Call for Paper - January 2024 Edition
IJCA solicits original research papers for the January 2024 Edition. Last date of manuscript submission is December 20, 2023. Read More

Software Puzzle Approach: A Measure to Resource-Inflated Denial-of-Service Attack

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2017
Vishal Walunj, Vinod Pawar

Vishal Walunj and Vinod Pawar. Software Puzzle Approach: A Measure to Resource-Inflated Denial-of-Service Attack. International Journal of Computer Applications 161(10):1-8, March 2017. BibTeX

	author = {Vishal Walunj and Vinod Pawar},
	title = {Software Puzzle Approach: A Measure to Resource-Inflated Denial-of-Service Attack},
	journal = {International Journal of Computer Applications},
	issue_date = {March 2017},
	volume = {161},
	number = {10},
	month = {Mar},
	year = {2017},
	issn = {0975-8887},
	pages = {1-8},
	numpages = {8},
	url = {},
	doi = {10.5120/ijca2017913314},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}


In Cyber security Denial-of-service (DoS) and distributed DoS (DDoS) are two major threats, and client puzzle, which demands a consumer to perform computationally dear operations before being granted services from a server, is a well-known countermeasure to them. However, a wrongdoer will inflate its capability of DoS/DDoS attacks with quick puzzle solving package and/or intrinsic graphics process unit (GPU) hardware to considerably weaken the effectiveness of consumer puzzles. This paper shows how to stop DoS/DDoS attackers from inflating their puzzle-solving capabilities. To this end, this paper introduces a new consumer puzzle said as software puzzle. Unlike the existing consumer puzzle schemes, which publish their puzzle algorithms in advance, a puzzle algorithmic program in the gift package puzzle theme is at random generated solely once a consumer request is received at the server aspect and therefore the algorithm is generated specified: 1) Associate in Nursing wrongdoer is unable to arrange Associate in Nursing implementation to unravel the puzzle before and 2) the wrongdoer wants extended effort in translating a central process unit puzzle package to its functionally equivalent GPU version such that the interpretation can't be drained real time. Moreover, the paper shows how to implement package puzzle within the generic server-browser model.


  1. J. Larimer. (Oct. 28, 2014). Pushdo SSL DDoS Attacks. [Online]. Available:
  2. C. Douligeris and A. Mitrokotsa, “DDoS attacks and defense mechanisms: Classification and state-of-the-art,” Comput. Netw., vol. 44, no. 5, pp. 643–666, 2004.
  3. A. Juels and J. Brainard, “Client puzzles: A cryptographic countermeasure against connection depletion attacks,” in Proc. Netw. Distrib. Syst. Secur. Symp., 1999, pp. 151–165.
  4. T. J. McNevin, J.-M. Park, and R. Marchany, “pTCP: A client puzzle protocol for defending against resource exhaustion denial of service attacks,” Virginia Tech Univ., Dept. Elect. Comput. Eng., Blacksburg, VA, USA, Tech. Rep. TR-ECE-04-10, Oct. 2004..
  5. R. Shankesi, O. Fatemieh, and C. A. Gunter, “Resource inflation threats to denial of service countermeasures,” Dept. Comput. Sci., UIUC, Champaign, IL, USA, Tech. Rep., Oct. 2010. [Online]. Available:
  6. J. Green, J. Juen, O. Fatemieh, R. Shankesi, D. Jin, and C. A. Gunter, “Reconstructing Hash Reversal based Proof of Work Schemes,” in Proc. 4th USENIX Workshop Large-Scale Exploits Emergent Threats, 2011.Brown, L. D., Hua, H., and Gao, C. 2003. A widget framework for augmented interaction in SCAPE.
  7. Y. I. Jerschow and M. Mauve, “Non-parallelizable and non-interactive client puzzles from modular square roots,” in Proc. Int. Conf. Availability, Rel. Secur., Aug. 2011, pp. 135–142.
  8. R. L. Rivest, A. Shamir, and D. A. Wagner, “Time-lock puzzles and timed-release crypto,” Dept. Comput. Sci., Massachusetts Inst. Technol., Cambridge, MA, USA, Tech. Rep. T/LCS/TR-684, Feb. 1996. Available:
  9. W. C. Feng and E. Kaiser, “The case for public work,” in Proc. IEEE Global Internet Symp., May 2007, pp. 43–48.
  10. D. Keppel, S. J. Eggers, and R. R. Henry, “A case for runtime code generation,” Dept. Comput. Sci. Eng., Univ. Washington, Seattle, WA, USA, Tech. Rep. CSE-91-11-04, 1991.
  11. E. Kaiser and W.-C. Feng, “mod_kaPoW: Mitigating DoS with transparent proof-of-work,” in Proc. ACM CoNEXT Conf., 2007, p. 74.
  12. NVIDIA CUDA. (Apr. 4, 2012). NVIDIA CUDA C Programming Guide, Version 4.2. [Online]. Available:
  13. X. Wang and M. K. Reiter, “Mitigating bandwidth-exhaustion attacks using congestion puzzles,” in Proc. 11th ACM Conf. Comput. Commun. Secur., 2004, pp. 257–267.
  14. M. Jakobsson and A. Juels, “Proofs of work and bread pudding protocols,” in Proc. IFIP TC6/TC11 Joint Working Conf. Secure Inf. Netw., Commun. Multimedia Secur., 1999, pp. 258–272.
  15. D. Kahn, The Codebreakers: The Story of Secret Writing, 2nd ed. New York, NY, USA: Scribners, 1996, p. 235.
  16. K. Iwai, N. Nishikawa, and T. Kurokawa, “Acceleration of AES encryption on CUDA GPU,” Int. J. Netw. Comput., vol. 2, no. 1, pp. 131–145,2012.
  17. B. Barak et al., “On the (Im)possibility of obfuscating programs,” in Advances in Cryptology (Lecture Notes in Computer Science), vol. 2139.Berlin, Germany: Springer-Verlag, 2001, pp. 1–18.
  18. H. Y. Tsai, Y. L. Huang, and D. Wagner, “A graph approach to quantitative analysis of control-flow obfuscating transformations,” IEEE Trans. Inf. Forensics Security, vol. 4, no. 2, pp. 257–267, Jun. 2009.
  19. S. Wang. (Sep. 18, 2011). How to Create an Applet & C++. [Online]. Available: create-Applet-c. html#ixzz24Lsk0OJQ
  20. J. Bailey. (Oct. 28, 2014). How to Install Java on an iPhone, eHow Contributor. [Online]. Available: .html#ixzz24jIAyKiM
  21. J. Ansel et al., “Language-independent sandboxing of just-in-time compilation and self-modifying code,” in Proc. ACM SIGPLAN Conf. Program. Lang. Design Implement., 2011, pp. 355–366.
  22. J. E. Smith and R. Nair, Virtual Machines: Versatile Platforms for Systems and Processes. San Mateo, CA, USA: Morgan Kaufmann, 2005, p.19.
  23. T. Lindholm and F. Yellin, The Java Virtual Machine Specification, 2nd ed. Reading, MA, USA: Addison-Wesley, 1999, ch. 9. [Online]. Available:
  24. J. Black and P. Rogaway, “Ciphers with arbitrary finite domains,” in Topics in Cryptology (Lecture Notes in Computer Science), vol. 2271. Berlin, Germany: Springer-Verlag, 2002, pp. 114–130.


Software puzzle, Code Obfuscation, GPU programming, Denial of Service (DoS), Distributed Denial of Service (DDoS)