1 / 26

Using Rhythmic Nonces for Puzzle-Based DoS Resistance

Agenda. IntroductionRhythmic NoncesSYN PuzzlesTheoretical EvaluationExperimental EvaluationConcluding Remarks. 2. Introduction. 3. Client Puzzles Today. Cryptographic nonces: proof of work and freshness in distributed applications Example: client puzzles as proof of work Issued by se

mare
Download Presentation

Using Rhythmic Nonces for Puzzle-Based DoS Resistance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of Illinois

    2. Agenda Introduction Rhythmic Nonces SYN Puzzles Theoretical Evaluation Experimental Evaluation Concluding Remarks 2

    3. Introduction 3

    4. Client Puzzles Today Cryptographic nonces: proof of work and freshness in distributed applications Example: client puzzles as proof of work Issued by service provider: costly bookkeeping under heavy load 4

    5. Threat model Loss of availability to legitimate clients through stateful server-side resource depletion by malicious clients. Examples: SYN Floods Server-side expensive operations (e.g. cryptographic computations, database queries, etc.) Connection table flooding Attacks that are not addressed: Bandwidth flooding Extremely powerful attacker (100k+ nodes) Attackers controlling core routers 5 Syn floods will be ignored because they don’t have puzzles. Expensive operations are moderated by puzzle difficulty Connection table flooding, will be throttled because time consuming puzzles need to be solved. Bandwidth flooding is not addressed. Unless Routers do puzzle checking. Which in our model is a possibility. Powerful attacker is addressed only somewhat. Puzzles throttle attackers. We model graceful degradation, but enough attackers will degrade us to non operability.Syn floods will be ignored because they don’t have puzzles. Expensive operations are moderated by puzzle difficulty Connection table flooding, will be throttled because time consuming puzzles need to be solved. Bandwidth flooding is not addressed. Unless Routers do puzzle checking. Which in our model is a possibility. Powerful attacker is addressed only somewhat. Puzzles throttle attackers. We model graceful degradation, but enough attackers will degrade us to non operability.

    6. Vulnerabilities of Existing Systems

More Related