A weak point in network-based applications is that they commonly open some known communication port(s), making themselves targets for denial of service (DoS) attacks. Considering adversaries that can eavesdrop and launch directed DoS attacks to the applications ’ open ports, solutions based on pseudo-random port-hopping have been suggested. As port-hopping needs that the communicating parties hop in a synchronized manner, these solutions suggest acknowledgment-based protocols between a client-server pair or assume the presence of synchronized clocks. Acknowledgments, if lost, can cause a port to be open for a longer time and thus be vulnerable to DoS attacks; Time servers for synchronizing clocks can become targets to DoS attack themselves. Here we study the case where the communicating parties have clocks with rate drift, which is common in networking. We propose an algorithm, BIGWHEEL, for servers to communicate with multiple clients in a port-hopping manner, thus enabling support to multi-party applications as well. The algorithm does not rely on the server having a fixed port open in the beginning, neither does it require from the client to get a “first-contact ” port from a third party. We also present an adaptive algorithm, HOPERAA, for hopping in the presence of clock-drift, as well as the analysis and evaluation of the methods. The solutions are simple, based on each client interacting with the server independently of the other clients, without the need of acknowledgments or time server. Provided that one has an estimation of the time it takes for the adversary to detect that a port is open and launch an attack, the method we propose does not make it possible to the eavesdropping adversary to launch an attack directed to the application’s open port(s). 1

I deeply thank my advisor, Associate Professor Idit Keidar, for giving me the opportunity to perform this research under her supervision, for the support and close guidance that I was privileged to receive. I thank Associate Professor Amir Herzberg and Dr. Gal Badishi for lending their experience and being an excellent research partners. I thank Dr. Keslassy Isaac for his helpful remarks. Many thanks to Dr. Ilana David, Mr. Viktor Kulikov, and to all software laboratory staff for all the assistance they willingly gave me. I would like to thank my dear family for the perpetual support they have given me. Special thanks to my fiancee Svetlana for her support through all my studies.