SecureTLS: Preventing DoS Attacks with Lower Layer Authentication
Autor: L. Völker, M. Schöller Links:
Quelle: Kommunikation in Verteilten Systemen (KiVS) 2007, 235-248, Bern, Switzerland, Februar 2007
SSL/TLS has been designed to protect authenticity, integrity, and confidentiality. However, considering the possibility of TCP data injection, as described in [Wa04], it becomes obvious that this protocol is vulnerable to DoS attacks just because it is layered upon TCP. In this paper, we analyze DoS-attacks on SSL/TLS and describe a simple, yet effective way to provide protection for SSL/TLS by protecting the underlying TCP connection. We focus on a simple, feasible, and efficient solution, trying to balance security and usability issues by using the built-in key exchange of SSL/TLS to initialize TCP's MD5 option.