Denial Of Service Resilience Research Articles

Hybrid cryptography-based scheme with conditional privacy-preserving authentication and memory-based DOS resilience in V2X

To secure Vehicle-to-everything (V2X) communications, many Conditional Privacy-Preserving Authentication schemes (CPPA) use symmetric and asymmetric encryption during the authentication process. However, several existing schemes have some security limitations regarding VANET requirements. In many symmetric cryptography-based schemes, the participants are required to share the same keys which could compromise the security of the network in case the key of one participant is compromised, while many asymmetric cryptography-based schemes take much time during the authentication process, and don't address the denial-of-service attack. In this paper, we propose a certificateless scheme that does not require a certificate and prevents the escrow problem. Plus, it uses the elliptic curve cryptography and avoids bilinear pairing and Map-to-Hash functions. We call our scheme Hybrid Cryptography-Based Scheme with a Conditional Privacy-Preserving Authentication (HCBS-CPPA), as it uses both symmetric and asymmetric cryptography during the authentication process. Our scheme combines the strength of an asymmetric encryption that satisfies non-repudiation, and the strength of a symmetric encryption that allows to perform a lightweight authentication. In addition, we show that our scheme is resilient to memory-based Denial of Service (DOS) attack which occurs when an attacker floods the memory of a receiver with invalid messages. A security proof shows that HCBS-CPPA is secure in the random oracle. Regarding the simulation of our scheme, it turns out that HCBS-CPPA has the best performance when compared with several existing certificateless schemes. Additionally, it requires less execution time during the signing and verification process, as well as less communication overhead when compared to the existing schemes.

Cryptographic puzzles and DoS resilience, revisited

Cryptographic puzzles (or client puzzles) are moderately difficult problems that can be solved by investing non-trivial amounts of computation and/or storage. Devising models for cryptographic puzzles has only recently started to receive attention from the cryptographic community as a first step toward rigorous models and proofs of security of applications that employ them (e.g. Denial-of-Service (DoS) resistance). Unfortunately, the subtle interaction between the complex scenarios for which cryptographic puzzles are intended and typical difficulties associated with defining concrete security easily leads to flaws in definitions and proofs. Indeed, as a first contribution we exhibit shortcomings of the state-of-the-art definition of security of cryptographic puzzles and point out some flaws in existing security proofs. The main contribution of this paper are new security definitions for puzzle difficulty. We distinguish and formalize two distinct flavors of puzzle security which we call optimality and fairness and in addition, properly define the relation between solving one puzzle versus solving multiple ones. We demonstrate the applicability of our notions by analyzing the security of two popular puzzle constructions. We briefly investigate existing definitions for the related notion of security against DoS attacks. We demonstrate that the only rigorous security notion proposed to date is not sufficiently demanding (as it allows to prove secure protocols that are clearly not DoS resistant) and suggest an alternative definition. Our results are not only of theoretical interest: the better characterization of hardness for puzzles and DoS resilience allows establishing formal bounds on the effectiveness of client puzzles which confirm previous empirical observations. We also underline clear practical limitations for the effectiveness of puzzles against DoS attacks by providing simple rules of thumb that can be easily used to discard puzzles as a valid countermeasure for certain scenarios.

Robust password changing and DoS resilience for human‐centric password authentication

ABSTRACTIn password‐based or two‐factor (password and smart card) authentications, password changing is one of common techniques used to improve the security of the systems protected by the password. However, the password‐changing operations in existing password authentications either depend on the login phase or violate the common practice that an old password should not be valid for subsequent login after being updated. On the other hand, password mistyping is very common in reality, which may be random or be skewed by the adversary via technical means or social engineering manipulation [i.e., a kind of denial‐of‐service (DoS) attack]. In human‐centric authentication mechanisms, password changing and DoS resilience are not marginal issues. The paper addresses the requirements of robust password changing in authentication and presents , a password authentication scheme with robust password changing, DoS resilience, and card‐compromise security. Thus, the proposal can be viewed as a suitable candidate instantiation for authentication services of human‐centric security, by embedding in the computer and software systems. also achieves other appealing features, such as self‐healing ability and strong privacy protection, which may be useful for human‐centric applications. Copyright © 2013 John Wiley & Sons, Ltd.