USENIX Conference Policies
Using Client Puzzles to Protect TLS
Client puzzles are commonly proposed as a solution to denial-of-service attacks. However, very few implementations of the idea actually exist, and there are a number of subtle details in the implementation. In this paper, we describe our implementation of a simple and backwards compatible client puzzle extension to TLS. We also present measurements of CPU load and latency when our modified library is used to protect a secure webserver. These measurements show that client puzzles are a viable method for protecting SSL servers from SSL based denial-of-service attacks.
BibTeX
@inproceedings {270926,
author = {Drew Dean and Adam Stubblefield},
title = {Using Client Puzzles to Protect {TLS}},
booktitle = {10th USENIX Security Symposium (USENIX Security 01)},
year = {2001},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/10th-usenix-security-symposium/using-client-puzzles-protect-tls},
publisher = {USENIX Association},
month = aug
}
author = {Drew Dean and Adam Stubblefield},
title = {Using Client Puzzles to Protect {TLS}},
booktitle = {10th USENIX Security Symposium (USENIX Security 01)},
year = {2001},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/10th-usenix-security-symposium/using-client-puzzles-protect-tls},
publisher = {USENIX Association},
month = aug
}