Trapdoor-based client puzzle

Trapdoor-based client puzzle





Web servers are faced with one of the most prevalent and mass destructive threat of Denial of service (DoS). DoS aims at depleting the resources of the target server thus obligating the victim incapable of offering integrated and stable services to legitimate clients. In this way, Denial of service shuts down a target server. In order to control the Denial of service attacks, client puzzle has been proposed for use in providing the required counter measures. However the traditional client puzzles have certain underlying drawbacks, thus there is need for introducing the trapdoor-based client puzzle in order to overcome these underlying drawbacks (Ordi, et al, 2015).

Literature Review

According to Chen, et al, (2009), the most important principles of network security are confidentiality, integrity, and authentication. However, all of these depend on the availability of the network service. Denial of service (DoS) attack always shut down a running target server thus destroying its service availability by exhausting its resources. To do away with the DoS attacks, different approaches have been proposed which includes router filtering, firewall, IP traceback, stateless protocols, and client puzzle among others.

Either Ordi, et al, (2015) argues that denial of service (DoS) attacks are of various kinds including SYN flooding where a client who is malicious uses imperfections of TCP/IP protocol to launch several uncompleted connection requests to a target server thus depleting all of the victim’s resources and making it unavailable to legitimate requests.

A new generation of DoS attack mode called Distribute Denial of Service (DDoS) has also been reported. DDoS is armed with virus and worms installed on a several computers within the network. It works by scanning a large number of networks and finding out the vulnerable hosts with weak defense against a malicious intrusion.

On the other hand, Dande, et al, (2014) is of the opinion that in protecting the server clients from Dos and DDoS, client puzzles can be used to help in controlling such dangers. Client puzzles are capable of confining and alleviating DoS and DDoS. Its idea is very simple. When the server client is suspected to be under an attack, it will send a small cryptographic puzzle to all the customers who are applying for a connection service before providing them with system resource. It’s the customer who correctly solves the puzzle whose request will proceed. When no denial of service attack alarm occurs, a defending server will accept and respond to the request of connection of the client as normal.

In the view of Vanryckeghem, (2007),  legitimate customers find it less expensive to compute puzzles whereas malicious attackers who attempt to seize the resources find it too much expensive to compute the puzzle. Furthermore, the cryptographic puzzle’s complexity can be adjusted by the server administrator depending on the strength of the attack that has been received.

Therefore, the aim of the client puzzle is to destroy DDOS/DoS attack by making all the suspected adversary to consume a reasonable resource for authentication before it begins to consume the resources of the defending server. However, even though client puzzle controls Dos/DDos attacks, it also has certain inadequacy. If a client requests for a service from the defending server, then the client has to install a small client-side program for the computation of the puzzle (Vanryckeghem, 2007).

In his research study, Gao,  (2005), established that the current countermeasures against DDoS/Dos attacks like SYN cookies, and IP tracebacks do not demand a modification to a defending server even though their disadvantages are inevitable. However, when compared to the client puzzles, these countermeasures do not assure service quality and protection of servers against DoS/DDoS attack effectively. Therefore, to make client puzzle more effective, the client has to install a puzzle solving software. This will be a new cryptographic puzzle that is based on a trapdoor mechanism (Dong, Li & Li, 2011).

Research Questions

Is trapdoor-based client puzzle computationally efficient and applicable to the existing internet protocol?

Is trapdoor-based client puzzle scheme more secure as compared to the client puzzle?

Research methods

In the first instance, the model in which the newly innovated trapdoor-based puzzle is exploited will be provided. After providing the model, the details of the trapdoor based client puzzle will be described. This will include how the trapdoor based puzzle is constructed, its diagram and the system description. Possible improvements to the trapdoor based puzzle will be discussed. Finally, the security proofs of the trapdoor based puzzle will be presented and a conclusion made.

Data collection and Data analysis

In coming up with the best trapdoor based puzzle, calculations will be done to obtain the puzzle solution pairs in advance, and store them in a secret table on a defending server before any time period begins. By doing this, enough data will be gathered on the size of table based on the capability of the connectivity of the defending server. This will help in determining time required by the defending server to store a solution for a reverse activity.

Summary of Contributions: This reverse activity will enable the server administrator to make the final decision on which resources to be utilized by the systems. It is this reverse activity that will enable prevention of DoS/DDoS attacks.


Leave a Reply