An attacker can abuse an authentication protocol susceptible to reflection
attack in order to defeat it. Doing so allows the attacker illegitimate
access to the target system, without possessing the requisite
credentials.
Reflection attacks are of great concern to authentication protocols that
rely on a challenge-handshake or similar mechanism. An attacker can
impersonate a legitimate user and can gain illegitimate access to the system
by successfully mounting a reflection attack during authentication.
Attack Execution Flow
The attacker opens a connection to the target
server and sends it a challenge
The server responds by returning the challenge
encrypted with a shared secret as well as its own
challenge to the attacker
Since the attacker does not possess the shared
secret, he initiates a second connection to the
server and sends it, as challenge, the challenge
received from the server on the first
connection
The server treats this as just another handshake
and responds by encrypting the challenge and issuing
its own to the attacker
The attacker now receives the encrypted challenge
on the second connection and sends it as response to
the server on the first connection, thereby
successfully completing the handshake and
authenticating to the server.
Attack Prerequisites
The attacker must have direct access to the target server in order to
successfully mount a reflection attack. An intermediate entity, such as a
router or proxy, that handles these exchanges on behalf of the attacker
inhibits the attacker's ability to attack the authentication
protocol.
Typical Likelihood of Exploit
Likelihood: High
Authentication is usually used as a means to identify and grant access to
the user. If the authentication protocol can be defeated, in this instance
by a reflection attack, authentication serves no purpose in identifying the
legitimate users of the system from the ilegitimate ones
Methods of Attack
Protocol Manipulation
Spoofing
Examples-Instances
Description
A single sign-on solution for a network uses a fixed pre-shared key
with its clients to initiate the sign-on process in order to avoid
eavesdropping on the initial exchanges.
An attacker can use a reflection attack to mimic a trusted client on
the network to participate in the sign-on exchange.
Attacker Skills or Knowledge Required
Skill or Knowledge Level: Medium
The attacker needs to have knowledge of observing the protocol
exchange and managing the required connections in order to issue and
respond to challenges
Resources Required
All that the attacker requires is a means to observe and understand the
protocol exchanges in order to reflect the challenges appropriately.
Solutions and Mitigations
The server must initiate the handshake by issuing the challenge. This
ensures that the client has to respond before the exchange can move any
further
The use of HMAC to hash the response from the server can also be used to
thwart reflection. The server responds by returning its own challenge as
well as hashing the client's challenge, its own challenge and the preshared
secret. Requiring the client to respond with the HMAC of the two challenges
ensures that only the possessor of a valid preshared secret can successfully
hash in the two values.
Introducing a random nonce with each new connection ensures that the
attacker can not employ two connections to attack the authentication
protocol
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
