| Internet has a convenient, open and globalized character, giving us convenience, but also brought a variety of security risks. SSL protocol is used to solve an important problem when Internet Protocol security communication transmit confidential information. SSL belongs to the socket layer protocol, has a very wide application, supports almost all Web-based communication application layer protocol. SSL provides authentication, data integrity, data confidentiality and other security services for network applications. It combines perfectly with the TCP protocol.SSL Server often overload and lack of ability to resist Do S attacks, both users and site owners want to improve the performance of SSL urgently. In this paper, by reversing process of SSL handshake, changing its original authentication method, while the introduction of Online / Offline digital signature, the SSL Server to get rid of a heavy public computing, increase the reaction rate. Preliminary test results show, SSL improved SSL performance than the original, at least 9.5 times. For the problem of SSL cannot resist Do S attacks, on the basis of Online / Offline digital signature has solved computing problems on success, we introduced Client Puzzle. With Client Puzzle, SSL has the ability to resist Do S attacks.This paper described improvements and achievements of the research on SSL. It can be divided into five sections. The first section is “Introduction”, in this section, first introduced SSL development history, then, the significance of the current research and research where, and introduced the paper’s innovative points at last; the second section introduces the related basic technology of SSL: the technology of Encryption, the Digital Signatures, the Hash Function; the third section is the core of this paper describes the working principle of Reverse SSL with Client Puzzle and its implementation; The fourth part is programmed to implement Reverse SSL with Client Puzzle with Open SSL, and collected related data to verify performance after the implementation; the fifth part is the conclusion and outlook.The paper’s innovative points are mainly reflected in the following two aspects:1. Proposed solutions for the overload of SSL Server. By adjusting the SSL protocol workflow, introducing Online/Offline digital signature, the most amount of calculate in the SSL Server will the transferred to the offline phase.It is a successful resolution to solve the problem of slow connections of SSL.2. For SSL lack the ability to resist Do S attacks, based on the solutions for the overload of SSL Server while the introduction of Client Puzzle to SSL. Thanks to Online/Offline digital signature, the introduction of Client Puzzle does not affect the work efficiency of, and enable it has the ability to resist Do S attacks. |
PDF Full Text Request