Off-Path Hacking: The Illusion of Challenge-Response Authentication

Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use e...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2013-05
Main Authors: Gilad, Yossi, Herzberg, Amir, Shulman, Haya
Format: Article
Language:English
Subjects:
Caching
Cryptography
Cybersecurity
Foils
IP (Internet Protocol)
Protocol (computers)
TCP (protocol)
Virtual private networks
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use existing `unpredictable' header fields to protect widely-deployed protocols such as TCP and DNS. We argue that this practice may often only give an illusion of security. We present recent off-path TCP injection and DNS poisoning attacks, enabling attackers to circumvent existing challenge-response defenses. Both TCP and DNS attacks are non-trivial, yet very efficient and practical. The attacks foil widely deployed security mechanisms, such as the Same Origin Policy, and allow a wide range of exploits, e.g., long-term caching of malicious objects and scripts. We hope that this article will motivate adoption of cryptographic mechanisms such as SSL/TLS, IPsec and DNSSEC, and of correct, secure challenge-response mechanisms.
ISSN:2331-8422