Type of Document Master's Thesis Author McNevin, Timothy John Author's Email Address email@example.com URN etd-04262005-104452 Title Mitigating Network-Based Denial-of-Service Attacks with Client Puzzles Degree Master of Science Department Electrical and Computer Engineering Advisory Committee
Advisor Name Title Park, Jung-Min Jerry Committee Chair Marchany, Randolph C. Committee Member Midkiff, Scott F. Committee Member Keywords
- Client puzzles
- Denial-of-Service countermeasures
- Distributed Denial-of-Service Attacks
- Denial-of-Service Attacks
Date of Defense 2005-04-15 Availability unrestricted AbstractOver the past few years, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have become more of a threat than ever. These attacks are aimed at denying or degrading service for a legitimate user by any means necessary. The need to propose and research novel methods to mitigate them has become a critical research issue in network security. Recently, client puzzle protocols have received attention as a method for combating DoS and DDoS attacks. In a client puzzle protocol, the client is forced to solve a cryptographic puzzle before it can request any operation from a remote server or host. This thesis presents the framework and design of two different client puzzle protocols: Puzzle TCP and Chained Puzzles.
Puzzle TCP, or pTCP, is a modification to the Transmission Control Protocol (TCP) that supports the use of client puzzles at the transport layer and is designed to help combat various DoS attacks that target TCP. In this protocol, when a server is under attack, each client is required to solve a cryptographic puzzle before the connection can be established. This thesis presents the design and implementation of pTCP, which was embedded into the Linux kernel, and demonstrates how effective it can be at defending against specific attacks on the transport layer.
Chained Puzzles is an extension to the Internet Protocol (IP) that utilizes client puzzles to mitigate the crippling effects of a large-scale DDoS flooding attack by forcing each client to solve a cryptographic problem before allowing them to send packets into the network. This thesis also presents the design of Chained Puzzles and verifies its effectiveness with simulation results during large-scale DDoS flooding attacks.
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access tjm_thesis.pdf 1.02 Mb 00:04:44 00:02:26 00:02:08 00:01:04 00:00:05
If you have questions or technical problems, please Contact DLA.