Join Log in
Score:1
Lee Seungwoo avatar Crypto

Man-in-the-Middle attack on challenge-response authentication protocols

ke flag
Lee Seungwoo

Say $B$ is a server and $A$ is a client who wants to login to the server, by proving herself to $B$. In challenge-response authentication protocols, $B$ sends challenge to $A$ and $A$ replies with response.

Here, I think all kinds of challenge-response authentication protocols are vulnerable to Man-in-the-Middle attack because if there is $E$ (who wants to login to the server, impersonating $A$) between $A$ and $B$ who relays the challenge(sent by $B$) to $A$, relays the response(sent by $A$) to $B$ and then gains access.

Is this Man-in-the-Middle attack possible? It seems to be safe if $A$ and $B$ exchange encrypted messages afterward, but it does not seem to be safe to give access to the entity authenticated using challenge-response. enter image description here

73
0 + 7
Richard Thiessen avatar
mx flag
Richard Thiessen
Challenge response is usually used to derive a shared key that secures future communications. Alice and Bob derive a key which Eve does not know and so while access has been granted, it's only been granted to Alice who has the correct key needed to authenticate future messages.
0
Reply
Marc Ilunga avatar
tr flag
Marc Ilunga
The question highlights the subtlety in defining authentication and relationship to session key establishment. I'll write a fuller answer later. But first, note that on its own the scenario is not an attack. Eve is just playing the role of a ethernet link between A and B. However, the consequences will indeed depend on what happens after. Another thing, the issue isn't simply mitigated with encryption. Indeed if the parties would just do a DH exchange after the authentication, the security isn't increased in any meaningful way.
0
Reply
Marc Ilunga avatar
tr flag
Marc Ilunga
That is why authenticated key exchange are carefully design to guarantee both entity authentication and session key authentication
0
Reply
Lee Seungwoo avatar
ke flag
Lee Seungwoo
@RichardThiessen I think, then, the protocol is not truly an 'authentication'. I think what Bob come to know in the protocol is that "There exists Alice somewhere, but I do not certain that I am directly talking to her." And as you said, after they derive a shared key, they can authenticate 'messages'. Is this right? I think I am not clear about the meaning of authentication.
0
Reply
Lee Seungwoo avatar
ke flag
Lee Seungwoo
@MarcIlunga "on its own the scenario is not an attack. Eve is just playing the role of a ethernet link between A and B" is somewhat clear, but at the same time somewhat confusing to me. If Eve comes to gain access, so she make use of that access to do something she couldn't, is it an attack?
0
Reply
Marc Ilunga avatar
tr flag
Marc Ilunga
@LeeSeungwoo, one way to clarify all of this is the following: the challenge response protocol is an identification protocol. The only security guarantee is that it should only succeed with the help of the legitimate user. The protocol is not meant to establish a secure session. "Eve can come again to make use of the access" only if the application makes the mistakenly thinks that there's a secure session established after this protocol. This issue is solved using a secure authenticated key exchange to establish a secure session and authenticate the parti(es).
1
Reply
Lee Seungwoo avatar
ke flag
Lee Seungwoo
@MarcIlunga "The protocol is not meant to establish a secure session" is the statement that I was searching for. To summarize, the protocol is to identify an entity and does not necessarily establish a secure session. Thank you so much !
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.