The Transport Layer Security protocol has come under fire recently, but a new research paper proposes that client...
puzzles can improve TLS security. What are TLS client puzzles and how can they help maintain TLS security?
Denial-of-service attacks work by flooding a target with traffic or requests, or by sending it information that triggers a crash. Whichever method is used, the attack deprives legitimate users of the service or resource. Flood attacks occur when the system receives too much traffic for the server's resources to handle. Resources such as bandwidth, memory, disk space or CPU become exhausted, causing the system to slow down and eventually stop. Any business or organization with an online presence is a potential target, with ecommerce and online gaming sites being the most common targets, as high revenue-generating services are far more likely to pay a ransom to stop a distributed denial-of-service (DDoS) attack.
One DDoS attack technique is to exploit the design of the TLS protocol to create an asymmetric DDoS attack. The SSL/TLS protocol handshake allows a client to require the server to perform expensive, resource-intensive cryptographic operations without ﬁrst having done any work. This means a relatively low number of handshake requests can overwhelm even a well-provisioned e-commerce site.
One defense mechanism against flood-based DDoS attacks is to control the rate of traffic sent or received by the server-rate limiting. However, rate limiting is difficult when a large number of bots are directing small amounts of traffic to each member of a large distributed pool of servers. It also tends to penalize nonmalicious clients who give up trying to establish a connection.
A draft proposal from engineers at Akamai, titled Internet-Draft TLS Client Puzzles Extension, proposes adding a new message to the handshake procedure that would limit the impact of a DDoS attack trying to abuse the TLS protocol. The message would come after the Server Hello message and before the Server Done message, and would contain a cryptographic puzzle to force the client to perform its own cryptographic calculation prior to the server having to perform one. The client puzzles are designed so that it is much cheaper for the server to generate and validate them than it is for clients to solve them. Also, as computational power increases, the difficulty of the challenges can be increased to maintain the workload. It is a similar concept to Bitcoins proof of work -- a piece of data which is difficult -- resource-costly and time-consuming -- to produce but easy for others to verify.
If a secure server starts to experience abnormally high incoming connection requests, it can start sending puzzle challenges to clients requesting a connection. The server can then wait for the answer to the puzzle to validate the connection before continuing with the handshake protocol. These challenges would only reduce the time it takes for a new connection to be established and subsequent page requests would be handled in the normal way. If the attacker increases the number of DoS connection requests, the server can increase the difficulty of the challenges it sends, slowing down the response time even further.
As answering these client puzzles only takes a few seconds, there's only a negligible impact on connection times for legitimate clients, but it's enough of a delay to reduce the rate at which a malicious client can generate requests. Mobile device users may suffer slightly due to the extra battery and CPU usage needed to answer the client puzzle, but a puzzle's complexity could ultimately be matched to a device's hardware capabilities. As the server load from incoming connections returns to normal, the server can reduce the difficulty of the puzzles, eventually omitting them once the attack is over. The idea has potential and gives servers another method of tackling DoS attacks other than rate limiting. The same idea could be deployed on email servers requiring encrypted connections to reduce the number of spam emails that can be sent over a period of time.
TLS Client Puzzles Extension is only an IETF working document at this point, but building security into such a key protocol will mean any reliant protocols will in the future be better protected and secure by design.
Find out if the RC4 encryption algorithm can protect SSL/TLS
Learn more about how DDoS threats are changing and how to mitigate them
Dig Deeper on DDoS attack detection and prevention
Related Q&A from Michael Cobb
Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and ...continue reading
Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what ...continue reading
A recently discovered Android app permissions flaw can expose users to attacks. Michael Cobb explains what the risks are and how Android O security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.