Denning-Sacco Attack

• Assumes that the attacker has recorded a previous session, and compromised the connection key Kx used in that one.

  A -> B: {Kx, A}Kb attacker replayed old message
  
  B -> A: {Nb}Kx
  A -> B: {Nb-1}Kx forged by attacker

• B now believes he shares a fresh secret key Kx with A.

• Denning-Sacco moral: use a timestamp (calendar clock value) to detect replay of old messages.

Previous slide

Next slide

Back to first slide

View graphic version