Article

Using client puzzles to protect TLS

Authors:

Drew Dean,

Adam StubblefieldAuthors Info & Claims

SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Article No.: 1

Published: 13 August 2001 Publication History

Abstract

Client puzzles are commonly proposed as a solution to denial-of-service attacks. However, very few implementations of the idea actually exist, and there are a number of subtle details in the implementation. In this paper, we describe our implementation of a simple and backwards compatible client puzzle extension to TLS. We also present measurements of CPU load and latency when our modified library is used to protect a secure webserver. These measurements show that client puzzles are a viable method for protecting SSL servers from SSL based denial-of-service attacks.

References

[1]

{1} The Apache HTTP server project. http://www. apache.org/httpd.html.]]

Google Scholar

[2]

{2} Tuomas Aura, Pekka Nikander, and Jussipekka Leiwo. Dos-resistant authentication with client puzzles. In Proceedings of the Cambridge Security Protocols Workshop 2000, LNCS, Cambridge, UK, April 2000. Springer-Verlag.]]

Digital Library

Google Scholar

[3]

{3} Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In Ernest F. Brickell, editor, Proc. CRYPTO 92, pages 139-147. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740.]]

Digital Library

Google Scholar

[4]

{4} Ralf S. Engelschall. mod_ssl: The Apache interface to OpenSSL. http://www.modssl.org/.]]

Google Scholar

[5]

{5} Ralf S. Engelschall. Openssl: The open source toolkit for SSL/TLS. http://www.openssl. org/.]]

Google Scholar

[6]

{6} Matthew K. Franklin and Dahlia Malkhi. Auditable metering with lightweight security. Journal of Computer Security, 6(4):237-255, 1998.]]

Digital Library

Google Scholar

[7]

{7} Ari Juels and John Brainard. Client puzzles: A cryptographic defense against connection depletion attacks. In S. Kent, editor, Proceedings of NDSS'99, pages 151-165, 1999.]]

Google Scholar

[8]

{8} R. C. Merkle. Secure communications over insecure channels. Communications of the ACM, 21:294-299, April 1978.]]

Digital Library

Google Scholar

[9]

{9} Ronald L. Rivest, Adi Shamir, and David A. Wagner. Time-lock puzzles and timed-release cryptography. (Preliminary version posted on the web by Rivest.).]]

Google Scholar

Cited By

View all

Chen CAsoni DBarrera DDanezis GPerrig ARay ILi NKruegel C(2015)HORNETProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813628(1441-1454)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2810103.2813628
Palmieri FRicciardi SFiore UFicco MCastiglione A(2015)Energy-oriented denial of service attacksThe Journal of Supercomputing10.1007/s11227-014-1242-671:5(1620-1641)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.1007/s11227-014-1242-6
Somani GJohri ATaneja MPyne UGaur MSanghi D(2015)DARACProceedings of the 11th International Conference on Information Systems Security - Volume 947810.1007/978-3-319-26961-0_16(263-282)Online publication date: 16-Dec-2015
https://dl.acm.org/doi/10.1007/978-3-319-26961-0_16
Show More Cited By

Index Terms

Using client puzzles to protect TLS

Recommendations

Using client puzzles to protect TLS
SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Client puzzles are commonly proposed as a solution to denial-of-service attacks. However, very few implementations of the idea actually exist, and there are a number of subtle details in the implementation. In this paper, we describe our implementation ...
Wireless client puzzles in IEEE 802.11 networks: security by wireless
WiSec '08: Proceedings of the first ACM conference on Wireless network security

Resource-depletion attacks against IEEE 802.11 access points (APs) are commonly executed by flooding APs with fake authentication requests. Such attacks may exhaust an AP's memory resources and result in denied association service, thus enabling more ...
Defending Web Services against Denial of Service Attacks Using Client Puzzles
ICWS '11: Proceedings of the 2011 IEEE International Conference on Web Services

The interoperable and loosely-coupled web services architecture, while beneficial, can be resource-intensive, and is thus susceptible to denial of service (DoS) attacks in which an attacker can use a relatively insignificant amount of resources to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

August 2001

350 pages

Publisher

USENIX Association

United States

Publication History

Published: 13 August 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

60
Total Citations
View Citations
14
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chen CAsoni DBarrera DDanezis GPerrig ARay ILi NKruegel C(2015)HORNETProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813628(1441-1454)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2810103.2813628
Palmieri FRicciardi SFiore UFicco MCastiglione A(2015)Energy-oriented denial of service attacksThe Journal of Supercomputing10.1007/s11227-014-1242-671:5(1620-1641)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.1007/s11227-014-1242-6
Somani GJohri ATaneja MPyne UGaur MSanghi D(2015)DARACProceedings of the 11th International Conference on Information Systems Security - Volume 947810.1007/978-3-319-26961-0_16(263-282)Online publication date: 16-Dec-2015
https://dl.acm.org/doi/10.1007/978-3-319-26961-0_16
Bicakci KCrispo BOligeri G(2013)LAKEACM Transactions on Internet Technology10.1145/2542214.254221613:2(1-27)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1145/2542214.2542216
Groza BWarinschi B(2012)Revisiting difficulty notions for client puzzles and dos resilienceProceedings of the 15th international conference on Information Security10.1007/978-3-642-33383-5_3(39-54)Online publication date: 19-Sep-2012
https://dl.acm.org/doi/10.1007/978-3-642-33383-5_3
Green JJuen JFatemieh OShankesi RJin DGunter CKruegel C(2011)Reconstructing hash reversal based proof of work schemesProceedings of the 4th USENIX conference on Large-scale exploits and emergent threats10.5555/1972441.1972455(10-10)Online publication date: 29-Mar-2011
https://dl.acm.org/doi/10.5555/1972441.1972455
Rangasamy JStebila DBoyd CNieto JCheung BHui LSandhu RWong D(2011)An integrated approach to cryptographic mitigation of denial-of-service attacksProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966929(114-123)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966929
Puttaswamy KBhagwan RPadmanabhan VBanavar G(2010)AnonygatorProceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware10.5555/2023718.2023725(85-106)Online publication date: 29-Nov-2010
https://dl.acm.org/doi/10.5555/2023718.2023725
Karame GČapkun S(2010)Low-cost client puzzles based on modular exponentiationProceedings of the 15th European conference on Research in computer security10.5555/1888881.1888933(679-697)Online publication date: 20-Sep-2010
https://dl.acm.org/doi/10.5555/1888881.1888933
Sarikaya KSarikaya DJarada TGao SÖzyer TAlhajj RPardede ETaniar DPardede E(2010)A novel client-based approach for signing and checking web forms by using XML against DoS attacksProceedings of the 12th International Conference on Information Integration and Web-based Applications & Services10.1145/1967486.1967520(202-209)Online publication date: 8-Nov-2010
https://dl.acm.org/doi/10.1145/1967486.1967520
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations