TY - GEN
T1 - Using rhythmic nonces for puzzle-based DoS resistance
AU - Chan, Ellick M.
AU - Gunter, Carl A.
AU - Jahid, Sonia
AU - Peryshkin, Evgeni
AU - Rebolledo, Daniel
PY - 2008
Y1 - 2008
N2 - To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.
AB - To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=70349250375&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70349250375&partnerID=8YFLogxK
U2 - 10.1145/1456508.1456518
DO - 10.1145/1456508.1456518
M3 - Conference contribution
AN - SCOPUS:70349250375
SN - 9781605583006
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 51
EP - 57
BT - Proceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
T2 - 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Y2 - 27 October 2008 through 31 October 2008
ER -