Author
|
Conference
|
Journal
|
Organization
|
Year
|
DOI
Look for results that meet for the following criteria:
since
equal to
before
between
and
Search in all domains
Limit my searches in the following domains
Agriculture Science
Arts & Humanities
Biology
Chemistry
Computer Science
Economics & Business
Engineering
Environmental Sciences
Geosciences
Material Science
Mathematics
Medicine
Physics
Social Science
Multidisciplinary
Keywords
(6)
Computer Crime
Denial of Service
Denial of Service Attack
Dos Attack
Optimal Solution
Web Service
Subscribe
Academic
Publications
Defending Web Services against Denial of Service Attacks Using Client Puzzles
Edit
Defending Web Services against Denial of Service Attacks Using Client Puzzles
BibTex
|
RIS
|
RefWorks
Download
Suriadi Suriadi
,
Douglas Stebila
,
Andrew Clark
,
Hua Liu
The interoperable and loosely-coupled web ser- vices architecture, while beneficial, can be resource-intensive, and is thus susceptible to
denial of service
(DoS) attacks in which an attacker can use a relatively insignificant amount of resources to exhaust the computational resources of a web service. We investigate the effectiveness of defending web services from DoS attacks using client puzzles, a cryptographic countermeasure which provides a form of gradual authenti- cation by requiring the client to solve some computationally difficult problems before access is granted. In particular, we describe a mechanism for integrating a hash-based puzzle into existing web services frameworks and analyze the effectiveness of the countermeasure using a variety of scenarios on a network testbed. Client puzzles are an effective defence against flooding attacks. They can also mitigate certain types of semantic-based attacks, although they may not be the optimal solution. Keywords-web services;
denial of service
attacks; client puzzles problem in web services. Recent work (5) shows that flooding attacks are still an effective way to exhaust a
web service
provider's CPU resources. Unfortunately, as discussed in Section VI, most existing work has not addressed the resource imbalance is- sue that is the key to successful flooding-based DoS attacks. Furthermore, most of the previously proposed mitigation strategies require additional separate components (outside of the web services realm) to be deployed in the runtime environment for their solutions to be effective. The work presented in this paper attempts to (1) rectify this resource imbalance by requiring clients to perform some work to arrive at a puzzle solution to prove their legitimate intention in requesting services, and (2) provide a DoS mitigation capability that can be integrated into any existing web services applications without the need for additional components or infrastructure outside of the web services application's realm, similar to how the WS-Security standard provides an integrated confidentiality, integrity, and some authenticity protection in web services applications themselves. We do not claim that the proposed solution can be used to mitigate all types of DoS attacks; rather, the proposed solution can mitigate some DoS attacks and can be integrated seamlessly with existing web services platforms. Contributions: The main contribution of this paper is the study of the effectiveness of client-puzzles as an integrated built-in DoS defence mechanism for two main types of DoS attacks: flooding attacks and semantic attacks. While client puzzles should theoretically be an effective DoS defence mechanism, the complexities of existing web services plat- forms may introduce overheads which could render the client puzzles protection ineffective. Therefore, it is important that we validate the theoretical effectiveness of client puzzles through experiments. To our knowledge, this is the first time that client puzzles have been used as a DoS defence mechanism in web services. We implemented a hash-based cryptographic client puzzle in both .NET WCF- and Java Metro-based web services. We conducted several experiments which show that, despite the complexities often associated with web services tech- nologies, the minimal overhead needed to verify a client's puzzle solution enables this technique to be an effective defence mechanism against flooding attacks. In particular, it is useful to protect web services applications whose
Conference:
International Conference on Web Services - ICWS
, 2011
DOI:
10.1109/ICWS.2011.22
Cumulative
Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
(
ieeexplore.ieee.org
)
(
ieeexplore.ieee.org
)
References
(17)
A survey of attacks on web services
(
Citations: 9
)
Meiko Jensen
,
Nils Gruschka
,
Ralph Herkenhoener
Journal:
Informatik - Forschung Und Entwicklung - IFE
, vol. 24, no. 4, pp. 185-197, 2009
Preventing Service Oriented Denial of Service (PreSODoS): A Proposed Approach
(
Citations: 6
)
Srinivas Padmanabhuni
,
Vineet Singh
,
K. M. Senthil Kumar
,
Abhishek Chatterjee
Conference:
International Conference on Web Services - ICWS
, pp. 577-584, 2006
Validating Denial of Service Vulnerabilities in Web Services
(
Citations: 1
)
Suriadi Suriadi
,
Andrew Clark
,
Desmond Schmidt
Conference:
International Conference on Network and System Security - NSS
, 2010
Pricing via Processing or Combatting Junk Mail
(
Citations: 309
)
Cynthia Dwork
,
Moni Naor
Conference:
International Crytology Conference - CRYPTO
, pp. 139-147, 1992
Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks
(
Citations: 199
)
Ari Juels
,
John G. Brainard
Conference:
Network and Distributed System Security Symposium - NDSS
, 1999