DocumentCode
3244269
Title
Using Client Puzzles to Mitigate Distributed Denial of Service Attacks in the Tor Anonymous Routing Environment
Author
Fraser, N.A. ; Kelly, D.J. ; Raines, R.A. ; Baldwin, Rusty O. ; Mullins, Barry E.
Author_Institution
Air Force Inst. of Technol., Dayton
fYear
2007
fDate
24-28 June 2007
Firstpage
1197
Lastpage
1202
Abstract
A novel client puzzle protocol, the memoryless puzzle protocol (MPP), is proposed and investigated. The goal is to show that MPP is a viable solution for mitigating distributed denial-of-service (DDoS) attacks in an anonymous routing environment. One such environment, Tor, provides anonymity for interactive Internet services. However, Tor relies on the transport layer security (TLS) protocol, making it vulnerable to distributed denial-of-service (DDoS) attacks. Although client puzzles are often proposed as a solution to denial-of-service attacks, this research is the first to explore TLS DDoS attack mitigation in the Tor anonymous routing environment. Using the MPP, the central processing unit (CPU) utilization and user-data latency measures are analyzed under four increasing DDoS attack intensities and four different puzzle probability distribution levels. For results, typical CPU utilization rates of 80-100% drop to below 70% signifying successful mitigation. Furthermore, even if a client only has a 30% chance of receiving a puzzle or the maximum puzzle strength is used, MPP effectively mitigates attacks. Finally, user-data latency decreases approximately 50% under large-scale attacks. Hence, the MPP is a suitable solution for increasing the robustness and reliability of Tor.
Keywords
Internet; probability; routing protocols; telecommunication security; telecommunication services; anonymous routing environment; central processing unit; client puzzle protocol; distributed denial of service attacks; interactive Internet services; large-scale attacks; memoryless puzzle protocol; probability distribution levels; transport layer security protocols; user-data latency measures; Central Processing Unit; Computer crime; Delay; Large-scale systems; Probability distribution; Robustness; Routing; Security; Transport protocols; Web and internet services;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications, 2007. ICC '07. IEEE International Conference on
Conference_Location
Glasgow
Print_ISBN
1-4244-0353-7
Type
conf
DOI
10.1109/ICC.2007.203
Filename
4288874
Link To Document