Title page for ETD etd-04262005-104452


Type of Document Master's Thesis
Author McNevin, Timothy John
Author's Email Address tmcnevin@vt.edu
URN etd-04262005-104452
Title Mitigating Network-Based Denial-of-Service Attacks with Client Puzzles
Degree Master of Science
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Park, Jung-Min Jerry Committee Chair
Marchany, Randolph C. Committee Member
Midkiff, Scott F. Committee Member
Keywords
  • Client puzzles
  • Denial-of-Service countermeasures
  • Distributed Denial-of-Service Attacks
  • Denial-of-Service Attacks
Date of Defense 2005-04-15
Availability unrestricted
Abstract
Over the past few years, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have become more of a threat than ever. These attacks are aimed at denying or degrading service for a legitimate user by any means necessary. The need to propose and research novel methods to mitigate them has become a critical research issue in network security. Recently, client puzzle protocols have received attention as a method for combating DoS and DDoS attacks. In a client puzzle protocol, the client is forced to solve a cryptographic puzzle before it can request any operation from a remote server or host. This thesis presents the framework and design of two different client puzzle protocols: Puzzle TCP and Chained Puzzles.

Puzzle TCP, or pTCP, is a modification to the Transmission Control Protocol (TCP) that supports the use of client puzzles at the transport layer and is designed to help combat various DoS attacks that target TCP. In this protocol, when a server is under attack, each client is required to solve a cryptographic puzzle before the connection can be established. This thesis presents the design and implementation of pTCP, which was embedded into the Linux kernel, and demonstrates how effective it can be at defending against specific attacks on the transport layer.

Chained Puzzles is an extension to the Internet Protocol (IP) that utilizes client puzzles to mitigate the crippling effects of a large-scale DDoS flooding attack by forcing each client to solve a cryptographic problem before allowing them to send packets into the network. This thesis also presents the design of Chained Puzzles and verifies its effectiveness with simulation results during large-scale DDoS flooding attacks.

Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  tjm_thesis.pdf 1.02 Mb 00:04:44 00:02:26 00:02:08 00:01:04 00:00:05

Browse All Available ETDs by ( Author | Department )

dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.