Martín Abadi, Mike Burrows, Mark Manasse, and Ted Wobber
A resource may be abused if its users incur little or no cost. For example, e-mail abuse is rampant because sending an e-mail has negligible cost for the sender. It has been suggested that such abuse may be discouraged by introducing an artificial cost in the form of a moderately expensive computation. Thus, the sender of an e-mail might be required to pay by computing for a few seconds before the e-mail is accepted. Unfortunately, because of sharp disparities across computer systems, this approach may be ineffective against malicious users with high-end systems, prohibitively slow for legitimate users with low-end systems, or both. Starting from this observation, we research moderately hard functions that most recent systems will evaluate at about the same speed. For this purpose, we rely on memory-bound computations. We describe and analyze a family of moderately hard, memory-bound functions, and we explain how to use them for protecting against abuses. fl
In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS)
Publisher Internet Society
Copyright © by the Internet Society. Copyright and Reprint Permissions: The Internet Society owns the copyrights for these publications. You may freely reproduce all or part of any paper for noncommercial purposes if you credit the author(s), provide notice to the Internet Society, and cite the Internet Society as the copyright owner.