Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

(Computer Networks) A \"replay\" attack in the authentication using passwords is

ID: 3776696 • Letter: #

Question

(Computer Networks) A "replay" attack in the authentication using passwords is defined as the attack by an eavesdropper who can overhear the transmitted password.

A "replay" attack in the authentication using passwords is defined as the attack by an eavesdropper who can overhear the transmitted password. The eavesdropper can later disguise as the original sender by simply retransmitting the stored password. For example, suppose Alice wants to authenticate herself to a server, and transmits her secret password A to the server in order to log in. Eve, the eavesdropper, overhears password A, then saves A to her memory. Later, Eve simply uses the stored password A to the server, and get authenticated as Alice. The server does not know true identity of Eve. One mechanism for resisting replay attacks in password authentication is to use one-time passwords: A list of passwords is prepared, and once password[N] has been accepted, the server decrements N and prompts for password[N- 1] next time. At N = 0 a new list is needed. Outline a mechanism by which the user and server need only remember one master password mp and have available locally a way to compute password[N] = f(mp, N).

Explanation / Answer

Here given that password[N] is used for resisting replay attacks in password authentication. Here the password[N] can be selected from sequence of numbers. password[N] was calculated based on the function f(mp,N) and once it is generated the server decrements N and prompts for password[N-1] .

Consider that function used to calculate password[N] can be F based on the algorithm used. Now consider the value of password[N] considered,

password[N]=g^N(mp) // this means g applied N times to mp

and based on this we can predict that

password[N-1]=(g^N-1 )*mp

so based on the above password[N-1] equation one can predict that value od password[N-1] cannot be predicted by knowing the value of password[N]. This is because the function used will be randomized and results in different values for even sequence inputs. Function implemented and master password are only the factors that are used to compute password[N-1]

Related Questions

(Choose all the correct answers, Note that points are deducted for each wrong an
Question #3202555
(Choose best ansr) (A) Pin/roller supports resist ____________________. rotation
Question #1860288
(Choose one) * As a marketing manager, you would want to emphasize your points-o
Question #328467
(Choose true or false). An operating system (OS) provides a convenient interface
Question #3828685
(Choosing financial targets) Bixton Company’s new chief financial officer is eva
Question #2668047
(Choosing financial targets) Bixton Company’s new chief financial officer is eva
Question #2673612
(Choosing financial targets) Simplicity Company is evaluating their capital stru
Question #2672159
(Cick the con to view the T accounts) (a) Foot and ines If a box is not used in
Question #2607834

Navigate

Previous
(Computer Networks) (ARP) Suppose an Ethernet host whose network parameters are
Next
(Computer Networks) Suppose Alice and Bob want to play poker over the network. S

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.