

10.1109/TIFS.2014.2366293

Publisher

IEEE

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TIFS.2014.2366293

Download

Share

COinS