[Nfd-dev] Signed Interest processing: alternate to stop-and-wait
Junxiao Shi
shijunxiao at email.arizona.edu
Fri Feb 20 21:11:23 PST 2015
Hi Lan
The replay attack scenario requires the attacker to have the ability to
block the transmission of an earlier command.
1. An legit client sends command "1. set light to red".
2. Attacker in the middle intercepts this command, and prevents it from
being delivered to the light.
3. The legit client sends command "2. set light to green".
4. Attacker forwards this command to the light.
5. Attacker sends the command intercepted in step 2 to the light.
Yours, Junxiao
On Tue, Feb 17, 2015 at 1:07 PM, Lan Wang (lanwang) <lanwang at memphis.edu>
wrote:
>
> A sliding window based validation procedure could be: a signed Interest is
> accepted if its timestamp is greater than (latestTimestamp - windowSize),
> and it hasn't been accepted previously.
>
> If you always check "it hasn't been accepted previously.", how can an
> attacker replay it (below)?
>
> The risk is: an attacker can intercept (and block the transmission of) an
> earlier command, and replay it later.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150220/7b85c819/attachment.html>
More information about the Nfd-dev
mailing list