Perfect forward secrecy distributed denial of service attack detection
First Claim
Patent Images
1. A method for detecting a Denial of Service (DoS) attack when initiating a secure session, the method comprising:
- receiving, by a processor, a request from a client to initiate the secure session between the client and a server;
determining, by the processor, whether the client is on a whitelist;
based on a determination that the client is absent from the whitelist, sending, by the processor, a pre-generated key to the client, the pre-generated key being generated prior to receiving the request and being generated without a communication from the client using a method for securely exchanging cryptographic keys over a public channel the pre-generated key being disassociated from one or more secure sessions between the client and the server; and
based on further actions associated with the client, wherein further actions include the client failure to finish a handshake procedure within a predetermined time frame, and the further actions performed by the client after the pre-generated key is sent to the client and prior to initiating the secure session, andbased on a determination that the established secure session is invalid;
identifying the request from the client as taking part in a denial of service attack; and
based on the identification, denying initiation of the secure session.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are methods and systems for detecting a DoS attack when initiating a secure session. A method for detecting a DoS attack may commence with receiving, from a client, a request to initiate a secure session between the client and a server. The method may continue with sending a pre-generated key to the client. The method may further include establishing that the request from the client is suspected of the DoS attack. The establishment may be performed based on further actions associated with the client.
-
Citations
17 Claims
-
1. A method for detecting a Denial of Service (DoS) attack when initiating a secure session, the method comprising:
-
receiving, by a processor, a request from a client to initiate the secure session between the client and a server; determining, by the processor, whether the client is on a whitelist; based on a determination that the client is absent from the whitelist, sending, by the processor, a pre-generated key to the client, the pre-generated key being generated prior to receiving the request and being generated without a communication from the client using a method for securely exchanging cryptographic keys over a public channel the pre-generated key being disassociated from one or more secure sessions between the client and the server; and based on further actions associated with the client, wherein further actions include the client failure to finish a handshake procedure within a predetermined time frame, and the further actions performed by the client after the pre-generated key is sent to the client and prior to initiating the secure session, and based on a determination that the established secure session is invalid; identifying the request from the client as taking part in a denial of service attack; and based on the identification, denying initiation of the secure session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for detecting a DoS attack when initiating a secure session, the system comprising:
-
a hardware processor configured to; receive a request from a client to initiate the secure session between the client and a server; determining, by the processor, whether the client is on a whitelist; based on a determination that the client is absent from the whitelist, send a pre-generated key to the client, the pre-generated key being generated prior to receiving the request and being generated without a communication from the client using a method for securely exchanging cryptographic keys over a public channel the pre-generated key being disassociated from one or more secure sessions between the client and the server; and based on further actions associated with the client, wherein further actions include the client failure to finish a handshake procedure within a predetermined time frame, the further actions performed by the client after the pre-generated key is sent to the client and prior to initiating the secure session and, based on a determination that the established secure session is invalid; identifying the request from the client as taking part in a denial of service attack; and based on the identification, denying initiation of the secure session; and a database in communication with the hardware processor, the database comprising computer-readable instructions for execution by the hardware processor. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory processor-readable medium having embodied thereon a program being executable by at least one processor to perform a method for detecting a DoS attack when initiating a secure session, the method comprising:
-
receiving a request from a client to initiate the secure session between the client and a server; determining, by the processor, whether the client is on a whitelist; based on a determination that the client is absent from the whitelist, sending a pre-generated key to the client, the pre-generated key being generated prior to receiving the request and being generated without a communication from the client using a method for securely exchanging cryptographic keys over a public channel the pre-generated key being disassociated from one or more secure sessions between the client and the server; and based on further actions associated with the client, wherein further actions include the client failure to finish a handshake procedure within a predetermined time frame, and the further actions performed by the client after the pre-generated key is sent to the client and prior to initiating the secure session, and based on a determination that the established secure session is invalid; identifying the request from the client as taking part in a denial of service attack; and based on the identification, denying initiation of the secure session.
-
Specification