Stateless connections

Aura, Tuomas; Nikander, Pekka

doi:10.1007/bfb0028465

Cited by 57 publications

(36 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is important to prevent a malicious user or third party from tampering with server state in order to extract an unfair share of the service, to waste bandwidth, to launch a DDoS attack, or to force the server to execute an invalid state [Aura and Nikander 1997]. Such attacks might employ two mechanisms: modifying the server state-because it is no longer secured on the server, and performing replay attacks-because statelessness inherently admits replay of old packets.…”

Section: Securitymentioning

confidence: 99%

See 1 more Smart Citation

A stateless approach to connection-oriented protocols

Shieh

Myers

Sirer

2008

ACM Trans. Comput. Syst.

View full text Add to dashboard Cite

Traditional operating system interfaces and network protocol implementations force some system state to be kept on both sides of a connection. This state ties the connection to its endpoints, impedes transparent failover, permits denial-of-service attacks, and limits scalability. This article introduces a novel TCP-like transport protocol and a new interface to replace sockets that together enable all state to be kept on one endpoint, allowing the other endpoint, typically the server, to operate without any per-connection state. Called Trickles, this approach enables servers to scale well with increasing numbers of clients, consume fewer resources, and better resist denial-of-service attacks. Measurements on a full implementation in Linux indicate that Trickles achieves performance comparable to TCP/IP, interacts well with other flows, and scales well. Trickles also enables qualitatively different kinds of networked services. Services can be geographically replicated and contacted through an anycast primitive for improved availability and performance. Widely-deployed practices that currently have client-observable side effects, such as periodic server reboots, connection redirection, and failover, can be made transparent, and perform well, under Trickles. The protocol is secure against tampering and replay attacks, and the client interface is backward-compatible, requiring no changes to sockets-based client applications.

show abstract

Section: Securitymentioning

confidence: 99%

“…Aura and Nikander [1997] describe a general framework for converting stateful protocols to stateless protocols, and apply it to authentication protocols. Since this framework assumes that the underlying communication channel is reliable, it is not directly applicable to a high-performance transport protocol.…”

Section: Related Workmentioning

confidence: 99%

A stateless approach to connection-oriented protocols

Shieh

Myers

Sirer

2008

ACM Trans. Comput. Syst.

View full text Add to dashboard Cite

show abstract

“…Problems with the usage of public-key-based cryptosystems in protocols are described in [AN97] and in [ALN00].…”

Section: Tschofenig and Kroeselberg Informational [Page 13]mentioning

confidence: 99%

Security Threats for Next Steps in Signaling (NSIS)

Kroeselberg¹,

Tschofenig²

2005

View full text Add to dashboard Cite

“…Cookie-based solutions [36] were used against TCP connection-depletion (also known as TCP SYN) attacks [45,23], and in security protocols such as Photuris [32], IKE [22], JFK [2], and others [39,24]. More generally, The advantages of being stateless, at least in the beginning of a protocol run, were recognized in the context of security protocols in [27] and [4].…”

Section: Related Work On Puzzlesmentioning

confidence: 99%

The dual receiver cryptosystem and its applications

Diament

Lee

Keromytis

et al. 2004

Proceedings of the 11th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

We put forth the notion of a dual receiver cryptosystem and implement it based on bilinear pairings over certain elliptic curve groups. The cryptosystem is simple and efficient yet powerful, as it solves two problems of practical importance whose solutions have proven to be elusive before:(1) A provably secure "combined" public-key cryptosystem (with a single secret key per user in space-limited environment) where the key is used for both decryption and signing and where encryption can be escrowed and recovered, while the signature capability never leaves its owner. This is an open problem proposed by the work of Haber and Pinkas.(2) A puzzle is a method for rate-limiting remote users by forcing them to solve a computational task (the puzzle). Puzzles have been based on cryptographic challenges in the past, but the successful design of embedding a useful cryptographic task inside a puzzle, originally posed by Dwork and Naor, remained an open problem till today. We model and present "useful security puzzles" applicable in two scenarios: a secure fileserver, and an online transaction server (such as a webserver).

show abstract

Stateless connections

Cited by 57 publications

References 5 publications

A stateless approach to connection-oriented protocols

A stateless approach to connection-oriented protocols

Security Threats for Next Steps in Signaling (NSIS)

The dual receiver cryptosystem and its applications

Contact Info

Product

Resources

About