Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of.

Published byClemence Ellis Modified over 8 years ago

Similar presentations

Presentation on theme: "Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of."— Presentation transcript:

1 Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of Illinois

2 Agenda Introduction Rhythmic Nonces SYN Puzzles Theoretical Evaluation Experimental Evaluation Concluding Remarks 2

3 INTRODUCTION 3

4 Client Puzzles Today Cryptographic nonces: – proof of work and freshness in distributed applications – Example: client puzzles as proof of work Issued by service provider: – costly bookkeeping under heavy load 4

5 Threat model Loss of availability to legitimate clients through stateful server-side resource depletion by malicious clients. Examples: SYN Floods Server-side expensive operations (e.g. cryptographic computations, database queries, etc.) Connection table flooding Attacks that are not addressed: Bandwidth flooding Extremely powerful attacker (100k+ nodes) Attackers controlling core routers 5

6 Vulnerabilities of Existing Systems 6  The puzzles should not introduce any new DoS vulnerabilities. The difficulty of the puzzle should be easy to adjust ~Replay resistant Precomputing solutions is difficult Sharing the solution has minimal impact  No central point of failure  Does not consume server resources Does not consume network resources ~Is fair to clients with different resources

7 Contributions 1.Introduction of Rhythmic Nonces 2.Application of Rhythmic Nonces to puzzle-based DoS countermeasures 3.Evaluation of a Rhythmic Nonce prototype 7

8 RHYTHMIC NONCES 8

9 Rhythmic Nonces Stream of numbers broadcast by secure sources Similar to secure global timestamps – focuses on intervals, not absolute times Could perhaps be embedded in DNS, GPS or secure multicast Salted with client information 9

10 Rhythmic Nonces (2) Rhythmic nonce broadcast at given intervals: the “rhythm”. No need for server-side bookkeeping. Nonces are unpredictable, but intervals are measurable: Can be used to prove freshness. Rhythm can be varied to suit the needs of the application. 10

11 Formal Definition Finding given is an intractable problem For any j there exists an easy-to-calculate function s.t. 11

12 Examples Reversed stream of hashes Calculate: a, h(a), h(h(a)), etc. and play them in reverse Repeated signature in a PKS (RSA, ECC, etc.): 12

13 Broadcasting Nonces Practical challenge at the scale of the Internet Piggybacking on GPS or DNS could be a solution Simple gossip infrastructure Other mechanisms (e.g. enterprise servers) can help reduce load and increase scalability 13 Logical Time Server Router Client

14 SYN PUZZLES 14

15 Overview of SYN Puzzles 15 TS RO SVCLAT OK! HELP! ! ! ! ! ! ! ! Puzzle solution

16 How SYN Puzzles Work 16 ClientServer SYN SYN + Puzzle Soln (Difficulty k ) SYN + Puzzle Soln (Difficulty k+1 ) wait SYN + Puzzle Soln (Difficulty k+i ) SYN + ACK ACK k=0? k < k min k > k min

17 Protocol Features Unilateral contract The puzzle solution is sent on the first SYN packet without help from the server Cost discovery The client dynamically discovers the difficulty or “cost”: the server sends modified RSTs if the packet is not costly enough. This is stateless. The server adjusts the difficulty and the freshness demands based on security requirements. 17

18 THEORETICAL EVALUATION 18

19 Theoretical Evaluation Goals Puzzles can still be replayed during a small window of time The server can thwart replay by requiring fresher nonces (reducing the window) Trade-off: remote clients can be cut off Optimization problem 19

20 Server Availability Under DoS 20 1.25 attackers/capacity 0.75 attackers/capacity 1.0 attackers/capacity 0.5 attackers/capacity 0.25 attackers/capacity 0.1 attackers/capacity Legitimate clients served (fraction) Puzzle difficulty 10:1s

21 EXPERIMENTAL EVALUATION 21

22 SYN Puzzles Implementation Rhythmic Nonce Service Periodically broadcasts 96-bit RSA nonces Client implementation Based on raw sockets: no kernel patches needed Server design Extended kernel network stack with configuration parameters in /dev 22

23 Performance of Accepting Connections 23 Experiment (Initial SYN) DescriptionServer Cost WgetWget establishes a legitimate connection 14.54 ns AVG, 12.38% STDEV Synk4 SYN floodSynk4 floods the SYN table, connection is dropped. 1.18 ns AVG, 56.78% STDEV SYN CookiesSYN cookie issued when table is full 14.81 ns AVG, 9.25% STDEV SYN PuzzlesAuction-based puzzles. All puzzles are validated and accepted. 30.01 ns AVG, 34.76% STDEV

24 Kernel Verification of Puzzles 24 Result: Can check 100 Mbps link with 2.5 % CPU load

25 CONCLUSION 25

26 26 Conclusion Rhythmic nonces can help address the shortcomings of current DoS countermeasures Introduction of rhythmic nonces to the Internet will spur changes to existing protocols, making them more resilient. Built-in Internet DoS countermeasures can help address systemic shortcomings. No Centralized source of failure for puzzle issuance

Download ppt "Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of."

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Switching Concepts Introduction to Ethernet/802.3 LANs Introduction.

CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Switching Concepts Introduction to Ethernet/802.3 LANs Introduction.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.

1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
15-441: Computer Networking Lecture 26: Networking Future.

15-441: Computer Networking Lecture 26: Networking Future.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Similar presentations

Ads by Google