06-10-2016, 02:38 PM
DYNAMIC SCALABILITY AND DATA PREVENTION FROM INTRUDERS USING SOFTWARE PUZZLE TECHNIQUE
1458049048-DYNAMICSCALABILITYANDDATAPREVENTIONFROMINTRUDERSUSINGSOFTWAREPUZZLETECHNIQUE.docx (Size: 281.35 KB / Downloads: 3)
Abstract
Client puzzle, a well – known software puzzle is one of a counter measure to overcome Denial-of-service (DoS) and distributed DoS (DDoS) a major threat to cyber security. However, an attacker can overcome the capability of DoS/DDoS attacks with fast puzzle solving software and/or built-in graphics processing unit (GPU) hardware to significantly weaken the effectiveness of client puzzles. In this project a novel approach is proposed to prevent the Dos/DDos attackers from solving the puzzles effectively. In this the client puzzle is generated only when a client request is received but not in advance. So when a request is received an id along with some key is generated at the server side which is then mapped with puzzles in the client side. After mapping the puzzles are randomly generated in the client side based on the id. By doing this an attacker has no time to solve the puzzles in advance and also the attacker doesn’t require considerable effort in translating a central processing unit puzzle software. This is done in the client side itself but not in the server. This will reduce the time for generating the puzzle.
Introduction
Denial of Service (DoS) attacks and Distributed DoS (DDoS) attacks try to damage an online service’s resources such as network bandwidth, memory and computation power by outstanding the service with bogus requests. When client establishing connection with server needs a lot of CPU time to make SSL handshake. It may result an insufficient resources are left to providing services. In this case, conventional cryptographic tools do not enhance the availability of the services; in fact, they may reduce service quality due to expensive cryptographic operations. The seriousness of the DoS/DDoS problem and their increased frequency has led to the advent of numerous defense mechanisms [2]. In this paper, we are particularly excited in the countermeasures to DoS/DDoS attacks on server computation power. Client puzzle [3] is a well-known approach to increase the cost of clients as it pressure the clients to carry out heavy operations before being granted services. Generally, a client puzzle strategy consists of three steps: puzzle generation, puzzle solving by the client and puzzle verification by the server. Many of the system are existed which are using techniques like Timelock puzzle, client puzzle rather than this technology some other techniques also available like mod_kaPoW. So, this paper presenting an idea of Software puzzle which taking input as request from client, and process the step using software puzzle. Therefore, in either case, a client puzzle can significantly reduce the impact of DoS attack because it permit a server to spend much less time in handling the bulk of malicious requests. Server gives threshold value of client requests, if requests exceeds the threshold value then software puzzle is given to client. Otherwise requested client is a legitimate client operate it’stask normally. This paper not only classify the attack is DoS/DDoS and but also request type. Optimizing the puzzle verification mechanism is very important and doing so will undoubtedly improve the server’s performance.
RELATED WORKS
1) Client puzzles:
A cryptographic countermeasure against connection depletion attacks. In this paper, introduce a new approach that we refer to as the client puzzle protocol, the aim of which is to fight against connection depletion attacks. The idea is quite simple, when there is no witness of attack, a server accepts connections request normally, that is aimlessly. When a server comes under attack, it accepts connections selectively. In particular, the server gives to each client wishing to make a connection a unique client puzzle. A client puzzle is an quickly computable cryptographic problem formulated using the time, a server secret, and additional client request information. The server resource allocated to it for a connection, the client must submit to itself for a connection, the client must submit to the server a accurate solution to the puzzle it has been given. Client puzzle are deployed in union with conventional time-outs on server resources. Thus, while genuine client will experience only a small degradation in connection time when a server comes under attack, an attacker must have access to large computational resource to create breach in service. Cryptographic puzzles have been used for several task, such as fighting against junk e-mail, creating digital time capsules, and metering Web site usage.
2) Reconstructing Hash Reversal based Proof of Work Schemes
In this paper, elaborated an idea of Proof of Work (PoW) mechanisms, in which a server request that clients prove they have done work previously it commits resources to their requests. Most PoW mechanisms are puzzle-based techniques in which clients solve processing thorough puzzles. For instance, Hash Cashes are puzzle-based mechanisms that aim to prohibit an attacker from sending too much spam. As attacks use more resources, and therefore the puzzle difficulties increase, weaker legitimate clients may experience unacceptable requirements to obtain service. While computationally weaker clients would experience longer latencies during an attack, it would be extremely more functional than a protocol without the PoW based defense. Using Graphical Processing Units (GPUs) provides a powerful technique for launching resource inflation attacks. The attackers can use cheap and widely available GPUs to boost their ability to solve typical hash reversal based puzzles by a factor of more than 600. This paper is the calculation of Hash- Reversal PoW schemes in the presence of resource-inflated attackers. In this show that client-based adaptation is necessary for providing satisfactory service to genuine clients in this situation. Additionally, it show that an robust hash reversal PoW scheme based only on server load will fail to provide service, and can create a novel DoS attack against fair clients. Given these results, hash reversal PoW strategy proposed for DoS protection mechanisms should keep track of client behavior given the developing threat of GPGPU based attacks.
