[cryptography] Reflection Attacks in Challenge/Response Protocols

[Jeffrey Walton]

Hi All,

When a symmetric key based challenge response is used, an attacker can
perform a reflection attack by starting a second instance of a
protocol and having the server answer its own questions.

To guard against the attack, is it sufficient to ensure all challenges
sent from server to client are equal to 1 mod 2; and all client to
server challenges are equal to 0 mod 2? Is it enough to break the
symmetry?

Jeff
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Reflection Attacks in Challenge/Response Protocols

[Natanael]

The client and the server shouldn't both generate responses exactly the
same way with the same key, no. If you use HMAC, I think including a simple
identifier would be good enough.  Something like this: HMAC(key, device ID
+ counter + timestamp), where the server and client has different IDs.
Den 24 aug 2013 09:32 skrev Jeffrey Walton noloa...@gmail.com:

 Hi All,

 When a symmetric key based challenge response is used, an attacker can
 perform a reflection attack by starting a second instance of a
 protocol and having the server answer its own questions.

 To guard against the attack, is it sufficient to ensure all challenges
 sent from server to client are equal to 1 mod 2; and all client to
 server challenges are equal to 0 mod 2? Is it enough to break the
 symmetry?

 Jeff
 ___
 cryptography mailing list
 cryptography@randombit.net
 http://lists.randombit.net/mailman/listinfo/cryptography

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography