Author
Jussipekka Leiwo
Bio: Jussipekka Leiwo is an academic researcher from VU University Amsterdam. The author has contributed to research in topics: Security policy & Cryptography. The author has an hindex of 5, co-authored 8 publications receiving 554 citations.
Papers
More filters
03 Apr 2000
TL;DR: In this paper, the authors show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent denial of service by server resource exhaustion in open communications networks.
Abstract: Denial of service by server resource exhaustion has become a major security threat in open communications networks. Public-key authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a server's memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks.
409 citations
22 Aug 2000
TL;DR: A number of protocol design principles are identified essential in designing network denial of service resistant protocols, and examples provided on applying the principles.
Abstract: Networked and distributed systems have introduced a new significant threat to the availability of data and services: network denial of service attacks. A well known example is the TCP SYN flooding. In general, any statefull handshake protocol is vulnerable to similar attacks. This paper examines the network denial of service in detail and surveys and compares different approaches towards preventing the attacks. As a conclusion, a number of protocol design principles are identified essential in designing network denial of service resistant protocols, and examples provided on applying the principles.
94 citations
22 Aug 2000
TL;DR: This paper examines the problem in detail, compares a number of possible solutions, and identifies the most suitable one and demonstrates how the state update messages can be signed using the identified solution.
Abstract: Attaching digital signatures to state update messages in global distributed shared object (DSO) systems is not trivial. If the DSO consists of a number of autonomous local representative that use open, public networks for maintaining the state consistency, allowing a local representative to sign state update messages is not appropriate. More sophisticated schemes are required to prevent unauthorized state updates by malicious local representative or external parties. This paper examines the problem in detail, compares a number of possible solutions, and identifies the most suitable one and demonstrates how the state update messages can be signed using the identified solution.
29 citations
Journal Article•
TL;DR: In this article, the authors address the conflict between diversity of security requirements and the need for high assurance by using the Globe system as a reference framework, and establish a security design that provides a flexible means of addressing the variety of security requirement of different application domains.
Abstract: Designing security of wide-area distributed systems is a highly complicated task. The complexity of underlying distribution and replication infrastructures together with the diversity of application scenarios increases the number of security requirements that must be addressed. High assurance requires the security enforcement to be isolated from non-security relevant functions and limited in the size of implementation. The major challenge in the is to find a balance between the diversity of security requirements and the need for high assurance. This paper addresses this conflict using Globe system as a reference framework, and establishes a security design that provides a flexible means of addressing the variety of security requirements of different application domains.
9 citations
09 Dec 1999
TL;DR: This paper establishes a security design that provides a flexible means of addressing the variety of security requirements of different application domains, and addresses this conflict using Globe system as a reference framework.
Abstract: Designing security of wide-area distributed systems is a highly complicated task. The complexity of underlying distribution and replication infrastructures together with the diversity of application scenarios increases the number of security requirements that must be addressed. High assurance requires the security enforcement to be isolated from non-security relevant functions and limited in the size of implementation. The major challenge in the is to find a balance between the diversity of security requirements and the need for high assurance. This paper addresses this conflict using Globe system as a reference framework, and establishes a security design that provides a flexible means of addressing the variety of security requirements of different application domains.
6 citations
Cited by
More filters
[...]
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Abstract: Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
4,816 citations
20 May 2003
TL;DR: An algorithm to decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network that assigns each peer a unique global trust value, based on the peer's history of uploads is described.
Abstract: Peer-to-peer file-sharing networks are currently receiving much attention as a means of sharing and distributing information. However, as recent experience shows, the anonymous, open nature of these networks offers an almost ideal environment for the spread of self-replicating inauthentic files.We describe an algorithm to decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network that assigns each peer a unique global trust value, based on the peer's history of uploads. We present a distributed and secure method to compute global trust values, based on Power iteration. By having peers use these global trust values to choose the peers from whom they download, the network effectively identifies malicious peers and isolates them from the network.In simulations, this reputation system, called EigenTrust, has been shown to significantly decrease the number of inauthentic files on the network, even under a variety of conditions where malicious peers cooperate in an attempt to deliberately subvert the system.
3,715 citations
01 Apr 2004
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Abstract: Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.
1,866 citations
TL;DR: To identify denial-of-service vulnerabilities, the authors analyzed two effective sensor network protocols that did not initially consider security and demonstrate that consideration of security at design time is the best way to ensure successful network deployment.
Abstract: Sensor networks hold the promise of facilitating large-scale, real-time data processing in complex environments, helping to protect and monitor military, environmental, safety-critical, or domestic infrastructures and resources, Denial-of-service attacks against such networks, however, may permit real world damage to public health and safety Without proper security mechanisms, networks will be confined to limited, controlled environments, negating much of the promise they hold The limited ability of individual sensor nodes to thwart failure or attack makes ensuring network availability more difficult To identify denial-of-service vulnerabilities, the authors analyzed two effective sensor network protocols that did not initially consider security These examples demonstrate that consideration of security at design time is the best way to ensure successful network deployment
1,786 citations
TL;DR: The goal of the paper is to place some order into the existing attack and defense mechanisms, so that a better understanding of DDoS attacks can be achieved and subsequently more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.
641 citations