Security '01 Abstract
Using Client Puzzles to Protect TLS
Drew Dean, Xerox PARC and Adam Stubblefield, Rice University
Abstract
Client puzzles are commonly proposed as a solution to
denial-of-service attacks. However, very few implementations
of the idea actually exist, and there are a number
of subtle details in the implementation. In this paper,
we describe our implementation of a simple and
backwards compatible client puzzle extension to TLS.
We also present measurements of CPU load and latency
when our modified library is used to protect a secure
webserver. These measurements show that client puzzles
are a viable method for protecting SSL servers from
SSL based denial-of-service attacks.
- View the full text of this paper in PDF and
PostScript.
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|