File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/ICDCS47774.2020.00154
- Scopus: eid_2-s2.0-85101965202
- WOS: WOS:000667971400127
- Find via
Supplementary
- Citations:
- Appears in Collections:
Conference Paper: Cloud Password Shield: A Secure Cloud-based Firewall against DDoS on Authentication Servers
| Title | Cloud Password Shield: A Secure Cloud-based Firewall against DDoS on Authentication Servers |
|---|---|
| Authors | |
| Keywords | Security DDoS Bloom filter Firewall |
| Issue Date | 2021 |
| Publisher | IEEE, Computer Society. The Journal's web site is located at http://ieeexplore.ieee.org/servlet/opac?punumber=1000213 |
| Citation | 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), Singapore, 29 November.-1 December 2020, p. 1209-1210 How to Cite? |
| Abstract | Password-based authentication is essential to any online service. It is normally powered by a database of user credentials, for example a RADIUS server. However, even with various indexing techniques (e.g., B + -tree), password-based authentication can still be resource-consuming on large-scale systems (e.g., Internet and IoT), and is thus vulnerable to distributed denial-of-service (DDoS) attacks.In this paper, we propose a cloud-based firewall that uses Bloom filters to pre-screen and reject suspicious requests with wrong password before they reach the authentication server. The main challenge is the security of the firewall because it can be operated by a third party, so the Bloom filters might be accessed by adversaries to assist their brute-force password guessing.To ensure security, we start with the assumption of trusted cloud server and design a key-based semantic secure Bloom filter (KSSBF) for the best efficiency. We then design a generically secure Bloom filter (GSBF) for non-trusted cloud servers, which is key-independent and with strictly provable security. Through theoretical and empirical analysis, we show both of them can mitigate malicious requests without compromising the security of passwords. |
| Persistent Identifier | http://hdl.handle.net/10722/305949 |
| ISSN | 2023 SCImago Journal Rankings: 0.986 |
| ISI Accession Number ID |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Fu, Y | - |
| dc.contributor.author | Au, AMH | - |
| dc.contributor.author | Du, R | - |
| dc.contributor.author | Hu, H | - |
| dc.contributor.author | Li, D | - |
| dc.date.accessioned | 2021-10-20T10:16:38Z | - |
| dc.date.available | 2021-10-20T10:16:38Z | - |
| dc.date.issued | 2021 | - |
| dc.identifier.citation | 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), Singapore, 29 November.-1 December 2020, p. 1209-1210 | - |
| dc.identifier.issn | 1063-6927 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/305949 | - |
| dc.description.abstract | Password-based authentication is essential to any online service. It is normally powered by a database of user credentials, for example a RADIUS server. However, even with various indexing techniques (e.g., B + -tree), password-based authentication can still be resource-consuming on large-scale systems (e.g., Internet and IoT), and is thus vulnerable to distributed denial-of-service (DDoS) attacks.In this paper, we propose a cloud-based firewall that uses Bloom filters to pre-screen and reject suspicious requests with wrong password before they reach the authentication server. The main challenge is the security of the firewall because it can be operated by a third party, so the Bloom filters might be accessed by adversaries to assist their brute-force password guessing.To ensure security, we start with the assumption of trusted cloud server and design a key-based semantic secure Bloom filter (KSSBF) for the best efficiency. We then design a generically secure Bloom filter (GSBF) for non-trusted cloud servers, which is key-independent and with strictly provable security. Through theoretical and empirical analysis, we show both of them can mitigate malicious requests without compromising the security of passwords. | - |
| dc.language | eng | - |
| dc.publisher | IEEE, Computer Society. The Journal's web site is located at http://ieeexplore.ieee.org/servlet/opac?punumber=1000213 | - |
| dc.relation.ispartof | International Conference on Distributed Computing Systems Proceedings | - |
| dc.rights | International Conference on Distributed Computing Systems Proceedings. Copyright © IEEE, Computer Society. | - |
| dc.rights | ©2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | - |
| dc.subject | Security | - |
| dc.subject | DDoS | - |
| dc.subject | Bloom filter | - |
| dc.subject | Firewall | - |
| dc.title | Cloud Password Shield: A Secure Cloud-based Firewall against DDoS on Authentication Servers | - |
| dc.type | Conference_Paper | - |
| dc.identifier.email | Au, AMH: manhoau@hku.hk | - |
| dc.identifier.authority | Au, AMH=rp02638 | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1109/ICDCS47774.2020.00154 | - |
| dc.identifier.scopus | eid_2-s2.0-85101965202 | - |
| dc.identifier.hkuros | 327812 | - |
| dc.identifier.spage | 1209 | - |
| dc.identifier.epage | 1210 | - |
| dc.identifier.isi | WOS:000667971400127 | - |
| dc.publisher.place | United States | - |