Cryptology ePrint Archive: Report 2006/212

Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes

Kemal BICAKCI and Bruno Crispo and Andrew S. Tanenbaum

Abstract: Common occurrence of server overload and the threat of denial-of-service (DoS) attacks makes highly desirable to improve the performance and DoS resistance of SSL handshakes. In this paper, we tackle these two related problems by proposing reverse SSL, an extension in which the server is relieved from the heavy public key decryption operation and authenticated by means of a digital signature instead. On the server side, reverse SSL employs online/offline signatures to minimize the online computation required to generate the signature and on the client side, RSA key generation computation can be used as a client puzzle when clients do not have a public key certificate. The preliminary performance results show that reverse SSL is a promising technique for improving the performance and DoS resistance of SSL servers.

Category / Keywords: cryptographic protocols /

Date: received 26 Jun 2006

Contact author: bicakci at metu edu tr

Available format(s): PDF | BibTeX Citation

Version: 20060626:175708 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]