以å‰ã€åƒ•ãŒå®Ÿè£…ã—ã¦ã„ã‚‹ web サームMighty ãŒã€Haskell ã§æ›¸ã„ã¦ã„ã‚‹ã«ã‚‚é–¢ã‚らãšã€ã‚»ã‚°ãƒ¡ãƒ³ãƒ†ãƒ¼ã‚·ãƒ§ãƒ³ãƒ•ã‚©ãƒ¼ãƒ«ãƒˆã‚’èµ·ã“ã—ã¦ã„ãŸã€‚調ã¹ãŸã¨ã“ã‚ hashable ライブラリãŒãƒªãƒ³ã‚¯ã™ã‚‹ C ã® DJBX33X ãŒã€SipHash ã«å¤‰ã‚ã£ãŸã“ã¨ãŒåŽŸå› ã ã£ãŸã€‚ã“ã®ã¨ãã‹ã‚‰ SipHash ãŒæ°—ã«ãªã£ã¦ã„ãŸã—ã€ä»¥å‰社内で説明した "Efficient Denial of Service Attacks" ã¨ã®é–¢ä¿‚も知りãŸã‹ã£ãŸã®ã§ã€å°‘ã—調ã¹ã¦ã¿ãŸã€‚ã“ã®è¨˜äº‹ã¯ã€ãã®è¦šãˆæ›¸ã。
Hash-flooding DoS ã®æ´å²
1998 å¹´ã« Alexander Peslyak æ°ãŒ Phrack Magazine ã§ã€Hash-flooding DoS ã‚’å—ã‘ãŸã“ã¨ã‚’å ±å‘Šã—ã¦ã„る。ãƒãƒƒã‚·ãƒ¥ã¯ã€N 個ã®è¦ç´ を挿入ã™ã‚‹ã®ã«é€šå¸¸ O(N) ã‹ã‹ã‚‹ãŒã€ãƒãƒƒã‚·ãƒ¥å€¤ãŒã™ã¹ã¦è¡çªã™ã‚‹æœ€æ‚ªã®å ´åˆã§ã¯ O(N^2) ã‹ã‹ã‚‹ã€‚ã“れを悪用ã™ã‚‹ã®ãŒã€Hash-flooding DoS。"Hash-flooding" ã¨ã„ã†è¨€è‘‰ã¯ã€Daniel J. Bernstein (DJB) æ°ãŒå®Ÿè£…ã—㟠dnscache ã®ã‚³ãƒ¡ãƒ³ãƒˆã§æœ€åˆã«ä½¿ã‚ã‚ŒãŸ(1999å¹´)。
2003 å¹´ã« Scott A. Crosby æ°ã¨ Dan S. Wallach æ°ã¯ã€Hash-flooding DoS ã«é–¢ã™ã‚‹è«–文を発表ã—ãŸã€‚ã“ã‚Œã¾ã§ã® DoS ã¯å®Ÿè£…ã®ä¸å‚™ã‚’悪用ã—ã¦ã„ãŸãŒã€ã“ã® DoS ã¯ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®æ¬ 点をçªã。今時ã®ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨€èªžã§ã¯ãƒãƒƒã‚·ãƒ¥ãŒã„ãŸã‚‹ã¨ã“ã‚ã«ä½¿ã‚ã‚Œã¦ã„ã¦ã€å¤–部ã‹ã‚‰ã®å…¥åŠ›ã«å¯¾ã—ã¦ãƒãƒƒã‚·ãƒ¥ã‚’å–るよã†ã«ãªã£ã¦ã„ã‚‹ã¨ã€ã“ã®æ”»æ’ƒã®é¤Œé£Ÿã¨ãªã‚‹ã€‚アルゴリズムã®æ¬ 陥をçªã„ã¦ã„ã‚‹ã“ã¨ã‚’強調ã™ã‚‹ãŸã‚ã«ã€é¡Œåã« "Algorithmic Complexity" ã¨ã„ã†è¨€è‘‰ãŒä½¿ã‚ã‚Œã¦ã„ã‚‹ã®ãŒèˆˆå‘³æ·±ã„。
- Denial of Service via Algorithmic Complexity Attacks, Scott A. Crosby and Dan S. Wallach, in Proceeding of SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12, 2003
2011å¹´ã€Alexander Klink æ°ã¯ Julian Wälde æ°ã¯ã€åºƒç¯„囲ã®WebアプリãŒã“ã®æ”»æ’ƒã«å¯¾ã—ã¦è„†å¼±ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ãŸã€‚以下ãŒæ”»æ’ƒæ–¹æ³•ã‚’説明ã—ãŸã‚¹ãƒ©ã‚¤ãƒ‰ã€‚
- Efficient Denial of Service Attacks on Web Application Platforms, Alexander Klink and Julian Wälde, 2011
ã“ã®æ™‚期ã«å¤šãã®ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨€èªžã§ä½¿ã‚ã‚Œã¦ã„ãŸãƒãƒƒã‚·ãƒ¥ã¯ã€DJBæ°ãŒé–‹ç™ºã—ãŸDJBX33Aã‚„DJBX33X。ã“ã®å¾Œã€å¤šãã®ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨€èªžã¯åˆæœŸå€¤ã‚’乱数化ã™ã‚‹å¯¾å‡¦ç™‚法を実施ã—ãŸã€‚例ãˆã°ã€ruby のアナウンスã‚’å‚照。
