Replying to Avatar đź«Ž

Securing server requests by requiring them to be accompanied by a reusable proof-of-work is effectively saying the only way you can attack my server is with Bitcoin.

Military servers are ddosed on a regular basis by adversaries.

This can be greatly mitigated using the method mentioned above.

In this way militaries will stockpile BTC and view it as a cybersecurity paradigm shift and also a digital ammunition if you wanted to use it to attack an adversaries servers.

The attacking using BTC may prove to simply be too prohibitively costly however which would just cement the cybersecurity aspect of it.
Avatar
mark tyler 2y ago

Specifically, the API request includes a Lightning payment? Since it’s the government, they can just re-use it after accepting, but if it’s an alien they would be losing money with each attempt?

Reply to this note

Please Login to reply.

Discussion

Avatar
đź«Ž 2y ago

Yeah.. lightning or something similar.

Avatar
mark tyler 2y ago

Gotcha. No need for large amounts in that case since it can be rapidly recycled, correct?

How much of the DDOS success comes from just getting the server to read your message to check for bitcoin? With lightning, the server may need to respond with an invoice - which probably is just as bad as whatever else they would have responded with i think. Does that sound right?

Avatar
đź«Ž 2y ago

I'm not that technical.. his thesis is available online for free and the chapter that covers this specific aspect is Chapter 5.8 called Electro-Cyber Security Dome Concept.

Avatar
mark tyler 2y ago

Do you have a link to it?

Avatar
đź«Ž 2y ago

Here ya go

https://aul.primo.exlibrisgroup.com/discovery/fulldisplay?docid=alma995901882406836&context=L&vid=01AUL_INST:AUL&lang=en&search_scope=MyInst_and_CI&adaptor=Local%20Search%20Engine&tab=Everything&query=any,contains,Jason%20Lowery&mode=advanced

Avatar
mark tyler 2y ago

Ok, so my reading of that section in Softwar is that basically he isn’t proposing a specific implementation on that section, just that interesting stuff might be doable.

I also think I know now what he means when he says “control actions”. Basically, database interactions, API request consideration, etc. Not what I originally thought, which was preventing access to restricted networks computers, though the lightning thing we mentioned could work..

Let me think through a specific idea based on that section for a moment:

All API requests need to come in with non-reusable proof of work to some threshold. Nothing we can do about DDoS here where the devices are infected, because the attacker is stealing the work via the infected devices.

Requests that have the required proof of work are then given a lightning invoice. The full lifecycle of the Lightning payment will add possibly several seconds of latency, making them a poor choice for any use cases that need high speed interactions.

So no dome for high speed API…

Low speed could definitely work..

Seems like we need a concrete why though. The big social media companies are using DoS protection measures, and it seems like they don’t NEED this. Who/what does? Nostr users basically use them as a signaling tool for what we like via zaps. What would a state want them for?