1 / 30

Client Puzzles

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories The Problem How to take down a restaurant Restauranteur Saboteur O.K., Mr. Smith Table for four at 8 o’clock. Name of Mr. Smith. Saboteur vs. Restauranteur

liam
Download Presentation

Client Puzzles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories

  2. The Problem

  3. How to take down a restaurant Restauranteur Saboteur

  4. O.K., Mr. Smith Table for four at 8 o’clock. Name of Mr. Smith. Saboteur vs. Restauranteur Restauranteur Saboteur

  5. Restauranteur No More Tables! Saboteur

  6. “TCP connection, please.” “TCP connection, please.” “O.K. Please send ack.” “O.K. Please send ack.” An example: TCP SYN flooding Buffer

  7. TCP SYN flooding has been deployed in the real world • Panix, mid-Sept. 1996 (WSJ, NYT) • New York Times, late Sept. 1996 • Others • Similar attacks may be mounted against e-mail, SSL, etc.

  8. Some defenses against connection depletion

  9. Client “Hello?” “Hello?” “Hello?” Throw away requests Server Buffer Problem: Legitimate clients must keep retrying

  10. Server Hi. My name is 10.100.16.126. Buffer IP Tracing (or Syncookies) Client Request Problems: • Can be evaded, particularly on, e.g., Ethernet • Does not allow for proxies, anonymity

  11. Server Client Buffer Digital signatures Problems: • Requires carefully regulated PKI • Does not allow for anonymity

  12. Client Connection timeout Server • Problem: Hard to achieve balance between security • and latency demands

  13. Our solution: client puzzles

  14. O.K., Mr. Smith O.K. Table for four at 8 o’clock. Name of Mr. Smith. Please solve this puzzle. ??? Intuition Restauranteur

  15. Intuition Suppose: • A puzzle takes an hour to solve • There are 40 tables in restaurant • Reserve at most one day in advance A legitimate patron can easily reserve a table, but:

  16. Intuition ??? ??? ??? ??? ??? ??? Would-be saboteur has too many puzzles to solve

  17. Client Service requestR O.K. The client puzzle protocol Server Buffer

  18. What does a puzzle look like?

  19. Puzzle basis: partial hash inversion pre-image X k bits ? partial-imageX’ hash ? image Y 160 bits Pair (X’, Y) is k-bit-hard puzzle

  20. Puzzle construction Server Client Service requestR Secret S

  21. Puzzle construction Puzzle Server computes: secretS timeT requestR hash pre-imageX hash imageY

  22. Puzzle properties • Puzzles are stateless • Puzzles are easy to verify • Hardness of puzzles can be carefully controlled • Puzzles use standard cryptographic primitives

  23. Where to use client puzzles?

  24. Some pros Avoids many flaws in other solutions, e.g.: • Allows for anonymous connections • Does not require PKI • Does not require retries -- even under heavy attack

  25. Practical application • Can use client-puzzles without special-purpose software • Key idea: Applet carries puzzle + puzzle-solving code • Where can we apply this? • SSL (Secure Sockets Layer) • Web-based password authentication

  26. Conclusions

  27. Too Contributions of paper • Introduces idea of client puzzles for on-the-fly resource access control • Puzzle and protocol description • Rigorous mathematical treatment of security using puzzles -- probabilistic/guessing attack • Don’t really need multiple sub-puzzles as paper suggests

  28. Puzzles not new (but client-puzzles are) • Puzzles have also been used for: • Controlling spam (DW94, BGJMM98) • Auditing server usage (FM97) • Time capsules (RSW96)

  29. Replace hash with, e.g., reduced-round cipher More to be done • How to define a puzzle? Search space vs. sequential workload • Can puzzle construction be improved? • Can puzzles be made to do useful work? • Yes. Jakobsson & Juels “Bread Pudding”

  30. Questions?

More Related