Data Protection and Security

VIII

Standards and Protocols

VIII.IV

Secure Socket Layer (SSL)

Client Authentication: Client authentication is the process of proving the identity of the client to a server. Although SSL protocol can authenticate clients with X.509 certificates, most web applications currently in use do not implement this option. Instead they rely on the simple password based client authentication for its convenience and low cost. Some of our discussion in chapter 7 is very relevant here.

Denial of Service Attacks in SSL: DoS attacks aim at exhausting the server resources by sending a flood of bogus requests so that the server can not respond timely to the legitimate requests. DoS attacks are simple yet effective attacks against all servers and SSL servers are not an exception.

Juel and Brainard came up with the client puzzle technique for some amount of protection against DoS attacks. The idea is that the server asks the clients to do some computation in order to connect. This would slow down an attacker making alot of connection attempts. For instance, the server can require each client to solve the puzzle like “what 27-bit number has a message digest of x?”

VIII.IV.II Q