Dropping Denial-Of-Service Attacks Using Software Puzzle

Denial-of-service (DoS) and distributed DoS (DDoS) are the major threats in cyber-security. As a countermeasure to such threats client puzzle scheme is implemented. The client puzzle demands a client to perform computationally expensive operations before being granted services to the client from a server. However, an attacker can inflate the capability of DoS/DDoS attacks with fast puzzle solving software and/or built-in graphics processing unit (GPU) hardware to significantly weaken the effectiveness of client puzzles. In order to prevent DoS/DDoS attackers from inflating the puzzle-solving capabilities, a new client puzzle referred to as software puzzle is implemented. Unlike the existing client puzzle schemes, which publish their puzzle algorithms in advance, a puzzle algorithm in the implemented software puzzle scheme is randomly generated only after a client request is received at the server side and the algorithm is generated such that: a) an attacker is unable to prepare an implementation to solve the puzzle in advance and b) the attacker needs considerable effort in translating a central processing unit puzzle software to its functionally equivalent GPU version such that the translation cannot be done in real time.