Reflection attack

Reflection attack

:otheruses4|the attack on authentication systems|the denial of service attack|Distributed Reflection Denial of Service

A reflection attack is a method of attacking a challenge-response authentication system that uses the same protocol in both directions. That is, the same challenge-response protocol is used by each side to authenticate the other side. The essential idea of the attack is to trick the target into providing the answer to its own challenge. ["Computer Networks" by Andrew S. Tanenbaum, 4th edition, ISBN 0-13-038488-7, pages 787-790.]

Attack

The general attack outline is as follows:

# The attacker initiates a connection to a target.
# The target attempts to authenticate the attacker by sending it a challenge.
# The attacker opens another connection to the target, and sends the target this challenge as its own.
# The target responds to the challenge.
# The attacker sends that response back to the target on the original connection.

If the authentication protocol is not carefully designed, the target will accept that response as valid, thereby leaving the attacker with one fully-authenticated channel connection (the other one is simply abandoned).

Solution

Some of the most common solutions to this attack are described below:

* The responder sends its identifier within the response so, if it receives a response that has its identifier in it, it can reject it. [Ross J. Anderson: [http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems] , 1st edition, page 21, ISBN 0-471-38922-6]
# Alice initiates a connection to Bob
# Bob challenges Alice by sending a nonce. B -> A: N
# Alice responds by sending back her identifier and the nonce encrypted using the shared key Kab. A --> B: {A, N}Kab
# Bob decrypts the message, makes sure its from Alice and not a message he had sent in the past by finding A in it and not B and if the nonce is the same with the one he sent in his challenge then he accepts the message.
* Require the initiating party to first respond to challenges before the target party responds to its challenges.
* Require the key or protocol to be different between the two directions.

ee also

* Replay attack
* Man-in-the-middle attack

References


Wikimedia Foundation. 2010.

См. также в других словарях:

  • reflection — *animadversion, stricture, aspersion Analogous words: imputing or imputation, ascribing or ascription (see corresponding verbs at ASCRIBE): criticizing or criticism, reprehending or reprehension, blaming or blame (see corresponding verbs at… …   New Dictionary of Synonyms

  • reflection — Synonyms and related words: CRT spot, DM display, Doppler signal, IF signal, IM display, Parthian shot, RF echoes, S curve, action and reaction, address, adumbration, adverse criticism, advisement, affirmation, albedo, allegation, animadversion,… …   Moby Thesaurus

  • Massive Attack — en concert (2006) Pays d’origine …   Wikipédia en Français

  • Liste Des Morceaux De Massive Attack — Discographie de Massive Attack Cet article présente une discographie la plus exhaustive possible du groupe Massive Attack. Sommaire 1 Discographie 1.1 Albums 1.2 Singles et EPs 1.3 Vidéos …   Wikipédia en Français

  • Liste des morceaux de Massive Attack — Discographie de Massive Attack Cet article présente une discographie la plus exhaustive possible du groupe Massive Attack. Sommaire 1 Discographie 1.1 Albums 1.2 Singles et EPs 1.3 Vidéos …   Wikipédia en Français

  • Liste des morceaux de massive attack — Discographie de Massive Attack Cet article présente une discographie la plus exhaustive possible du groupe Massive Attack. Sommaire 1 Discographie 1.1 Albums 1.2 Singles et EPs 1.3 Vidéos …   Wikipédia en Français

  • Discographie de Massive Attack — Cet article présente une discographie la plus exhaustive possible du groupe Massive Attack. Sommaire 1 Discographie 1.1 Albums 1.2 Singles et EP 1.3 Vidéos …   Wikipédia en Français

  • Chain of Attack —   …   Wikipedia

  • The Attack — Datos generales Origen Londres, Reino Unido Información artística Género(s) Rock psicodélico …   Wikipedia Español

  • French attack on the Vaudois (1686) — The French attack against the Vaudois was a systematic military campaign in 1686 ordered by Louis XIV against a small Protestant community across the French border in Piedmont. As a result of the campaign, the Vaudois were expelled from their… …   Wikipedia


Поделиться ссылкой на выделенное

Прямая ссылка:
Нажмите правой клавишей мыши и выберите «Копировать ссылку»