New Client Puzzle Outsourcing Techniques for DoS Resistance

1
New Client Puzzle Outsourcing Techniques for DoS
Resistance

• Brent Waters, Stanford University
• Ari Juels, RSA Laboratories
• Alex Halderman, Princeton University
• Ed Felten, Princeton University

2
Client Puzzles

• DoS attack the attackers consume resources
  quickly
• May not be enough resources left for a regular
  client

Server
Attackers
User
3
Client Puzzles

• Client puzzles slow down an attacker by making
  him solve
• a moderately hard challenge before granting
  a resource
• Typically, partially invert a hash function

Server
Attackers
User
4
Client Puzzles

• Client Puzzles can potentially be used to protect
  many different kinds of resources
• Email SPAM DN92
• TCP SYN buffers JB99
• CPU on SSL connections JB99, DS02
• Database Queries
• Resource intensive queries
• DRM?
• IP packets

5
Shortcomings of Client Puzzles

• Puzzle-solving delay after user request
• User must wait for his machine to solve puzzle
• Is this a problem? JB99 show 1s delay for TCP
  syn buffer
• However, they do their analysis under 20
  attackers
• Lesson Delay depends upon number of attackers
  and scarcity of resource

6
Shortcomings of Client Puzzles

• 2) Server hash computation per submitted solution
• Hash overhead 1us computation time
• Typically small relative to resource given
• Attack by flooding server with incorrect
  solutions
• Impractical if protecting a low level service
  such as IP layer

7
Our Solution

• Outsource puzzle creation
• Puzzles created are independent of client or
  server using them
• Solve for access to channels on servers
• Assume internal routing structure is resistant to
  eavesdropping

8
Outsourcing Puzzles

• Bastion service distributes puzzles
• Global Service
• Bastion operation is independent of servers
• and clients using it
• ? Scalability

9
Outsourcing Puzzles

• Since puzzles are independent of bastion can use
  robust systems to distribute puzzles
• Leverage point

10
Solving for Channels

• Client solves for a random channel
• Next time period uses solved channel as solution
• Solution can be transformed to work on any server

11
Solving for Channels

• Client solves for a random channel
• Next time period uses solved channel as solution
• Solution can be transformed to work on any server

12
Solving for Channels

• Client solves for a random channel
• Next time period uses solved channel as solution
• Solution can be transformed to work on any server

Server A
Server B
13
Attackers and Channels

• Attacker can only get resources allotted to
  channels he has solved puzzles for

Attackers
Server A
PKA
14
Puzzle Construction

• N Channels
• P(x,d) Puzzle hiding x of difficulty d
• H Hash function
• xi Randomly chosen each iteration

15
Client and Server Operation

• Server
• Compute all N tokens for period j1
• Public key ga
• For all Xigxi compute Xia gaxi

• Client
• Solve puzzle for period j1
• Pick random channel
• Solve puzzle for channel

• Use solution computed during
• period j-1
• Have solution xi for channel i
• For server with public key Yga compute Yxi gaxi
  as token for channel i

• Use tokens computed during
• period j-1
• Request on channel i, do a quick comparison on
  token list
• Keep track of resources granted per channel

16
Key Points

• User does not wait for puzzle to be solved
• Bytestring comparison per claimed solution
• Primary bottleneck is of channels the server
  computes tokens for (exponentiations)
• Will improve as processor speeds increase
• Can give out Xi before Puz(xi,d)

17
An Example

• Time cycles of 20 minutes
• N20,000 channels
• 5 of a high end servers computing time
• Set puzzle difficulty so typical machine can have
  2 solutions
• 1,000 attackers with 1,000 solutions
• ? 1/10 of channels
• Regular user has 2 random channels each 10
  chance of being occupied by adversary ? 1 that
  both are occupied

18
Prototype Implementation

• Rate limits number of new TCP connections
• After SYN packet must wait n seconds before
  another on channel

Sends two previously computed tokens
HTTP Server to simulate Bastion
19
Flooding Attack Experiment

• Attacker submits several false solutions

20
Comparison to Traditional Client Puzzles

• Our Approach
• Proactive approach solves puzzles in preparation
• Uses resources when not under attack (server
  client)
• Solution is ready immediately for user request
• Bitstring comparison per claimed solution
• IP layer

• Traditional Client Puzzles
• Enter client puzzle operation in reaction to an
  attack

• User waits for client to solve
• Hash computation per claimed solution

21
Comparison to Traditional Client Puzzles

• Our Approach
• Use solutions at multiple protocols (e.g. TCP,
  SSL, Database queries)
• Number of channels available should increase as
  servers can do PK operations faster

• Traditional Client Puzzles
• Unclear how should manage protecting multiple
  protocols

22
Extensions

• Identity-Based server public keys
• More flexible number of channels per server
• Random Beacon for Bastion
• Loose universal puzzle property
• More efficient PK crypto
• Smaller key sizes (key life is shorter)

23
Conclusions

• Propose a new client puzzle outsourcing technique
  for protecting against DoS attacks
• Trade off extra average case effort in exchange
  for low-user delay and efficient solution
  verification

24
(No Transcript)