research-article

Using rhythmic nonces for puzzle-based DoS resistance

Authors:

Ellick M. Chan,

Carl A. Gunter,

Evgeni Peryshkin,

Daniel RebolledoAuthors Info & Claims

CSAW '08: Proceedings of the 2nd ACM workshop on Computer security architectures

Pages 51 - 58

https://doi.org/10.1145/1456508.1456518

Published: 31 October 2008 Publication History

Abstract

To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle-based DoS resistance scheme we call "SYN puzzles". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.

References

[1]

National Solar Observatory/Sacremento Peak. Images and Current data. http://nsosp.nso.edu/data.

[2]

USGS Earthquake Hazards Program. Latest earthquakes in the world - past 7 days. http://earthquake.usgs.gov/eqcenter/recentqsww/Quakes/quakes all.php.

[3]

M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately Hard, Memory-Bound Functions. ACM Transactions on Internet Technology (TOIT), 5(2):299--327, 2005.

Digital Library

[4]

T. Aura, P. Nikander, and J. Leiwo. DOS-resistant Authentication with Client Puzzles. Proceedings of the 8th International Workshop on Security Protocols, Lecture Notes in Computer Science, Cambridge, UK, April, 2000.

Digital Library

[5]

A. Back. Hashcash - A Denial of Service Countermeasure. http://www.hashcash.org/hashcash.pdf, 2002.

[6]

D. Dean and A. Stubblefield. Using Client Puzzles to Protect TLS. Usenix, 2001.

Digital Library

[7]

S. Doshi, F. Monrose, and A. D. Rubin. Efficient Memory Bound Puzzles Using Pattern Databases. In ACNS, pages 98--113, 2006.

Digital Library

[8]

C. Douligeris and A. Mitrokotsa. Denial-of-Service Challenges from Oblivious Online Sources. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), 2007.

[9]

European Network of Excellence for Cryptology. Ecrypt yearly report on algorithms and keysizes 2006.

[10]

J. Halderman and B. Waters. Harvesting Verifiable Challenges from Oblivious Online Sources. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), 2007.

Digital Library

[11]

A. Juels and J. Brainard. Client puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks. Proceedings of the Network and Distributed System Security Symposium, pages 151--165, 1999.

[12]

J. Mirkovic, J. Martin, and P. Reiher. A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms, 2001.

[13]

T. Moran, R. Shaltiel, and A. Ta-Shma. Non-interactive timestamping in the bounded storage model. In Advances in Cryptology (CRYPTO 04), volume 3152 of Lecture Notes in Computer Science. Springer, December 2004.

[14]

X. Wang and M. Reiter. Defending against Denial-of-Service Attacks with Puzzle Auctions. IEEE Symposium on Security and Privacy, 3, 2003.

Digital Library

[15]

B. Waters, A. Juels, J. A. Halderman, and E. W. Felten. New client puzzle outsourcing techniques for dos resistance. In CCS'04, pages 246--256, 2004.

Digital Library

Cited By

Jiang LXu CWang XZhou Y(2015)Analysis and Comparison of the Network Security Protocol with DoS/DDoS Attack Resistance PerformanceProceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems10.1109/HPCC-CSS-ICESS.2015.148(1785-1790)Online publication date: 24-Aug-2015
https://dl.acm.org/doi/10.1109/HPCC-CSS-ICESS.2015.148
Cristea MGroza B(2012)Provable Synthetic Coordinates for Increasing PoWs Effectiveness against DoS and SpamProceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust10.1109/SocialCom-PASSAT.2012.96(809-810)Online publication date: 3-Sep-2012
https://dl.acm.org/doi/10.1109/SocialCom-PASSAT.2012.96
Boyd CGonzalez-Nieto JKuppusamy LNarasimhan HRangan CRangasamy JSmith JStebila DVaradarajan V(2011)Cryptographic Approaches to Denial-of-Service ResistanceAn Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks10.1007/978-81-322-0277-6_6(183-238)Online publication date: 6-Sep-2011
https://doi.org/10.1007/978-81-322-0277-6_6
Show More Cited By

Using rhythmic nonces for puzzle-based DoS resistance
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Mitigating DoS Using Sensing Keys
ICCS '12: Proceedings of the 2012 International Conference on Computing Sciences

Denial of Service (DoS) attacks has become a major problem for users of computer systems connected to the Internet. DoS attackers hijack secondary victim systems and use them to wage a coordinated large-scale attack against primary victim systems. In ...
Defending against path-based DoS attacks in wireless sensor networks
SASN '05: Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks

Denial of service (DoS) attacks can cause serious damage in resource-constrained, wireless sensor networks (WSNs). This paper addresses an especially damaging form of DoS attack, called PDoS (Path-based Denial of Service). In a PDoS attack, an adversary ...
New client puzzle outsourcing techniques for DoS resistance
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

We explore new techniques for the use of cryptographic puzzles as a countermeasure to Denial-of-Service (DoS) attacks. We propose simple new techniques that permit the out-sourcing of puzzles; their distribution via a robust external service that we ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CSAW '08: Proceedings of the 2nd ACM workshop on Computer security architectures

October 2008

72 pages

ISBN:9781605583006

DOI:10.1145/1456508

Program Chair:
Trent Jaeger
PennsylvaniaStateUniversity

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

security

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 31, 2008

Virginia, Alexandria, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
300
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jiang LXu CWang XZhou Y(2015)Analysis and Comparison of the Network Security Protocol with DoS/DDoS Attack Resistance PerformanceProceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems10.1109/HPCC-CSS-ICESS.2015.148(1785-1790)Online publication date: 24-Aug-2015
https://dl.acm.org/doi/10.1109/HPCC-CSS-ICESS.2015.148
Cristea MGroza B(2012)Provable Synthetic Coordinates for Increasing PoWs Effectiveness against DoS and SpamProceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust10.1109/SocialCom-PASSAT.2012.96(809-810)Online publication date: 3-Sep-2012
https://dl.acm.org/doi/10.1109/SocialCom-PASSAT.2012.96
Boyd CGonzalez-Nieto JKuppusamy LNarasimhan HRangan CRangasamy JSmith JStebila DVaradarajan V(2011)Cryptographic Approaches to Denial-of-Service ResistanceAn Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks10.1007/978-81-322-0277-6_6(183-238)Online publication date: 6-Sep-2011
https://doi.org/10.1007/978-81-322-0277-6_6
B. S. JJanakiram D(2010)SyMon: A practical approach to defend large structured P2P systems against Sybil AttackPeer-to-Peer Networking and Applications10.1007/s12083-010-0084-04:3(289-308)Online publication date: 2-Jul-2010
https://doi.org/10.1007/s12083-010-0084-0
Jyothi BDharanipragada J(2009)SyMon: Defending large structured P2P systems against Sybil attack2009 IEEE Ninth International Conference on Peer-to-Peer Computing10.1109/P2P.2009.5284520(21-30)Online publication date: Sep-2009
https://doi.org/10.1109/P2P.2009.5284520

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents