A cost-based framework for analysis of denial of service in networks
Journal of Computer Security
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
DOS-Resistant Authentication with Client Puzzles
Revised Papers from the 8th International Workshop on Security Protocols
A Formal Framework and Evaluation Method for Network Denial of Service
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Performance analysis of TLS Web servers
ACM Transactions on Computer Systems (TOCS)
Improving secure server performance by re-balancing SSL/TLS handshakes
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Modelling denial of service attacks on JFK with Meadows's cost-based framework
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Denial-of-service resistance in key establishment
International Journal of Wireless and Mobile Computing
Towards Denial-of-Service-Resilient Key Agreement Protocols
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Security Notions and Generic Constructions for Client Puzzles
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Toward non-parallelizable client puzzles
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
Proving tight security for Rabin-Williams signatures
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
High-speed high-security signatures
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Towards a provably secure dos-resilient key exchange protocol with perfect forward secrecy
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Effort-release public-key encryption from cryptographic puzzles
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Revisiting difficulty notions for client puzzles and dos resilience
ISC'12 Proceedings of the 15th international conference on Information Security
Hi-index | 0.01 |
Gradual authentication is a principle proposed by Meadows as a way to tackle denial-of-service attacks on network protocols by gradually increasing the confidence in clients before the server commits resources. In this paper, we propose an efficient method that allows a defending server to authenticate its clients gradually with the help of some fast-to-verify measures. Our method integrates hash-based client puzzles along with a special class of digital signatures supporting fast verification. Our hash-based client puzzle provides finer granularity of difficulty and is proven secure in the puzzle difficulty model of Chen et al. (2009). We integrate this with the fast-verification digital signature scheme proposed by Bernstein (2000, 2008). These schemes can be up to 20 times faster for client authentication compared to RSA-based schemes. Our experimental results show that, in the Secure Sockets Layer (SSL) protocol, fast verification digital signatures can provide a 7% increase in connections per second compared to RSA signatures, and our integration of client puzzles with client authentication imposes no performance penalty on the server since puzzle verification is a part of signature verification.