1. Client puzzles and amplification Denial-of-service (DoS) attacks attempt to overwhelm a server with a huge volume of requests. Researchers have proposed a defense against DoS attacks called client puzzles: For each request, the server sends the client a freshly generated random challenge r and a difficulty parameter n, and the client has to produce a solution s such that the last n bits of HMAC,(s) are all 0. Clients must present a valid solution to receive service. (a) What is the expected number of HMAC computations for the client to compute the solution? How many HMAC computations does it take for the server to check the solution? (b) Suppose a "unit of work" is equivalent to the difficulty of computing one HMAC. If an attacker enjoys an amplification factor of 64 (i.e., the attacker can cause the server to do 64 units of work by expending one unit of work), what should n be to negate this advantage using client puzzles? (c) Some denial-of-service attacks attempt to exhaust the victim's network bandwidth rather that its CPU resources, and amplification plays an important role in such attacks too. Attackers recently began exploiting the Network Time Protocol (NTP) for this purpose, as described in this article: https://goo.gl/oVXH7V. What two features of NTP make it an ideal DoS tool? 1. Client puzzles and amplification Denial-of-service (DoS) attacks attempt to overwhelm a server with a huge volume of requests. Researchers have proposed a defense against DoS attacks called client puzzles: For each request, the server sends the client a freshly generated random challenge r and a difficulty parameter n, and the client has to produce a solution s such that the last n bits of HMAC,(s) are all 0. Clients must present a valid solution to receive service. (a) What is the expected number of HMAC computations for the client to compute the solution? How many HMAC computations does it take for the server to check the solution? (b) Suppose a "unit of work" is equivalent to the difficulty of computing one HMAC. If an attacker enjoys an amplification factor of 64 (i.e., the attacker can cause the server to do 64 units of work by expending one unit of work), what should n be to negate this advantage using client puzzles? (c) Some denial-of-service attacks attempt to exhaust the victim's network bandwidth rather that its CPU resources, and amplification plays an important role in such attacks too. Attackers recently began exploiting the Network Time Protocol (NTP) for this purpose, as described in this article: https://goo.gl/oVXH7V. What two features of NTP make it an ideal DoS tool