Problem 1
Sync cookies are used to prevent Denial of Service (DoS) and Distributed Denial of Service Attacks (DDoS). The timestamp serves two major functions in sync cookies. For one, it use for checking the freshness of a client’s request to server. A server can then determine if the request is recent and allow the connection or it can determine that the request is stale and refuse the connection.
Secondly, the timestamp is useful in ensuring that the cryptographic hash that is generated is unique. This is important since it helps in preventing spoofing attacks and protects against spoofed packets. Specifically, from the equation s = HK (IPsrv ; PORTsrv ; IPcli ; PORTcli), then the hash generated would be the same provided the IP addresses and port numbers of the server and client are the same, which lends itself to spoofing attacks. By introduction a timestamp, each generated hash will be different after some time.
Problem 2
The Needham-Schroeder protocol is susceptible to replay attacks. For example, if the session key KAB has been compromised, then the attacker C can convince the communicating parties to believe they are in contact with each other. This enables the attacker to replay the message {KAB,A}KBS to Bob. Bob then replies with {Nb}KAB to C and C replies with {Nb-1}KAB, after which Bob assumes they are in contact with Alice.
By introducing a timestamp in the creation of the session key, then the session key will change once the communicating parties A and B are done. This means even if an attacker compromises the session key, then it will be impossible to use a replay attack since the session key will have expired.
Problem 3
The random numbers N1 and N2 are used for authentication. Since A uses B’s public key to encrypt N1 then if B replies with the correct N1, A can be sure that they are actually in communication with B since only B has the required private key to decrypt the number correctly. Similarly, B sends the random number N2 encrypted with A’s public key and the number can only be correctly decrypted using A’s private key and thus B can be sure that they are actually talking to B since only B has the required private key to decrypt N2.
The protocol is susceptible to a man-in-the-middle attack since if an attacker C can convince the communicating parties that they are the other party. The attack runs as follows:
A send N1 to C for authentication purposes. C then forwards the message to B impersonating A. B will then sends their message N2 to C thinking they are communicating with A. C then forwards the message to A. A will then decrypt it and acknowledges the correctness of N1 and N2. The attacker C then encrypts N2 again and forwards it to B, making B believe that C decrypted it. This results in B being convinced that they are in communication with A.
bbbb