Revisiting Client Puzzles for State Exhaustion Attacks Resilience

Mohammad A. Noureddine, Ahmed M. Fawaz, Amanda Hsu, Cody Guldner, Sameer Vijay, Tamer Basar, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we address the challenges facing the adoption of client puzzles as a means to protect the TCP connection establishment channel from state exhaustion DDoS attacks. We model the problem of selecting the puzzle difficulties as a Stackelberg game with the server as the leader and the clients as the followers and obtain the equilibrium solution for the puzzle difficulty. We then present an implementation of client puzzles inside the TCP stack of the Linux 4.13.0 kernel. We evaluate the performance of our implementation and the obtained solution against a range of attacks through reproducible experiments on the DETER testbed. Our results show that client puzzles are effective at boosting the tolerance of the TCP handshake channel to state exhaustion DDoS attacks by rate limiting malicious attackers while allocating resources for legitimate clients.

Original languageEnglish (US)
Title of host publicationProceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages617-629
Number of pages13
ISBN (Electronic)9781728100562
DOIs
StatePublished - Jun 2019
Event49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 - Portland, United States
Duration: Jun 24 2019Jun 27 2019

Publication series

NameProceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019

Conference

Conference49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
CountryUnited States
CityPortland
Period6/24/196/27/19

Keywords

  • Denial of Service Attacks
  • Proof-of-Work
  • Stackelberg Games
  • TCP

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Revisiting Client Puzzles for State Exhaustion Attacks Resilience'. Together they form a unique fingerprint.

  • Cite this

    Noureddine, M. A., Fawaz, A. M., Hsu, A., Guldner, C., Vijay, S., Basar, T., & Sanders, W. H. (2019). Revisiting Client Puzzles for State Exhaustion Attacks Resilience. In Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 (pp. 617-629). [8809536] (Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2019.00067