Secure TLS: Preventing DoS Attacks with Lower Layer Authentication

  • Lars Völker
  • Marcus Schöller
Part of the Informatik aktuell book series (INFORMAT)


SSL/TLS has been designed to protect authenticity, integrity, and confidentiality. However, considering the possibility of TCP data injection, as described in [Wa04], it becomes obvious that this protocol is vulnerable to DoS attacks just because it is layered upon TCP. In this paper, we analyze DoS-attacks on SSL/TLS and describe a simple, yet effective way to provide protection for SSL/TLS by protecting the underlying TCP connection. We focus on a simple, feasible, and efficient solution, trying to balance security and usability issues by using the built-in key exchange of SSL/TLS to initialize TCP’s MD5 option.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AAL+05]_Arends, R., Austein, R., Larson, M., Massey, D., und Rose, S. DNS Security Introduction and Requirements. RFC 4033. March 2005.Google Scholar
  2. [CMS02]
    Cox, A., Miller, D. S., und Schwartz, D. RFC2385 (MD5 signature in TCP packets) support. Linux Kernel Mailinglist. Mar 2002.Google Scholar
  3. [DR06]
    Dierks, T. und Rescorla, E. The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346. April 2006. Updated by RFCs 4366, 4680, 4681.Google Scholar
  4. [EJ01]
    Eastlake 3rd, D. und Jones, P. US Secure Hash Algorithm 1 (SHA1). RFC 3174. September 2001.Google Scholar
  5. [FFK98]
    Freier, A. O., Freier, A. O., und Kocher, P. C. The SSL Protocol Version 3.0. Draft. Nov 1998. Scholar
  6. [FGM+99]_Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., und Berners-Lee, T. Hypertext Transfer Protocol — HTTP/1.1. RFC 2616. June 1999. Updated by RFC 2817.Google Scholar
  7. [FH03]
    Frankel, S. und Herbert, H. The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec. RFC 3566. September 2003.Google Scholar
  8. [He98]
    Heffernan, A. Protection of BGP Sessions via the TCP MD5 Signature Option. RFC 2385. August 1998.Google Scholar
  9. [JBB92]
    Jacobson, V., Braden, R., und Borman, D. TCP Extensions for High Performance. RFC 1323. May 1992.Google Scholar
  10. [Ka05]
    Kaufman, C. Internet Key Exchange (IKEv2) Protocol. RFC 4306. December 2005.Google Scholar
  11. [KBC97]
    Krawczyk, H., Bellare, M., und Canetti, R. HMAC: Keyed-Hashing for Message Authentication. RFC 2104. February 1997.Google Scholar
  12. [Ke05]
    Kent, S. IP Authentication Header. RFC 4302. December 2005.Google Scholar
  13. [KS05]
    Kent, S. und Seo, K. Security Architecture for the Internet Protocol. RFC 4301. December 2005.Google Scholar
  14. [MG98a]
    Madson, C. und Glenn, R. The Use of HMAC-MD5-96 within ESP and AH. RFC 2403 (Proposed Standard). November 1998.Google Scholar
  15. [MG98b]
    Madson, C. und Glenn, R. The Use of HMAC-SHA-1-96 within ESP and AH. RFC 2404. November 1998.Google Scholar
  16. [MMFR96]
    Mathis, M., Mahdavi, J., Floyd, S., und Romanow, A. TCP Selective Acknowledgement Options. RFC 2018. October 1996.Google Scholar
  17. [MMP98]
    McDonald, D., Metz, C, und Phan, B. PF_KEY Key Management API, Version 2. RFC 2367. July 1998.Google Scholar
  18. [MS95]
    Metzger, P. und Simpson, W. IP Authentication using Keyed MD5. RFC 1828. August 1995.Google Scholar
  19. [NG]
    Netfilter-Group. The netfuter/iptables project homepage. Website. Scholar
  20. [Po81]
    Postel, J. Transmission Control Protocol. RFC 793. September 1981. Updated by RFC 3168.Google Scholar
  21. [Ri92]
    Rivest, R. The MD5 Message-Digest Algorithm. RFC 1321 (Informational). April 1992.Google Scholar
  22. [RM06]
    Rescorla, E. und Modadugu, N. Datagram Transport Layer Security. RFC 4347. April 2006.Google Scholar
  23. [RR05]
    Richardson, M. und Redelmeier, D. Opportunistic Encryption using the Internet Key Exchange (IKE). RFC 4322. December 2005.Google Scholar
  24. [SS06]
    Stewart, R. und Stewart, R. Improving TCP’s Robustness to Blind In-Window Attacks. Draft v5. Jun 2006.Google Scholar
  25. [Wa04]
    Watson, P. A.: Slipping in the Windows: TCP reset attacks. In: Cansecwest. 2004.Google Scholar
  26. [WY05]
    Wang, X. und Yu, H.: How to break md5 and other hash functions. In: Advances in Cryptology-Eurocrypt. 2005.Google Scholar
  27. [Za0l]
    Zalewski, M. Strange Attractors and TCP/IP Sequence Number Analysis. Whitepaper. Apr 2001. Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Lars Völker
    • 1
  • Marcus Schöller
    • 2
  1. 1.Institute of TelematicsUniversität Karlsruhe (TH)Karlsruhe
  2. 2.Computing DepartmentLancaster UniversityLancaster

Personalised recommendations