Project

General

Profile

Actions

Feature #5177

open

Command interest replay detection by (timestamp, nonce)-tuples

Added by Philipp Moll over 2 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

In order to prevent replay attacks of command interests, the current command interest verification implementation does not allow command interests having the same timestamp. The current ndn-cxx signing-side implementation overcomes this restriction by simply increasing the timestamp of consecutively emitted command issues. This prevents replay attacks, but could ultimately lead to sending command interests with a future timestamp. Also, third-party libraries, such as NDN-IND, do not include this logic, which leads to errors if multiple command interests per millisecond are sent.

Overcoming this issue is possible by using the command interest timestamp in combination with its nonce as random value. To prevent replay attacks, tuples of (timestamp, nonce) need to be unique.

A discussion on the Named Data Networking 's Slack channel suggested the following implementation:
1) The CommandInterestValidator maintains a list (configurable size) of received nonce values.
2) A (valid) incoming command interest's nonce is stored in the nonce list
2.1) If another command interest with the same timestamp arrives, its nonce is checked against the nonce list: if the nonce is new, it is added to the nonce list; an already known nonce indicates a replay attack, the command interest is dropped.
2.2) If another command interest with a newer timestamp arrives, the nonce list is reset and the arriving interest's nonce is added to the nonce list.

Actions #1

Updated by Davide Pesavento over 2 years ago

  • Project changed from NFD to ndn-cxx
  • Category set to Security
  • Start date deleted (07/27/2021)
Actions #2

Updated by Davide Pesavento over 2 years ago

  • Tags set to security
  • Description updated (diff)
Actions #3

Updated by Junxiao Shi about 2 years ago

The processing logic of SigTime+SigNonce is dictated by the protocol.
If changing the implementation, the protocol must be updated too.

Actions

Also available in: Atom PDF