3) Time-lock puzzles and timed-release crypto.
This paper narrate the notion of timed-release crypto where the goal is to encrypt a message so that it can not be decrypted by anyone, not even the sender, until a prearranged amount of time has passed. The goal is to send information into the future. We study the problem of creating computational puzzles, called time-lock puzzles that require a precise amount of time to solve. The solution to the puzzle reveals a key that can be used to decrypt the encrypted information. This approach has the obvious problem of trying to make CPU time and real time agree as closely as possible but is nonetheless interesting. The more computational resources might be able to solve the time lock puzzle more quickly, by using large parallel computers. Another approach is the puzzle doesn’t automatically become solvable at a given time; slightly, a computer needs work continuously on the puzzle until it is solved.
4) mod_kaPoW:
Mitigating DoS with transparent proofof-work This paper described a approach of mod_kaPoW system that has the efficiency and human transparency of proof-of-work strategy and also having the software backwards compatibility. There are several disadvantages of using CAPTCHAs. One drawback is the user-interface problem they create; users with visual disabilities are unable to access content legitimately while natural users find it increasingly difficult to solve CAPTCHAs correctly as the images have become less readable in order to thwart sophisticated attacker that have developed automated solvers for simple CAPTCHAs. Another drawback is the static nature of the problems being given out. A proof-of-work scheme alters the operation of a network protocol so that a client must rebound their challenge along with a correct answer before being granted service. The challenge acts as a refine for clients based on their willingness to solve a computational task of varying difficulty. This paper describes the design, performance, and evaluation of a novel web based proof-ofwork system that provides the benefit of configurable PoW protocols in a portable manner. Unlike CAPTCHAs, the system is transparent to its users and supports backwards compatibility for traditional clients. The basic approach only requires changes to web servers and is similar to the URL rewriting approach employed by content-distribution networks such as Akamai. In the approach, the web server dynamically rewrites URL references by attaching a computational puzzle to them.
5) Proofs of work and bread pudding protocols
This paper introduces an idea of bread pudding protocol. Bread pudding is a dish that originated with the purpose of reusing bread that has gone stale. In the same manner, a bread pudding protocol to be reused by the verifier to achieve a separate, useful, and verifiable correct computation. In this paper, we deviate from the standard cryptographic aim of proving knowledge of a secret, or the truth of a mathematical statement. POW is a protocol not defined or treated formally, POWs have been defined as a mechanism for a number of security goals, including server access metering, construction of digital time capsules, uncheatable benchmarks and denial of service. This paper contribute bread pudding protocol to be a POW such that the computing effort invested in the proof may be harvested t achieve a separate, useful and verifiably correct computation. These POWs can serve in their own right as mechanisms for security protocols as well as harvested in order to outsource the MicroMint minting operation to a large group of untrusted computational devices.
PROBLEM DEFINITION
In the existing system the puzzles are generated from the server side but not in the client side. This will take a lot of time since a request has to send to the server and only then a reply will arrive.
Proposed
Existing system mainly concentrated on how to prevent DoS/DDoS attackers from inflating their puzzle-solving capabilities. It doesn’t give threshold value for client request handle at server side and never classify types of attack like DoD/DDoS nor kinds of requests. In proposed work, we consider threshold value of requests, types of attack as well as requests. The proposed system uses a randomly generated client solving puzzle from the client side to prevent the Dos/DDos attackers from solving the puzzles effectively. This is done in the client side itself to reduce the computing time.
Modules
Client Login
Whenever a new client enters he makes a request through client login. During client login a client puzzle will be generated randomly and only when the user solves the puzzle he will be allowed to get inside.
Response from server
For generating puzzle randomly an id along with some keys are generated in the server side and whenever a new request arrives the ids generated from the server will be sent to the client. These id is mapped with the puzzles in the client side.
Generation of puzzle in client side
Whenever a new client request arrives the puzzle will be generated in the client side itself. This is done by mapping the id from the server to the puzzle in the client.
Time Interval
The main aim of generating puzzle locally in the client side is to improve the performance there by reducing the time interval for the hacker to solve the puzzle in advance.
DYNAMIC SCALABILITY
Dynamic Scalability ensures elasticity, adding or removing resources as needed, thus enabling a variable cost model and the delivery of financial efficiency. This offers dynamic provisioning of resources in real-time adjusting for peak loads placed on applications, computing power, bandwidth and storage resources
Conclusion
As this complete paper narrate different methodology on software puzzle, but none of the methodology are seems to be perfect. So, this paper as bit introduce an idea of software puzzle which is generated by using fuzzy logic and decision tree, server send query to those client reaching above the threshold value in the warehouse. In this paper also classify the type of request as well as types of attacks that is DoS/DDoS.