Using rhythmic nonces for puzzle-based DoS resistance

Ellick M. Chan; Carl A. Gunter; Sonia Jahid; Evgeni Peryshkin; Daniel Rebolledo

doi:10.1145/1456508.1456518

Using rhythmic nonces for puzzle-based DoS resistance

Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, Daniel Rebolledo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.

Original language	English (US)
Title of host publication	Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages	51-57
Number of pages	7
DOIs	https://doi.org/10.1145/1456508.1456518
State	Published - 2008
Event	2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States Duration: Oct 27 2008 → Oct 31 2008

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Country/Territory	United States
City	Alexandria, VA
Period	10/27/08 → 10/31/08

Keywords

Security

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/1456508.1456518

Library availability

Discover UIUC Full Text

Cite this

Chan, E. M., Gunter, C. A., Jahid, S., Peryshkin, E., & Rebolledo, D. (2008). Using rhythmic nonces for puzzle-based DoS resistance. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 (pp. 51-57). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1456508.1456518

Using rhythmic nonces for puzzle-based DoS resistance. / Chan, Ellick M.; Gunter, Carl A.; Jahid, Sonia et al.
Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08. 2008. p. 51-57 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chan, EM, Gunter, CA, Jahid, S, Peryshkin, E & Rebolledo, D 2008, Using rhythmic nonces for puzzle-based DoS resistance. in Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08. Proceedings of the ACM Conference on Computer and Communications Security, pp. 51-57, 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08, Alexandria, VA, United States, 10/27/08. https://doi.org/10.1145/1456508.1456518

Chan EM, Gunter CA, Jahid S, Peryshkin E, Rebolledo D. Using rhythmic nonces for puzzle-based DoS resistance. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08. 2008. p. 51-57. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/1456508.1456518

Chan, Ellick M. ; Gunter, Carl A. ; Jahid, Sonia et al. / Using rhythmic nonces for puzzle-based DoS resistance. Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08. 2008. pp. 51-57 (Proceedings of the ACM Conference on Computer and Communications Security).

@inproceedings{91e25c5333244238b63d8411e7776b06,

title = "Using rhythmic nonces for puzzle-based DoS resistance",

abstract = "To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle based DoS resistance scheme we call {"}SYN puzzles{"}. Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.",

keywords = "Security",

author = "Chan, {Ellick M.} and Gunter, {Carl A.} and Sonia Jahid and Evgeni Peryshkin and Daniel Rebolledo",

year = "2008",

doi = "10.1145/1456508.1456518",

language = "English (US)",

isbn = "9781605583006",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "51--57",

booktitle = "Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08",

note = "2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 ; Conference date: 27-10-2008 Through 31-10-2008",

}

TY - GEN

T1 - Using rhythmic nonces for puzzle-based DoS resistance

AU - Chan, Ellick M.

AU - Gunter, Carl A.

AU - Jahid, Sonia

AU - Peryshkin, Evgeni

AU - Rebolledo, Daniel

PY - 2008

Y1 - 2008

N2 - To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.

AB - To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=70349250375&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70349250375&partnerID=8YFLogxK

U2 - 10.1145/1456508.1456518

DO - 10.1145/1456508.1456518

M3 - Conference contribution

AN - SCOPUS:70349250375

SN - 9781605583006

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 51

EP - 57

BT - Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08

T2 - 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08

Y2 - 27 October 2008 through 31 October 2008

ER -

Using rhythmic nonces for puzzle-based DoS resistance

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this