TLS/DTLS: RC4 Stream Cipher and DTLS DoS
I have a few questions about Datagram Transport Layer Security (DTLS) and TLS.
-
In TLS’s traffic encryption layer (called the TLS Record Layer),
records are not independent. Cryptographic context (stream cipher key
stream) is retained between records. DTLS solves the first problem by
banning stream ciphers. [RFC6347 (3.1)]I don’t understand why there is a problem with interrecord depedency and therefore DTLS can not use stream ciphers. If I understood RC4 correctly, only a correct exchange of the key is needed. So if the key was exchanged, for example with Diffie-Hellman, why is there a depedency of the records transmitted before?
EDIT: I think I understand it now. The records are encrypted with a key and if a record gets lost (after the handshake was done), it is not possible to determine which bit of the key has to be used to decrypt the record you received. Please correct me, if that was wrong. - There are two DoS attacks described. I want to know if the attacks are possible and the counter measures against them would really work. So would it be possible if the attacker can read the communication of his victim, that he can flood his victim with certificates from the server, if the attacker answers the cookie exchange with the IP of his victim? If an attack like that is possible, does the third party help against that? Wouldn’t it be the same with the Third Party? I have problems comprehending why that would make a difference.[DoS Attacks Analysis and Improvement in DTLS Protocol for Internet of Things, An enhanced DTLS protocol for Internet of Things applications] (Looking in one of them is enough)
- If the DoS attacks are really working despite the use of cookies, are there other methods against them?
I would appreciate if you could help me with my questions.