Using rhythmic nonces for puzzle-based DoS resistance

Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, Daniel Rebolledo
2008 Proceedings of the 2nd ACM workshop on Computer security architectures - CSAW '08  
To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this
more » ... the impact of this service in the context of a puzzle-based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.
doi:10.1145/1456508.1456518 dblp:conf/ccs/ChanGJPR08 fatcat:ovydqeh6zjhqjeeodil7chqqhu