Fair Client Puzzles from the Bitcoin Blockchain

Client puzzles have been proposed as a mechanism for proving legitimate intentions by providing ``proofs of work\u27\u27, which can be applied to discourage malicious usage of resources. A typical problem of puzzle constructions is the difference in expected solving time on different computing platforms. We call puzzles which can be solved independently of client computing resources \emph{fair client puzzles}. We propose a construction for client puzzles requiring widely distributed computational effort for their solution. These puzzles can be solved using the mining process of Bitcoin, or similar cryptocurrencies. Adapting existing definitions, we show that our puzzle construction satisfies formal requirements of client puzzles under reasonable assumptions. We describe a way of transforming our client puzzles for use in denial of service scenarios and demonstrate a practical construction

Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols

Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requiring a client to solve some moderately hard problem before being granted access to a resource. However, recent client puzzle difficulty definitions (Stebila and Ustaoglu, 2009; Chen et al., 2009) do not ensure that solving n puzzles is n times harder than solving one puzzle. Motivated by examples of puzzles where this is the case, we present stronger definitions of difficulty for client puzzles that are meaningful in the context of adversaries with more computational power than required to solve a single puzzle. A protocol using strong client puzzles may still not be secure against DoS attacks if the puzzles are not used in a secure manner. We describe a security model for analyzing the DoS resistance of any protocol in the context of client puzzles and give a generic technique for combining any protocol with a strong client puzzle to obtain a DoS-resistant protocol

Achieving network resiliency using sound theoretical and practical methods

Computer networks have revolutionized the life of every citizen in our modern intercon- nected society. The impact of networked systems spans every aspect of our lives, from financial transactions to healthcare and critical services, making these systems an attractive target for malicious entities that aim to make financial or political profit. Specifically, the past decade has witnessed an astounding increase in the number and complexity of sophisti- cated and targeted attacks, known as advanced persistent threats (APT). Those attacks led to a paradigm shift in the security and reliability communities’ perspective on system design; researchers and government agencies accepted the inevitability of incidents and malicious attacks, and marshaled their efforts into the design of resilient systems. Rather than focusing solely on preventing failures and attacks, resilient systems are able to maintain an acceptable level of operation in the presence of such incidents, and then recover gracefully into normal operation. Alongside prevention, resilient system design focuses on incident detection as well as timely response. Unfortunately, the resiliency efforts of research and industry experts have been hindered by an apparent schism between theory and practice, which allows attackers to maintain the upper hand advantage. This lack of compatibility between the theory and practice of system design is attributed to the following challenges. First, theoreticians often make impractical and unjustifiable assumptions that allow for mathematical tractability while sacrificing accuracy. Second, the security and reliability communities often lack clear definitions of success criteria when comparing different system models and designs. Third, system designers often make implicit or unstated assumptions to favor practicality and ease of design. Finally, resilient systems are tested in private and isolated environments where validation and reproducibility of the results are not publicly accessible. In this thesis, we set about showing that the proper synergy between theoretical anal- ysis and practical design can enhance the resiliency of networked systems. We illustrate the benefits of this synergy by presenting resiliency approaches that target the inter- and intra-networking levels. At the inter-networking level, we present CPuzzle as a means to protect the transport control protocol (TCP) connection establishment channel from state- exhaustion distributed denial of service attacks (DDoS). CPuzzle leverages client puzzles to limit the rate at which misbehaving users can establish TCP connections. We modeled the problem of determining the puzzle difficulty as a Stackleberg game and solve for the equilibrium strategy that balances the users’ utilizes against CPuzzle’s resilience capabilities. Furthermore, to handle volumetric DDoS attacks, we extend CPuzzle and implement Midgard, a cooperative approach that involves end-users in the process of tolerating and neutralizing DDoS attacks. Midgard is a middlebox that resides at the edge of an Internet service provider’s network and uses client puzzles at the IP level to allocate bandwidth to its users. At the intra-networking level, we present sShield, a game-theoretic network response engine that manipulates a network’s connectivity in response to an attacker who is moving laterally to compromise a high-value asset. To implement such decision making algorithms, we leverage the recent advances in software-defined networking (SDN) to collect logs and security alerts about the network and implement response actions. However, the programma- bility offered by SDN comes with an increased chance for design-time bugs that can have drastic consequences on the reliability and security of a networked system. We therefore introduce BiFrost, an open-source tool that aims to verify safety and security proper- ties about data-plane programs. BiFrost translates data-plane programs into functionally equivalent sequential circuits, and then uses well-established hardware reduction, abstrac- tion, and verification techniques to establish correctness proofs about data-plane programs. By focusing on those four key efforts, CPuzzle, Midgard, sShield, and BiFrost, we believe that this work illustrates the benefits that the synergy between theory and practice can bring into the world of resilient system design. This thesis is an attempt to pave the way for further cooperation and coordination between theoreticians and practitioners, in the hope of designing resilient networked systems

Blockchain security and applications

Cryptocurrencies, such as Bitcoin and Ethereum, have proven to be highly successful. In a cryptocurrency system, transactions and ownership data are stored digitally in a ledger that uses blockchain technology. This technology has the potential to revolutionize the future of financial transactions and decentralized applications. Blockchains have a layered architecture that enables their unique method of authenticating transactions. In this research, we examine three layers, each with its own distinct functionality: the network layer, consensus layer, and application layer. The network layer is responsible for exchanging data via a peer-to-peer (P2P) network. In this work, we present a practical yet secure network design. We also study the security and performance of the network and how it affects the overall security and performance of blockchain systems. The consensus layer is in charge of generating and ordering the blocks, as well as guaranteeing that everyone agrees. We study the existing Proof-of-stake (PoS) protocols, which follow a single-extension design framework. We present an impossibility result showing that those single-extension protocols cannot achieve standard security properties (e.g., common prefix) and the best possible unpredictability if the honest players control less than 73\% stake. To overcome this, we propose a new multi-extension design framework. The application layer consists of programs (e.g., smart contracts) that users can use to build decentralized applications. We construct a protocol on the application layer to enhance the security of federated learning

