Document Overview (7) Countermeasures, cont. Detection and Response Some things cannot be entirely prevented (but can be detected) Attacks on authentication mechanisms Credential guessing Attempt to use expired certificate Attempt to use invalid certificate MiM on initial handshake packets to collect data for PSK attack DoS attacks A MiM can always prevent packets from going through Session initialization DTLS handshake interference Session exhaustion (on AC) Session runtime Injection of bogus packets (requiring crypto operations) Deletion of packets Implementation Recommendations |