Paper 2006/212

Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes

Kemal BICAKCI, Bruno Crispo, and Andrew S. Tanenbaum

Abstract

Common occurrence of server overload and the threat of denial-of-service (DoS) attacks makes highly desirable to improve the performance and DoS resistance of SSL handshakes. In this paper, we tackle these two related problems by proposing reverse SSL, an extension in which the server is relieved from the heavy public key decryption operation and authenticated by means of a digital signature instead. On the server side, reverse SSL employs online/offline signatures to minimize the online computation required to generate the signature and on the client side, RSA key generation computation can be used as a client puzzle when clients do not have a public key certificate. The preliminary performance results show that reverse SSL is a promising technique for improving the performance and DoS resistance of SSL servers.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
bicakci @ metu edu tr
History
2006-06-26: received
Short URL
https://ia.cr/2006/212
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/212,
      author = {Kemal BICAKCI and Bruno Crispo and Andrew S.  Tanenbaum},
      title = {Reverse {SSL}: Improved Server Performance and {DoS} Resistance for {SSL} Handshakes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/212},
      year = {2006},
      url = {https://eprint.iacr.org/2006/212}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.