Application Layer Attack - PowerPoint PPT Presentation

About This Presentation
Title:

Application Layer Attack

Description:

http://www.captcha.net/captcha_crypt.pdf. Other things you can do ... else: scan an old book, and show a word in the book along with one from CAPTCHA. ... – PowerPoint PPT presentation

Number of Views:127
Avg rating:3.0/5.0
Slides: 16
Provided by: zhen6
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Application Layer Attack


1
Application Layer Attack
2
DDoS
  • DDoS Distributed Denial of Service
  • Why would any one want to do this?
  • In some cases, for bringing down service of
    competitors, or for extortion money.

3
Application Layer Attack
  • There is a particular type of attack simply ask
    bots to send requests to the victim for large
    files.
  • Now, the victim, the server, has to send large
    files therefore the bandwidth is saturated and no
    more requests can be satisfied.

4
CAPTCHA
  • One way is to see if we can distinguish human
    from bots.
  • CAPTCHA -- Completely Automated Public Turing
    test to tell Computers and Humans Apart
  • Below is a picture from wiki

5
CAPTCHA
  • Was proposed by Luis von Ahn, Manuel Blum,
    Nicholas J. Hopper, and John Langford.
  • http//www.captcha.net/captcha_crypt.pdf

6
Other things you can do
  • With the CAPTCHA idea, they actually did
    something else scan an old book, and show a
    word in the book along with one from CAPTCHA.
  • You dont know which one is from where.
  • So while you login, you help the library to
    recognize words.

7
Problem with CAPTCHA
  • The problem is that you do not want to answer a
    CAPTCHA problem every 30 mins if you are watching
    a movie.

8
The other solution
  • Ask the client to solve a puzzle, basically
    asking the client to spend some resource before
    getting service.
  • Can you design some puzzles?

9
Puzzles
  • Some puzzles include
  • Finding a string such that the first k bits of
    its SHA-1 hash are 0.
  • By controlling k, you control the difficulty of
    the puzzle.
  • A problem is that this puzzle is biased toward
    clients with fast machines.

10
Memory-bound puzzles are better
  • Memory speed varies less significantly than CPU
    speed.
  • Forcing the client to do a lot of read from main
    memory.
  • How?

11
One memory bound puzzle
  • There is a one-to-one function F() that cannot be
    reversed.
  • Server started from x_0. x_i F(x_i-1).
  • Server sends x_k to the client. Ask him to return
    x_0.

12
Other solutions
  • Speak-up When system is in trouble, instead
    waiting to drown, you should speak up!
  • Meaning that you should also send a lot of
    requests.
  • The server serves the one with loudest voice.
  • From their 2006 sigcomm paper

13
Speak-up
  • Actually, every client has to pay the server some
    currency in the form of bandwidth.
  • The hope is that the clients have spare
    bandwidths but the attackers already have used up
    their bandwidths.
  • These dummy byes are a waste of resource.

14
What we are working on
  • Introducing p2p to DDoS defense.

15
A useful link
  • http//staff.washington.edu/dittrich/misc/ddos/
Write a Comment
User Comments (0)
About PowerShow.com