Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes
نویسندگان
چکیده
Common occurrence of server overload and the threat of denial-of-service (DoS) attacks makes highly desirable to improve the performance and DoS resistance of SSL handshakes. In this paper, we tackle these two related problems by proposing reverse SSL, an extension in which the server is relieved from the heavy public key decryption operation and authenticated by means of a digital signature instead. On the server side, reverse SSL employs online/offline signatures to minimize the online computation required to generate the signature and on the client side, RSA key generation computation can be used as a client puzzle when clients do not have a public key certificate. The preliminary performance results show that reverse SSL is a promising technique for improving the performance and DoS resistance of SSL servers.
منابع مشابه
Improving SSL Handshake Performance via Batching
We present an algorithmic approach for speeding up SSL’s performance on a web server. Our approach improves the performance of SSL’s handshake protocol by up to a factor of 2.5 for 1024-bit RSA keys. It is designed for heavily-loaded web servers handling many concurrent SSL sessions. We improve the server’s performance by batching the SSL handshake protocol. That is, we show that b SSL handshak...
متن کاملSSLSARD: A Request Distribution Technique for Distributed SSL Reverse Proxies
—Although Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are the for transport layer security, their cryptographic operations tend to be highly CPU intensive. Web systems that support SSL/TLS often deploy several locally or globally distributed SSL reverse proxies in front of Web servers to offload SSL/TLS operations from Web servers and improve the execution perfo...
متن کاملBatching SSL/TLS Handshake Improved
Secure socket layer (SSL) is the most popular protocol to secure Internet communications. Since SSL handshake requires a large amount of computational resource, batch RSA was proposed to speedup SSL session initialization. However, the batch method is impractical since it requires a multiple of certificates. In this paper, we overcome this problem without modifying SSL protocol. To select the o...
متن کاملSession-Based Adaptive Overload Control for Dynamic Web Applications in Secure Environments
As dynamic web content and security capabilities are becoming popular in current web sites, the performance demand on application servers that host the sites is increasing, leading sometimes these servers to overload. As a result, response times may grow to unacceptable levels and the server may saturate or even crash. In this paper we present a session-based adaptive overload control mechanism...
متن کاملتأثیر روغن قنادی و نامیزهکننده (SSL) بر بیاتی نان بربری
Effect of semihydrogenated vegetable oil (shortening) and sodium stearoyl lactylate (SSL) on retarding Barbari bread staling was investigated in this study. Three levels of 2, 3 and 4 percent shortening and SSL in two levels of 0.5 and 1 percent of flour were used in this research. Treatments included control sample (without shortening and SSL), bread with only shortening, bread with only SSL, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006