Swaminathan P wrote:
hi,
thanks for your quick reply.
So if I can include the sequence number as a part of the protocol(may be
another field added by the SSL) data, I still solve the problem of replay
attacks and I can get rid of sequence number from the MAC calculation. So
my MAC wouldnt depend on the sequence number now.
Basically, you're
a) adding a piece (8 bytes in TLS) of predictable data into the byte stream
sequence (making it a tiny bit easier for the symmetric key attack) and
b) adding additional several bytes to the overall length of the data record
(as opposed to have it melt into the fixed-size MAC).
To avoid replay attacks there are 2 options:
1. As it exists now. MAC would fail with duplicate packets.
2. Or if sequence number is made a part of the protocol and stripped of
the MAC calulation, I can verify and avoid duplicate packets from the
sequence number which could be made a part of the protocol data
(even though the MAC would succeed). This is just as the way TCP works.
If I'm wrong in any of these points please do correct me.
More or less true. But what are you really achieving by this besides
loosing several bytes by having to extend a record?
The protocol specifies that the MAC should be applied over unencrypted
message, than an encryption should proceed over the message and the MAC.
By having the sequence inside the data you're trying to make it closer
to the attacker while making a thing to take longer to encrypt (because
the message is longer).
Thanks again Lev for your quick reply.
-swami
On Wed, 19 Nov 2003, Lev Walkin wrote:
Swaminathan P wrote:
I have a question anout the use of sequence number as a part of the
input to the hash function during the MAC calculation. Does that security
concerns? Would the security aspects of theSSL be affected if the sequence
number is not used as a part of the input to the hash funtion for MAC
calculation?
Sequence number prevents replay attacks. Both sides of SSL communication
channel are keeping track of number of messages received. If somebody
has ability to inject a record into the SSL stream which is the same
as some other record observed on that stream, the sequence number melted
in a MAC will prevent the SSL machinery to treat this record as a valid one.
--
Lev Walkin
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Lev Walkin
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
