In
computer security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
, a reflection attack is a method of attacking a
challenge–response authentication
In computer security, challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authentication, authenticated.
The simplest exa ...
system that uses the same
protocol
Protocol may refer to:
Sociology and politics
* Protocol (politics)
Protocol originally (in Late Middle English, c. 15th century) meant the minutes or logbook taken at a meeting, upon which an agreement was based. The term now commonly refers to ...
in both directions. That is, the same challenge–response protocol is used by each side to
authenticate
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating ...
the other side. The essential idea of the attack is to trick the target into providing the answer to its own challenge.
Attack
The general attack outline is as follows:
# The attacker initiates a connection to a target.
# The target attempts to authenticate the attacker by sending it a challenge.
# The attacker opens another connection to the target, and sends the target this challenge as its own.
# The target responds to the challenge.
# The attacker sends that response back to the target on the original connection.
If the authentication protocol is not carefully designed, the target will accept that response as valid, thereby leaving the attacker with one fully authenticated channel connection (the other one is simply abandoned).
Solution
Some of the most common solutions to this attack are described below:
* The responder sends its identifier within the response so, if it receives a response that has its identifier in it, it can reject it.
Ross J. Anderson
Ross John Anderson (15 September 1956 – 28 March 2024) was a British researcher, author, and industry consultant in security engineering. He was Professor of Security Engineering at the Department of Computer Science and Technology, Universi ...
: Security Engineering: A Guide to Building Dependable Distributed Systems
/cite>, 1st edition, page 21,
# Alice initiates a connection to Bob.
# Bob challenges Alice by sending a
nonce ''N''.
# Alice responds by sending back the MAC calculated on her identifier and the nonce using the shared key ''K''
ab.
# Bob checks the message and verifies the MAC, making sure it is from Alice and not a message he had sent in the past by making sure that it verifies with A and not B, and on the nonce which is the same as the one he sent in his challenge, then he accepts the message.
* Require the initiating party to first respond to challenges before the target party responds to its challenges.
* Require the key or protocol to be different between the two directions.
See also
*
Replay attack
A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...
*
Man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...
*
Pass the hash
In computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext passw ...
References
{{reflist
Computer security exploits
Computer access control protocols