论文信息 - Using Client Puzzles to Protect TLS

Using Client Puzzles to Protect TLS

Client puzzles are commonly proposed as a solution to denial-of-service attacks. However, very few implementations of the idea actually exist, and there are a number of subtle details in the implementation. In this paper, we describe our implementation of a simple and backwards compatible client puzzle extension to TLS. We also present measurements of CPU load and latency when our modified library is used to protect a secure webserver. These measurements show that client puzzles are a viable method for protecting SSL servers from SSL based denial-of-service attacks.

Adam Stubblefield | Drew Dean | Drew Dean | A. Stubblefield

[1] Ralph C. Merkle,et al. Secure communications over insecure channels , 1978, CACM.

[2] Moni Naor,et al. Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[3] Ronald L. Rivest,et al. Time-lock Puzzles and Timed-release Crypto , 1996 .

[4] Roy T. Fielding,et al. The Apache HTTP Server Project , 1997, IEEE Internet Comput..

[5] Dahlia Malkhi,et al. Auditable metering with lighweight security , 1998 .

[6] Matthew K. Franklin,et al. Auditable Metering with Lightweight Security , 1997, J. Comput. Secur..

[7] Ari Juels,et al. Client puzzles: A cryptographic defense against connection depletion , 1999 .

[8] Pekka Nikander,et al. DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[9] OpenSSL. OpenSSL : The open source toolkit for SSL/TSL , 2002 .