Cryptographic Puzzles and Game Theory against DoS and DDoS attacks in Networks Antonis M ichalas 1 , Nikos Komninos 1 and Neeli R. Prasad 2 1 Athens Information Technology GR-19002 Peania (Athens), Greece 2 Aalborg University DK-9220, Aalborg, Denmark Abstract. In this chapter, we present techniques to defeat Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. In the first part, we describe client puzzle techniques that are based on the idea of computationally exhausting a malicious user when he attempts to launch an attack. In the second part we are introducing some basic principles of game theory and we discuss how game theoretical frameworks can protect computer networks. Finally, we show techniques that combine client puzzles with game theory in order to provide DoS and DDoS resilience. 1 Introduction Imagine a situation where Bob calls to a restaurant and make a reservation for four people in the name of M r.X . After a while he calls again and make a new reservation for 5 persons in the name of M r.Y . Lets assume that he keeps calling to the restaurant and making fake reservations until all the tables of the restaurant are booked. The result of that is that if Alice (a legitimate use) wants to go and eat to that particular restaurant she could not book a table since Bob have booked them all. So Alice would not be able to use the service that the restaurant offers to its clients. More precise Alice and every other legitimate customer would face a Denial of Service Attack (DoS). Denial of Service attacks is considered to be one of the most important threats as well as one of the hardest problems in computer security nowadays. The main aim of a DoS attack is the interruption of services by attempting to limit access to a machine or service instead of subverting the service itself. This kind of attack aims at rendering a network incapable of providing normal service by targeting either the networks bandwidth or its connectivity. These attacks achieve their goal by sending at a victim a stream of packets that swamps his network or processing capacity denying access to his regular clients. Protection against DoS attacks is a crucial component of any security system. While DoS has been studied extensively for the wired networks, there is lack of research for preventing such attacks in ad hoc networks. Because devices like PDA’s and mobile phones have limited resources, like battery life and memory, the techniques that are implemented in wired networks are not suitable for ad hoc networks. Due to deployment in tactical battlefield missions these networks are susceptible to attacks of malicious intruders. These intruders might attempt to disrupt/degrade the performance of the whole network or may harm a