International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes

Authors:
Kemal BICAKCI
Bruno Crispo
Andrew S. Tanenbaum
Download:
URL: http://eprint.iacr.org/2006/212
Search ePrint
Search Google
Abstract: Common occurrence of server overload and the threat of denial-of-service (DoS) attacks makes highly desirable to improve the performance and DoS resistance of SSL handshakes. In this paper, we tackle these two related problems by proposing reverse SSL, an extension in which the server is relieved from the heavy public key decryption operation and authenticated by means of a digital signature instead. On the server side, reverse SSL employs online/offline signatures to minimize the online computation required to generate the signature and on the client side, RSA key generation computation can be used as a client puzzle when clients do not have a public key certificate. The preliminary performance results show that reverse SSL is a promising technique for improving the performance and DoS resistance of SSL servers.
BibTeX
@misc{eprint-2006-21705,
  title={Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols /},
  url={http://eprint.iacr.org/2006/212},
  note={ bicakci@metu.edu.tr 13325 received 26 Jun 2006},
  author={Kemal BICAKCI and Bruno Crispo and Andrew S. Tanenbaum},
  year=2006
}