[Cryptography] Some protection against replay attacks

Faré fahree at gmail.com
Mon Sep 9 19:51:25 EDT 2013


Reading about several attacks based on partial message replay, I was
wondering if the following idea had any worth, or maybe was already
widely used (sorry, I'm way behind in the literature):

"the actual symmetric key to be used to encrypt the payload is the
hash of the shared secret, the time, and other public data."

Optionally, "other public data" can include information identifying
the two parties, to make active attacks harder, as well as nonces sent
by either or both parties, and sequential numbers preventing reuse
within the window, etc.

This means that protocol attacks are now restricted to a smaller
window (say, TCP timeout of 5 minute), in either the time range that
active attacks can be conducted, or that the passive data can be
decrypted. i.e. that's automated rekeying, in a way that almost
guarantees the same key is never used twice.

Depending on the protocol, the server can be trusted to broadcast and
communicate its time with some coarse grain, and the client just uses
its NTP time as a guess. The server can accept the proposed client's
time if within an acceptable window, or override it with its time,
that the client can deny if in paranoid mode — in which case there is
a DoS attack possible if NTP is subverted.

—♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org
Reason isn't about not having prejudices,
it's about having (appropriate) postjudices. — Faré


More information about the cryptography mailing list