Author: | L. Völker, M. Schöller | links: | Bibtex |
---|---|---|---|
Source: | Kommunikation in Verteilten Systemen (KiVS) 2007, 235-248, Bern, Switzerland, February 2007 | ||
SSL/TLS has been designed to protect authenticity, integrity,
and confidentiality. However, considering the possibility of TCP data
injection, as described in [Wa04], it becomes obvious that this protocol
is vulnerable to DoS attacks just because it is layered upon TCP. In
this paper, we analyze DoS-attacks on SSL/TLS and describe a simple,
yet effective way to provide protection for SSL/TLS by protecting the
underlying TCP connection. We focus on a simple, feasible, and efficient
solution, trying to balance security and usability issues by using the
built-in key exchange of SSL/TLS to initialize TCP's MD5 option.