Using rhythmic nonces for puzzle-based DoS resistance

Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, Daniel Rebolledo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages51-57
Number of pages7
DOIs
StatePublished - 2008
Event2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States
Duration: Oct 27 2008Oct 31 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
CountryUnited States
CityAlexandria, VA
Period10/27/0810/31/08

Keywords

  • Security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Using rhythmic nonces for puzzle-based DoS resistance'. Together they form a unique fingerprint.

Cite this