1 / 25

Using Rhythmic Nonces for Puzzle-Based DoS Resistance

Using Rhythmic Nonces for Puzzle-Based DoS Resistance. Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of Illinois. Agenda. Introduction. Rhythmic Nonces. SYN Puzzles. Theoretical Evaluation. Experimental Evaluation. Concluding Remarks.

lhollingsworth
Download Presentation

Using Rhythmic Nonces for Puzzle-Based DoS Resistance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of Illinois

  2. Agenda Introduction Rhythmic Nonces SYN Puzzles Theoretical Evaluation Experimental Evaluation Concluding Remarks 2

  3. INTRODUCTION 3

  4. Client Puzzles Today • Cryptographic nonces: – proof of work and freshness in distributed applications – Example: client puzzles as proof of work • Issued by service provider: – costly bookkeeping under heavy load 4

  5. Threat model Loss of availability to legitimate clients through stateful server-side resource depletion by malicious clients. Examples: •SYN Floods •Server-side expensive operations (e.g. cryptographic computations, database queries, etc.) •Connection table flooding Attacks that are not addressed: •Bandwidth flooding •Extremely powerful attacker (100k+ nodes) •Attackers controlling core routers 5

  6. Vulnerabilities of Existing Systems  The puzzles should not introduce any new DoS vulnerabilities.  The difficulty of the puzzle should be easy to adjust ~ Replay resistant  Precomputing solutions is difficult  Sharing the solution has minimal impact  No central point of failure  Does not consume server resources  Does not consume network resources ~ Is fair to clients with different resources 6

  7. Contributions 1. Introduction of Rhythmic Nonces 2. Application of Rhythmic Nonces to puzzle-based DoS countermeasures 3. Evaluation of a Rhythmic Nonce prototype 7

  8. RHYTHMIC NONCES 8

  9. Rhythmic Nonces • Stream of numbers broadcast by secure sources • Similar to secure global timestamps – focuses on intervals, not absolute times • Could perhaps be embedded in DNS, GPS or secure multicast • Salted with client information 9

  10. Rhythmic Nonces (2) Rhythmic nonce broadcast at given intervals: the “rhythm”. No need for server-side bookkeeping. Nonces are unpredictable, but intervals are measurable: Can be used to prove freshness. Rhythm can be varied to suit the needs of the application. 10

  11. Formal Definition • Finding given is an intractable problem • For any j there exists an easy-to-calculate function s.t. 11

  12. Broadcasting Nonces Practical challenge at the scale of the Internet Logical Time Server Piggybacking on GPS or DNS could be a solution Router Simple gossip infrastructure Other mechanisms (e.g. enterprise servers) can help reduce load and increase scalability Client 13

  13. SYN PUZZLES 14

  14. Overview of SYN Puzzles TS RO RO OK! AT CL SV HELP! Puzzle solution 15

  15. How SYN Puzzles Work Client Server wait k=0? wait k < kmin k > kmin 16

  16. Protocol Features Unilateral contract The puzzle solution is sent on the first SYN packet without help from the server Cost discovery The client dynamically discovers the difficulty or “cost”: the server sends modified RSTs if the packet is not costly enough. This is stateless. The server adjusts the difficulty and the freshness demands based on security requirements. 17

  17. THEORETICAL EVALUATION 18

  18. Theoretical Evaluation Goals Puzzles can still be replayed during a small window of time The server can thwart replay by requiring fresher nonces (reducing the window) Trade-off: remote clients can be cut off Optimization problem 19

  19. Server Availability Under DoS Legitimate clients served (fraction) Puzzle difficulty 10:1s 0.1 attackers/capacity 0.25 attackers/capacity 0.5 attackers/capacity 0.75 attackers/capacity 1.0 attackers/capacity 1.25 attackers/capacity 20

  20. EXPERIMENTAL EVALUATION 21

  21. SYN Puzzles Implementation Rhythmic Nonce Service Periodically broadcasts 96-bit RSA nonces Client implementation Based on raw sockets: no kernel patches needed Server design Extended kernel network stack with configuration parameters in /dev 22

  22. Performance of Accepting Connections Experiment (Initial SYN) Description Server Cost Wget Wget establishes a legitimate connection 14.54 ns AVG, 12.38% STDEV Synk4 SYN flood Synk4 floods the SYN table, connection is dropped. 1.18 ns AVG, 56.78% STDEV SYN Cookies SYN cookie issued when table is full 14.81 ns AVG, 9.25% STDEV SYN Puzzles Auction-based puzzles. All puzzles are validated and accepted. 30.01 ns AVG, 34.76% STDEV 23

  23. Kernel Verification of Puzzles Verification of Puzzle Solution 14.0 12.0 10.0 Time (ns) 8.0 6.0 4.0 2.0 0.0 0 5 10 15 20 25 30 Difficulty (leading 0 bits) Result: Can check 100 Mbps link with 2.5 % CPU load 24

  24. CONCLUSION 25

  25. Conclusion Rhythmic nonces can help address the shortcomings of current DoS countermeasures Introduction of rhythmic nonces to the Internet will spur changes to existing protocols, making them more resilient. Built-in Internet DoS countermeasures can help address systemic shortcomings. No Centralized source of failure for puzzle issuance 26

More Related