Project

General

Profile

Feature #5177

Updated by Davide Pesavento over 3 years ago

In order to prevent replay attacks of command interests, the current command interest verification implementation does not allow command interests having the same timestamp. The current ndn-cxx signing-side implementation overcomes this restriction limitation by simply increasing the timestamp of consecutively emitted command issues. This prevents replay attacks, but could ultimately lead to sending command interests with a future timestamp. Also, third-party libraries, such as NDN-IND, do not include this logic, tweak, which leads to errors if multiple command interests per millisecond are sent. 

 Overcoming this issue is possible by using the command interest timestamp in combination with its it's nonce as random value. To prevent replay attacks, tuples of `(timestamp, nonce)` need to be unique. 

 A discussion on the *Named Data Networking* 's Slack channel suggested the following implementation: 
 1) The CommandInterestValidator maintains a list (configurable size) of for received nonce values. 
 2) A (valid) An incoming command interest's nonce is stored in the nonce list 
 2.1) If another a new command interest with the same timestamp arrives, its the nonce is checked against the nonce list: if the nonce is new, it is added to the nonce list; an a already known nonce indicates a replay attack, the command interest is dropped. 
 2.2) If another a new command interest with a newer timestamp arrives, the nonce list is reset and reset, the arriving interest's nonce is added to the nonce list. 

Back