ãã®å¾Œã€ã„ãã¤ã‹ã®ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨€èªžã¯ã€ãƒãƒƒã‚·ãƒ¥å€¤ã®ä¹±æ•°æ€§ãŒé«˜ã„ MurmurHash を採用ã™ã‚‹ã“ã¨ãªã£ãŸã€‚例ãˆã°ã€Ruby 1.9。ã¾ãŸã€Google ã§ã¯ CityHash ãŒä½¿ã‚ã‚Œã¦ã„る。
2012å¹´ã« Martin Boßlet æ°ã¨å…±åŒã§ã€Jean Philippe Aumasson æ°ã¨ DJB æ°ã¯ã€MurmurHashã€CityHashã€ãŠã‚ˆã³ã€Pythonã®ãƒãƒƒã‚·ãƒ¥ãŒè„†å¼±ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ãŸã€‚åˆæœŸå€¤ã‚’乱数化ã—ã¦ã‚‚ã€ãƒãƒƒã‚·ãƒ¥ã‚’è¡çªã•ã‚Œã¦ã—ã¾ã†ã€‚
- Hash-flooding DoS reloaded: attacks and defenses, Jean-Philippe Aumasson and Daniel J. Bernstein and Martin Boßlet, 2012
ã“れらã®ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã¯ã€å…¥åŠ›ã‚’ブãƒãƒƒã‚¯ã«åˆ†å‰²ã—ã¦å‡¦ç†ã™ã‚‹ã€‚åˆæœŸå€¤ã«ã¯ä¹±æ•°ã‚’利用ã™ã‚‹ãŒã€ãã‚Œãžã‚Œã®ãƒ–ãƒãƒƒã‚¯ã§ã¯ä¹±æ•°ã‚’使ã‚ãªã„。ã‚るブãƒãƒƒã‚¯ã®å‡¦ç†ã§ãƒãƒƒã‚·ãƒ¥ã«å·®ãŒç”Ÿã˜ã‚‹ãŒ(æ›´æ–°ã•ã‚Œã‚‹ãŒ)ã€æ¬¡ã®ãƒ–ãƒãƒƒã‚¯ã®å€¤ã‚’ã†ã¾ãé¸ã¹ã°ã€ã“ã®å·®ã‚’打ã¡æ¶ˆã™ã“ã¨ãŒå¯èƒ½ã€‚é©å½“ãªãƒ‡ãƒ¼ã‚¿ã«ã€ã“ã®äºŒã¤ã®ãƒ–ãƒãƒƒã‚¯ã‚’ç¹°ã‚Šè¿”ã—付ã‘ã¦ã„ã‘ã°ã€è¡çªã™ã‚‹å…¥åŠ›ã‚’ã„ãらã§ã‚‚生æˆã§ãる。
2012 å¹´ã«ã€Jean Philippe Aumasson æ°ã¨ DJB æ°ã¯ã€ä¸€æ–¹å‘性をæŒã¤æš—å·å¦çš„ãªãƒãƒƒã‚·ãƒ¥é–¢æ•°ã‚’ã„ã‚ゆるãƒãƒƒã‚·ãƒ¥é–¢æ•°ã¨ã—ã¦ç”¨ã„ã‚‹ã“ã¨ã‚’æ案ã—ãŸã€‚
- SipHash: a fast short-input PRF, Jean Philippe Aumasson and Daniel J. Bernstein, the DIAC workshop and at INDOCRYPT 2012
一方å‘性をæŒã¤æš—å·å¦çš„ãªãƒãƒƒã‚·ãƒ¥é–¢æ•°ã®ä»£è¡¨ä¾‹ã¨ã—ã¦ã¯ MD5 ã‚„ SHA-X ãŒæŒ™ã’られるãŒã€æ™®é€šã®ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã¨ã—ã¦ä½¿ã†ã®ã¯ã€ä»¥ä¸‹ã®2ã¤ã®ç‚¹ã§ã‚ˆããªã„。
- å°ã•ã„入力ã«å¯¾ã—ã¦é…ã„ (åˆæœŸåŒ–ãªã©ã®ã‚ªãƒ¼ãƒãƒ¼ãƒ˜ãƒƒãƒ‰ã‚’大ãã„)
- mod ã‚’å–ã£ãŸå€¤ãŒè¡çªã—ã‚„ã™ã„
ã“れらã®æ¬ 点を克æœã™ã‚‹ãŸã‚ã«ä½œã‚‰ã‚ŒãŸä¸€æ–¹å‘性をæŒã¤æš—å·å¦çš„ãªãƒãƒƒã‚·ãƒ¥ãŒ SipHash。SipHashã®ç™ºè¡¨å¾Œã€ãŸãã•ã‚“ã®ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨€èªžãŒSipHashを採用ã—ãŸã€‚ãŸã¨ãˆã°ã€Ruby
ã¨ã„ã†è¨³ã§DJBæ°ã®ãƒãƒƒã‚·ãƒ¥é–¢æ•°ãŒæ¨™æº–ã«è¿”ã‚Šå’²ã„ãŸã¨ã„ã†è¨³ã 。
