Using rhythmic nonces for puzzle-based DoS resistance

Abstract

To protect against replay attacks, many Internet proto-cols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial hand-shake, but if the server is under attack, resources con-sumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we pro-pose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle-based DoS re-sistance scheme we call “SYN puzzles”. Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques. 1