Defending networked resources against floods of unwelcome requests

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2008.Includes bibliographical references (p. 172-189).The Internet is afflicted by "unwelcome requests'" defined broadly as spurious claims on scarce resources. For example, the CPU and other resources at a server are targets of denial-of-service (DOS) attacks. Another example is spam (i.e., unsolicited bulk email); here, the resource is human attention. Absent any defense, a very small number of attackers can claim a very large fraction of the scarce resources. Traditional responses identify "bad" requests based on content (for example, spam filters analyze email text and embedded URLs). We argue that such approaches are inherently gameable because motivated attackers can make "bad" requests look "good". Instead, defenses should aim to allocate resources proportionally (so if lo% of the requesters are "bad", they should be limited to lo% of the scarce resources). To meet this goal, we present the design, implementation, analysis, and experimental evaluation of two systems. The first, speak-up, defends servers against application-level denial-of-service by encouraging all clients to automatically send more traffic. The "good" clients can thereby compete equally with the "bad" ones. Experiments with an implementation of speak-up indicate that it allocates a server's resources in rough proportion to clients' upload bandwidths, which is the intended result. The second system, DQE, controls spam with per-sender email quotas. Under DQE, senders attach stamps to emails. Receivers communicate with a well-known, untrusted enforcer to verify that stamps are fresh and to cancel stamps to prevent reuse. The enforcer is distributed over multiple hosts and is designed to tolerate arbitrary faults in these hosts, resist various attacks, and handle hundreds of billions of messages daily (two or three million stamp checks per second). Our experimental results suggest that our implementation can meet these goals with only a few thousand PCs.(cont) The enforcer occupies a novel design point: a set of hosts implement a simple storage abstraction but avoid neighbor maintenance, replica maintenance, and mutual trust. One connection between these systems is that DQE needs a DoS defense-and can use speak-up. We reflect on this connection, on why we apply speak-up to DoS and DQE to spam, and, more generally, on what problems call for which solutions.by Michael Walfish.Ph.D

The dynamics of public sector reform : implementation of the position classification system in Bhutan

In recent decades the intensity with which governments have initiated public sector reforms increased tremendously. Amidst such a flurry of reforms, Bhutan's government implemented the Position Classification System (PCS) reforms in 2006. The PCS represented a major tranche of public sector reforms that included human resource management and performance management components. The implementation of the PCS, which was based on international "best practices", met with sharp criticism in Bhutan. This thesis, using the implementation of the PCS in Bhutan as a case study, examines the dynamics of public sector reforms and discusses the convergences and divergences in the public sector reform trajectory. In doing so, three key aspects of the "dynamics" of public sector reform are analysed in this thesis. The first aspect is the debate over "revolutionary" or "evolutionary" nature of the reform. Through the concept of paradigms in public administration, this thesis identifies an ideal type typology of public administration, and distinguishes the components of the PCS as normal policy making (evolutionary reform) and paradigm-shift policy (revolutionary reform). On the basis of the ideal type typology, the thesis demonstrates that Bhutan's public administration is hybrid with combinations of characteristics of the various paradigms and models of public administration. The second aspect of the dynamics of public sector reforms is the effect of the scope and timing on the evaluation of the reforms. Based on the data gathered from in-depth interviews and an opinion survey of the Bhutanese civil servants in 2011, the thesis evaluates the various dimensions of the PCS. The third aspect of the dynamics of public sector reform is the drivers of the reform and their forms of interaction. In examining the main drivers of the PCS, the thesis explores topical topics on public sector reforms such as policy transfer, ideas and symbolism, stakeholder participation, and change management. One of the main findings of the thesis is the interaction between the reforms and the context and culture of the administrative system that these reforms are applied in. Using Geert Hofstede's Value Survey Module to generate original values for the culture of Bhutan, the thesis demonstrates the importance of context and culture in the implementation of public sector reforms. The thesis provides one of the first comprehensive historical analyses of public sector reforms in Bhutan, a country that is relatively understudied. The thesis is also one of the few empirical studies that maps the ideal types based on the paradigms of public administration to a country's administrative system. To suit Bhutan's monarchical political context, the ideal type typology includes the patronage system as one of the models. Another significant contribution of the thesis is that it is one of the few empirical studies, which evaluate policy by using a revisionist approach that combines the rationalist and the argumentative traditions. Finally, the thesis serves as a basis for the next set of public sector reforms to be implemented in Bhutan's civil service through a set of policy recommendations based on the experience of the PCS

Games and bereavement: how video games represent attachment, loss, and grief

How can videogames portray love and loss? Games and Bereavement answers this question by looking at five videogames and carrying out a participatory design study with grievers. Sabine Harrer highlights possible connections between grief and videogames, arguing that game design may help make difficult personal feelings tangible. After a brief literary review of grief concepts and videogame theory, the book deep-dives into examples of tragic inter-character relationships from videogame history. Building on these examples, the book presents a case study on pregnancy loss as a potential grief experience that can be validated through game design dialogue